[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Default iptables?





Joseph Bishay wrote:
Hello,

Since I'm remote from the server and only have SSH access I can follow
your instructions on service iptables stop but is there a way to test
if a terminal boots remotely?

Speaking from experience - you may not want to muck around with iptables remotely. When you break it you will have to go down and visit the console. In this case, I would reboot the server (I know Linux doesn't really need to be rebooted except in certain situations, but this way you know exactly what is running when it comes back up) Then check iptables -L to see what the rules are, verify that you have forwarding on
cat /proc/sys/net/ipv4/ip_forward
should output "1"
or
sysctl net.ipv4.ip_forward
should output net.ipv4.ip_forward = 1

And last I would make sure that the interfaces are truly up.
ifconfig eth0, ifconfig eth1, etc. and see if you can ping at least one hop out from the interface on the server.

The other thing - are you sure you got everything plugged back in right?


The other part of your instructions that makes me a bit nervous is the
'start adding ports that need to come in from the internet and to
clients."  I have no idea what ports are needed or aren't needed :)  I
assume you're suppose to let everything in and out on the thin client
network card, but on the Internet-facing NIC is there a standard "let
these through, don't let those through" list?

Thank you
Joseph

On Sat, Mar 21, 2009 at 11:22 AM, Barry R Cisna <brcisna eazylivin net> wrote:
Hi Joseph,

>From what I understand you can not get any TC's to boot up correctly
now? First do an 'service iptables stop' , as root. This will stop
iptables altogether. Boot a couple TC's now and make sure your TC's are
at least able to boot up correctly at this point.
 After you make sure they will boot Ok here.next a good thing to do is
install Webmin,on your server and drill to "Network> Linux firewall" in
Webmin. Select the one option of default to reject all, this option
builds a nice firewall for the server that will work nicely with
k12ltsp/k12linux,then start adding ports that needs to come in from the
internet and to clients. This will take a lot of the error prone-ness
out of setting up iptables. Voice of experience talking here :-)
Make sure after this you start the 'iptables-k12ltsp'if this is setup on
the server?. to allow all traffic as trusted to the TC's side of your
network
You should be golden at this point!

Take Care,
Barry



_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]