IPTables doesn't restart
Ed Greshko
Ed.Greshko at greshko.com
Wed Dec 8 00:46:31 UTC 2004
Nathaniel Hall wrote:
> I am running an RHAS3 firewall with IPTables. When I restart IPTables,
> I get kicked out of my SSH session and everybody around campus gets
> kicked out of telnet. Once I have been kicked out, I cannot re-login
> via SSH.
FWIW, I believe that is the "expected" behavior. That is shutting down
IP tables on a firewall closes the drawbridge tight.
I prefer to use shorewall for management of my firewall. It has a
feature called "routestopped" that keeps a route open to specific IP's
when the firewall is shutdown. This allows you to maintain access from
a remote location to do maintenance.
Regards,
Ed
Oh, just in case you are interested... http://www.shorewall.net
>
> When I get to the local console of the firewall, I am able to login with
> no prob and restart IPTables with all succeeds and everything goes back
> to normal. I took a look at /var/log/messages and here is what I get:
>
> /Start of IPTables restart/
> Dec 7 14:58:44 cs-fw iptables: succeeded
> Dec 7 14:58:44 cs-fw last message repeated 2 times
> Dec 7 14:58:44 cs-fw sshd(pam_unix)[21325]: session closed for user
> root
> Dec 7 15:03:29 cs-fw login(pam_unix)[16534]: session opened for user
> root by LOGIN(uid=0)
> Dec 7 15:03:29 cs-fw -- root[16534]: ROOT LOGIN ON tty1
> Dec 7 15:03:32 cs-fw kernel: ip_tables: (C) 2000-2002 Netfilter core
> team
> Dec 7 15:03:32 cs-fw kernel: ip_conntrack version 2.1 (8191 buckets,
> 65528 max) - 304 bytes per conntrack
> Dec 7 15:03:32 cs-fw iptables: succeeded
> Dec 7 15:03:32 cs-fw iptables: succeeded
> /End of second IPTables restart/
>
> Any ideas?
>
--
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."
--Ford Prefect in "Mostly Harmless".
More information about the redhat-list
mailing list