Results 1 to 8 of 8
  1. #1
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Firewall access problems on RH7.1

    Hey guys - hoping someone can point me in the right direction here.

    I have a RH7.1 workstation that I want to be able to open SSH access to from an IP range.

    So, being a linux newbie, I spent the weekend learning all about iptables on my experimental RH9 installation to the point where I can now configure a firewall completely from scratch

    SSH is working fine on the machine for access from the internal lan, but I want to open access to my home dial-in.

    However, my RH7.1 workstation doesn't appear to be using iptables. Below is the output when I query iptables:

    ------------------------------
    # iptables -L -v
    /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
    Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
    /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
    /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
    iptables v1.2.1a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    ------------------------------

    Some form of firewalling is present, but not iptables?

    Can someone please point me in the right direction,

    Thanks,

    Ned

  2. #2
    Joined
    May 2000
    Location
    Paris, France
    Posts
    5,298
    I guess the kernel is too old for iptable, it should use ipchains.
    Last edited by OldFrog; 05-19-2003 at 09:04 AM.

  3. #3
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229
    OK. The book I have says iptables is supported in RH 7.0 upwards (kernel 2.4.0 up) but it may be wrong. Perhaps iptables support is not compiled into the kernel my box is using or something.

    Anyway, I'll go away and read up on ipchains now and see if that helps me

    Thanks OF,

    Ned

  4. #4
    Joined
    May 2000
    Location
    Paris, France
    Posts
    5,298
    Stupid question : maybe you need to install an iptablexxx-rpm for rh 7.1 ?
    That's the way for Mandrake at least, for the needed command and libs.

  5. #5
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229
    ^^ could be.

    I looked at ipchains, and all chains are set to ACCEPT with no other rules so I'm not being blocked there (I think I'll need to edit/tighten some of these)

    If I do:

    K-menu/System/Network Configuration

    I get the Network Configurator applet. Adding an IP address to the 'Hosts' tab allows access from that IP address - all others are blocked. This appears to be how the system is blocking access.

    There is no help button for this applet, and I don't know what the underlying mechanism that it's using is. I wonder if it will accept IP ranges in the hosts column in the format of, for example, '192.168.0.' or something to give me access from a subnet range.

    Anyone got any ideas?

    Ned

  6. #6
    Joined
    Sep 2001
    Posts
    283
    I think it might be worth your time to get
    iptables working, as ipchains is obsolete.
    Windows at work, because I HAVE to.
    Linux at home, because I WANT to.

  7. #7
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229
    Originally posted by HombrePeligroso
    I think it might be worth your time to get
    iptables working, as ipchains is obsolete.
    I'm not responsible for the underlying security of this machine - it's a workstation at work, but I will at least introduce some tighter rules.

    Anyway, I still don't know what the underlying protocol that's blocking me access is

    Ned

  8. #8
    Joined
    Sep 2001
    Posts
    283
    Originally posted by Ned Slider
    I'm not responsible for the underlying security of this machine - it's a workstation at work, but I will at least introduce some tighter rules.

    Anyway, I still don't know what the underlying protocol that's blocking me access is

    Ned
    Are you sure your company isn't blocking
    external access to port 22 via their
    company-wide firewall? Also, check
    if your ISP or your company's ISP is
    blocking access.
    Last edited by HombrePeligroso; 05-20-2003 at 07:26 PM.
    Windows at work, because I HAVE to.
    Linux at home, because I WANT to.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •