RE: Firewall setting

["legend" <fukudam@example.com>]

First of all, let me say thank you, Mr. Q and Mr. Stone,
for your prompt replies with very helpful information.

> During the install, Red Hat 7.1 gives you a choice
> of no firewalling, medium security firewalling, or
> maximum security firewalling.
Yes, I remember this very well. I thought it was a
good thing for users, that RedHat is giving an option
to have firewall by default (for obvious reasons).

I remeber putting a medium security level, but never
bothered to customize the specific ports at installation
time cuz I thought I could change it later. And I guess
the problem was that I had no idea how I was supposed
to customize it later...  (^^;;

> You can find your current rules in /etc/sysconfig/ipchains.
> You can find an ipchains howto in /usr/share/doc/ipchains-1.3.10.
> There is also a GUI config tool called firewall-config
Yes, I checked it and found out that all the ports between
0 and 1024 were blocked for incoming accesses.
To be sure, I changed the default port of apache from
80 to 7000, and voir la, it works! I could access the
apache server from other computers.

So now I knew for sure that the firewall config was
the cause (or more like my ignorance). I actually
downloaded rpm for firewall-config to configure the
firewall setting, but I guess it was not intuitive enough
for me to use. First of all, the previous settings don't
show up in the interface just as you wrote:
> noted is that if I run it, it does not seem to load my
> existing /etc/sysconfig/ipchains file, yet the help from
I was hoping that I could just modify whatever was in
/etc/sysconfig/ipchains to fix the problem.

Anyways, soon enough I realized that
/etc/sysconfig/ipchains was originally configured with
/usr/sbin/lokkit (the first line of ipchains says that the
file was written by lokkit). So I used lokkit to change
the setting. It's exactly the same interface as the one
you encounter in the installation process. Very easy
to handle. I just chose the ports that I wanted to be
accessible (ssh, web server, ftp).. and it's all done.

Again, thanks a lot. I needed to demo some network-
related program tomorrow, and I was gonna use my
laptop to do that... (no use if it wasn't accessible from
other computers, right?)

> Before I get answer, please start a new thread when
> changing topics, don't just change the subject.  For
> those with email clients that do threading, it creates
> an ugly mess if you don't.
And I'm sorry about messing up the thread. When I
hit reply, it showed tlug@example.com at TO: field,
so I assumed it would create a new thread if I just
changed the subject of the e-mail. My bad, I'll be
careful next time.

-mune


P.S.   Do you mind if I forward your replies to other
people who have similar problems? I've actually posted
my question to my school's Linux user group. And I
haven't got really useful info. Someone also replied to
me saying that he has exactly the same problem.

#    I just setup a 7.1 system and I have the same problem.  I can access
the
# box from itself  i.e. ssh me works fine but from any other system it's no
# go.  I've checked daemons, hosts.allow, hosts.deny, xinetd, emailed
redhat,
# and asked around but have no answer yet.  Please let me know if you solve
# this.  I solved it by re-installing 7.0.
#
# Todd