SSH hank attempts… bad?

Michael L Torrie torriem at chem.byu.edu
Wed Apr 12 09:59:47 MDT 2006


On Wed, 2006-04-12 at 09:52 -0600, Wade Preston Shearer wrote:
> > Has a similar command worked for you in the past?
> 
> No, this is my first time trying.
> 
> > While it is impossible to be sure without knowing more about your  
> > firewall, I'm fairly certain that is not what you want. You'll  
> > probably have more luck with something like
> 
> That didn't work either. Not until my friend edited /etc/sysconfig/ 
> iptables manually and restarted the service did it work.

That would have worked had you either edited the /etc/sysconfig/iptables
file and added those lines to it, or ran those lines
using /sbin/iptables.

> 
> Are you not supposed to edit /etc/sysconfig/iptables manually? A  
> comment at the top of the file says it's not recommended.

Well usually Redhat's firewall configuration program manipulates this
file.  Also for anything more than the simplest of firewalls, you'll
want to write a script to create your firewall for you.  A script can
handle dynamic ip addresses (using the fast SNAT instead of MASQ
targets) and deal with more complicated things like nfs.

On most of my computers, setting up static rules
in /etc/sysconfig/iptables is fine.  I never use redhat's tool because
it is too simple, so I don't worry about modifying it directly. For my
router, however, I use a bash script.

Michael

>  /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */




More information about the PLUG mailing list