Re: having problems with getting ports open through firewall

[Nigel Wade <nmw@xxxxxxxxxxxx>]

Scott Berry wrote:
> Woops sorry should have been eth0.
>
> Scott
>
>   ----- Original Message ----- 
>   From: Scott Berry 
>   To: For users of Fedora 
>   Sent: Monday, May 21, 2007 1:39 PM
>   Subject: having problems with getting ports open through firewall
>
>
>   Hello there,
>
>   I would like to have all ports open on eth-.  How would one go about this through system-config-securitylevel-tui?  Here is what my ifconfig reads.
>
>   eth0      Link encap:Ethernet  HWaddr 00:10:5A:98:7C:E9                                          
>             UP BROADCAST MULTICAST  MTU:1500  Metric:1                                             
>             RX packets:0 errors:0 dropped:0 overruns:0 frame:0                                     
>             TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                                   
>             collisions:0 txqueuelen:1000                                                           
>             RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)                                                 
>             Interrupt:11 Base address:0xec00                                                       
>                                                                                                    
>   eth1      Link encap:Ethernet  HWaddr 00:06:5B:16:93:37                                          
>             inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0                       
>             inet6 addr: fe80::206:5bff:fe16:9337/64 Scope:Link                                     
>             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                                     
>             RX packets:14499 errors:0 dropped:0 overruns:1 frame:0                                 
>             TX packets:6139 errors:0 dropped:0 overruns:0 carrier:0                                
>             collisions:0 txqueuelen:1000                                                           
>             RX bytes:5165422 (4.9 MiB)  TX bytes:1712329 (1.6 MiB)                                 
>             Interrupt:11 Base address:0xc800                                                       
>                                                                                                    
>   lo        Link encap:Local Loopback                                                              
>             inet addr:127.0.0.1  Mask:255.0.0.0                                                    
>             inet6 addr: ::1/128 Scope:Host                                                         
>             UP LOOPBACK RUNNING  MTU:16436  Metric:1                                               
>             RX packets:2284 errors:0 dropped:0 overruns:0 frame:0                                  
>             TX packets:2284 errors:0 dropped:0 overruns:0 carrier:0                                
>             collisions:0 txqueuelen:0                                                              
>             RX bytes:3238776 (3.0 MiB)  TX bytes:3238776 (3.0 

I don't think you can achieve this using 
system-config-securitylevel-tui. It just doesn't have the flexibility to 
handle this kind of configuration. These rules will do what you want:

iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -i eth0 -j ACCEPT

should allows any packet incoming or outgoing via eth0 to be accepted 
(unless a previous rule explicitly blocks the packet). However, since 
eth0 has no IP address and is not in promiscuous mode, what packets are 
you expecting to see on that interface?

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@xxxxxxxxxxxx
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555