On 07/30/2014 01:44 AM, Frank Kirschner wrote:
> Lloyd,
>
> hmm, it's senseless doubled but please can you try out what happens if you
> add on 1st line:
>
> # /sbin/iptables -I INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> # /sbin/service iptables save
Frank,
I can try it, but I'm not sure what you're expecting to see. I have a
working setup, so without understanding what you're expecting to happen,
I'm not sure what to look for.
And there is already this one in the stock setup:
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
While it's not exactly the same, the only difference would be the "NEW"
flag. I'm not sure what benefit that would be, other than accepting all
new connections (if I'm understanding the flag correctly). While this
would probably work for at least some of the stuff I'm doing, it seems
excessively open. I could also flush all the tables (iptables -F), and
get it working, but it doesn't mean I want to leave my server quite so
open and unprotected.
>
> Do you have any OUTPUT rules in your iptables set?
Nope. I've checked all 4 tables (raw, mangle, nat, filter) that I can
find that have an OUTPUT chain, and there doesn't seem to be anything in
any of them. I certainly hadn't done it on purpose, and it doesn't seem
to be a part of the stock RHEL setup.
> After disabeling SeLINUX do you have reboot the system?
Yes. You do need to reboot to disable SELinux. And I did. And it
didn't have any effect, as far as I could tell.
>
> hope that helps,
> best regards
> Frank
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|