Firewall problem: Only works on a restart.
Steven W. Orr
email hidden
Wed Feb 25 19:47:13 CET 2009
On Wednesday, Feb 25th 2009 at 08:14 -0000, quoth postmaster:
=>Check /proc/sys/net/ipv4/ip_forward. before restarting fiaif. It should
=>have a value of 1.
=>(Or do a /etc/init.d/fiaif test- If forwarding is disabled, it will be
=>noted as an error).
=>
=>Fiaif sets this if it sees that it is not set, so my guess is that Fedora 10 sets it back to 0 after the firewall has been started.
=>
=>Restarting the firewall of course fixes the problem.
=>
=>Regards
=>Anders Fugmann
Thanks. That fixed it. It turns out that in fedora the network service
shuts it off when the network is started by running the sysctl.conf. Then
when the firewall is restarted, the setting sticks. :-(
=>
=>Steven W. Orr wrote:
=>> I'm running fiaif-1.21.1-0.1.noarch
=>>
=>> I have a minor mystery and I don't know how to debug it.
=>>
=>> I have two computers in the house. Machine A has two NICS, one of which is
=>> hooked to the cable modem and sees the outside world. Also, Machine A
=>> implements the IPTABLES firewall with NAT. Machine B and Machine A's 2nd
=>> NIC
=>> are hooked up to a little hub. Ever since I upgraded to F10, I notice that
=>> Machine B can't see the outside world unless I restart the firewall. And
=>> just
=>> to make it interesting,
=>>
=>> Machine A: Fedora 10, 2.6.27.15-170.2.24.fc10.i686, eth0 is running
=>> dhclient,
=>> eth1 is a static address.
=>>
=>> Machine B: (not that it matters) is F8
=>>
=>> Diff of iptables before and after is the same.
=>> Diff of lsmod before and after is the same.
=>> eth1 is connected to the hub and is brought up at boot.
=>> I put a copy of my firewall at http://steveo.syslang.net/ipt.txt
=>>
=>> After a fresh boot, Machine B can't see the outside but can see A. Also, A
=>> can see B. Then a restart of the firewall causes B to be able to see the
=>> outside world.
=>>
=>> I am not using NetwortManager for either nics. This is a server, not a
=>> laptop.
=>>
=>> Any ideas?
=>>
=>> TIA
=>>
=>
--
steveo at syslang dot net TMMP1 http://frambors.syslang.net/
Do you have neighbors who are not frambors? Steven W. Orr
More information about the fiaif
mailing list