 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, Mar 11, 2009 at 09:13:00AM -0700, Jared Carlson wrote: > Afternoon, > > I was asked to help configure a Red Hat box to allow certain IP's to get past the firewall. Anyone have experience with that? We think the firewall is causing a slow connection and we have some remote users trying to SVN some large files and having some serious issues. > > Any help is great - thanks! The all-purpose tutorial is here: http://www.netfilter.org/ You'll want to start by dumping the existing firewall configuration to see what it's doing: iptables -L #general rules iptables -L -t nat #nat rules The three main rule chains are INPUT, FORWARD, and OUTPUT. On a firewall, FORWARD is the most important. Each of these starts with a default policy, which is usually ACCEPT or DENY. On a firewall, you'll typically see DENY as the default policy on at least INPUT and FORWARD. After that, you make rules that go in a particular chain, that start with a specification of what to act on incoming NIC outgoing NIC source IP and/or port destination IP and/or port whether this opens a connection or is part of an existing connection and several other possibilities and then tells what to do with packets that match the specification: ACCEPT them, DROP them, LOG them, or jump to another chain. Does that help? -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't defend freedom by getting rid of it.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
