Default Hole In Firewall?

6 posts / 0 new
Topic locked
Last post
#1 Thu, 04/13/2006 - 10:53
WilliamSmith

Default Hole In Firewall?

I find I have to do:

Webmin Networking Linux Firewall Chain RH-Firewall-1-INPUT Add Rule Comment: VirtualMin remote access Accept Protocol Equals TCP Destination Port Equals 10000 Create <Move new rule above "Reject always" rule> Apply Configuration

In order to use VirtualMin from another machine, shouldn't that happen by default during the installation?

Thanks!

Thu, 04/13/2006 - 11:34
WilliamSmith

And another little buglet: When adding rules, you can't put anything in the &quot;Comment&quot; field, or you'll get a:

/*
Flushing firewall rules: [[ OK ]]
Setting chains to policy ACCEPT: nat mangle filter [[ OK ]]
Unloading iptables modules: [[ OK ]]
Applying iptables firewall rules: iptables-restore v1.2.11: Couldn't load match `comment':/lib/iptables/libipt_comment.so: cannot open shared object file: No such file or directory

Error occurred at line: 22
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[[FAILED]]
*/

Error when you hit &quot;Apply Configuration&quot;.

Thu, 04/13/2006 - 11:42
WilliamSmith

Unless you go into 'module config' and set &quot;# comments in save file&quot;

[[Still can't get a DNS-sized hole in the firewall, but that's probably a rathole...]]

Thu, 04/13/2006 - 18:53
Joe
Joe's picture

Hey William,

Yes, I'm working on adding firewall configuration to the installer. It's just not easily abstracted out, since SUSE uses a completely different configuration file than everyone else. But I expect the next release of the virtualmin-base will handle the Red Hat based systems, and I'll work on SUSE whenever I get a chance.

I haven't seen the comment issue before. I'm certain the default configuration has the comment syntax right on my systems, but maybe something broke in the latest version of two of Webmin.

--

Check out the forum guidelines!

Fri, 04/14/2006 - 10:28
ChrisBlackwell

remember that DNS uses UDP 53, not TCP

Fri, 04/14/2006 - 10:38
Joe
Joe's picture

Hey Chris,

You're quite right and the example firewall rules I posted in another thread William started cover UDP*. Though apparently there can also be TCP traffic known as DNS/TCP, so I always open it up--and I do find that it gets hit on every server I have that provides DNS service. I have no idea if my DNS servers actually provide TCP DNS service...but I do see TCP traffic. ;-)

*-That post is here:

http://www.virtualmin.com/forums/message-view?message_id=37489

--

Check out the forum guidelines!

Topic locked