Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 105994
Summary: | wrong ports chosen for security configuration | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | John Reiser <jreiser> | ||||||
Component: | anaconda | Assignee: | Jeremy Katz <katzj> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike McLean <mikem> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | rawhide | CC: | bwheadley, chris.shank, gerry, menthos | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i386 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2005-06-24 12:15:36 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
John Reiser
2003-10-01 21:05:39 UTC
Created attachment 94850 [details]
/etc/sysconfig/iptables
has ports 50 and 51 (remote mail check) open, instead of the requested port 22
(SSH).
That's not ports 50 and 51, it's *protocols* 50 and 51 (IPSEC). OK, "50" and "51" may refer to IPSEC, and perhaps that is supposed to enable ssh to work, but the firewall still prevents ssh from receiving requests from the network: ----- $ ssh 192.168.0.5 # machine running RedHat 9 tries to access the new Fedora Core Test2 install ssh: connect to host 192.168.0.5 port 22: No route to host ----- Now, add the line -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT to the Fedora /etc/sysconfig/iptables, also /sbin/service iptables restart, and then the RH9 machine can ssh to the Fedora machine. So, the default is that SSH connectivity is broken from RH9 to Fedora Test2, even when SSH is enabled in the firewall configuration dialog of a Fedora Test2 install. This was working in Severn Beta1, and the regression is disappointing. This does not appear to be an instance of the UTF-8 problem that is mentioned in the Release Notes for Fedora Core Test2. After install, redhat-config-securtitylevel is inconsistent with the choice made during anaconda install. I run RedHat > System Settings > Security Level, and see that "Enable firewall" is pre-chosen, but no service is Trusted; during install I had picked SSH. Checking SSH, clicking OK, and acknowledging the warning about erasing all previous settings, gives an /etc/sysconfig/iptables that contains [I will attach the full file] ----- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT ----- That was from redhat-config-securitylevel-1.2.8-2 . So, the anaconda dialog and the -config application are not in sync, either. Created attachment 94868 [details]
/etc/sysconfig/iptables after adding SSH
using redhat-config-securitylevel-1.2.8-2
Turns out anaconda was losing the port information. Changing component to anaconda. redhat-config-securitylevel should work fine once anaconda writes the files out correctly. Fixed in CVS *** Bug 107214 has been marked as a duplicate of this bug. *** *** Bug 107220 has been marked as a duplicate of this bug. *** Still a problem with test3. *** Bug 107240 has been marked as a duplicate of this bug. *** *** Bug 107301 has been marked as a duplicate of this bug. *** *** Bug 105998 has been marked as a duplicate of this bug. *** |