[TriLUG] Re-IP-ing and Firewall

Greg Brown gwbrown1 at gmail.com
Wed Jul 6 08:40:27 EDT 2005 

First off, WARREN!!!!  What's up?!?!  How are things?  

I'll have to dig around for specifics on this but first off I have a
question: how complicated are your existing firewall rules?  Another
question would be is your server acting as a combined server/firewall
connected directly to your ISP or do you have multiple, routeable IP
Addresses and this server resides in a DMZ of sorts?

What about booting into run level 3 to avoid X?  If you can't stop the
boot process from going to X first try putting the server into single
user mode then editing /etc/inittab and changing the default to run
level 3 (or just make all your changes while in single user mode w/o
changing the inittab and rebooting).  Reboot, log in, (and this part
is from fuzzy memory way back when) edit your firewall script
somewhere in /etc/rc.# (or kicked off by rc.local) or written to
/etc/sysconfig/iptables if the rules are read from a file and not
created at boot time from a startup script.

Trouble is it has been forever since I have sat in front of a Suse
system so I don't recall if the firewall rules are written to
/etc/sysconfig/iptables (google seems to indicate it might be).

If the server/firewall is a dedicated firewall I hardily recommend
M0n0wall (what a surprise).

http://m0n0.ch/wall/

I run mine on a low-power Soekris Net-4501 and can't imagine going
back to a "full-sized" firewall.

Greg "Ex RPM'er" Brown

On 7/5/05, Warren Weber <wrweber at hufta.net> wrote:
> OK, it's late, I've gone stupid and could use some help ...
> 
> I am in the process of replacing a server with a SuSE 9.2 system that I built
> connected to my current ISP.  When I bring it up, I will bring it up on a new ISP and,
> therefore, a new IP address.  I changed the IP address and moved the server off my
> handy-dandy KVM (and soon-to-be ex-ISP) and hooked it up to the new ISP using
> spare parts.  Unfortunately, my spare monitor is not smart enough to talk to my
> server once X starts -- but that's not the real problem (I'll move it back to the KVM
> shortly).  Now that I've re-IP'd it, I can only contact it while on the same subnet it
> exists on, not from the "outside".  I assume this is because the firewall needs to be
> told all the rules now apply to a new IP address, but I can't verify this due to lack of
> access to the system.
> 
> I'm going to borrow a monitor tomorrow and hook it up, but does this sound
> reasonable?  If so, can someone enlighten me on how to make the firewall work with
> the new IP address ... or at least point me in the right direction in The Fine Manual?
> 
> Many thanks!
> Warren
> 
> --
> 
> I know there's money in horses. I put it there!
> 
> Warren Weber
> wrweber at hufta.net
> http://www.hufta.net
> 
> 
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>

More information about the TriLUG mailing list