Um, 'chkconfig iptables off'? rpm -e msec? Or, disable firewalling in the control center (it's under security)?
On Sat, Mar 02, 2002 at 10:15:29PM +0000, richard bown alleged: > Hi all > I 've had to go back to 8.1. > Whatever you have done with security is a disaster. > > Telneting in to the public interface, ie the one connected to the > internet,,impossible > no matter what, and rules are loaded to iptables, all thats eeen is > martin errors in the syslog. > > I use xinetd for port redirection to another machine behind the > firewall. > > this did exactly the same...martian errors, and heres the worst bit > afetr running for 10 hrs , all attempts to send mail and receive mail > got connection refused errors, > smtp, pop3,imap all the same, checked with the isp, 1 hr on the phone. > not at their end. loaded 8.1 and mail again QED > > I dont know who is responsibe for the mandrake security MSEC and > whatever, I suspect gated is being used, but nothing showed on a "ps ax" > > Whoever should realise that not every one want a system which can only > work one way. > I need to be able to telnet, ssh from anywhere in the world. > This is absolutely USELESS to me if I can only use it from home. > > Xinetd redirection works well under 8.1, so does bastille-firewall > the same config scripts were used on 8.2, so again where is the backawrd > or even in this case forward compatability . > > Ok the 3d side is good, none of the problems with the later kernels > on 8.1. > > In its currrent state 8.2b3 is a TOY not a working system, and as for > comments like add to hosts.allow on the remote machine...should'nt > need to, it was fully functional before 8.2b3 > > > you guys are so paranoid over security, this time you've gone far too > far MSEC level 99 is not required. > I logged into a machine in the States, Seattle, and tried telneting > to all the ports that are redirected...martian errors > > tried port 22 ssh,,,martian errors > it did manage to return a ping. > I also saw tcpdump being turned on and off with ipv4 errors. > > If any one wants something on the networking side tested no problem. > If the ipip tunnels had'nt functioned, 8.2 would have been off in 1/2 > hr. > > interfaces that are labelled as internal fuctioned, as did lo > external interfaces would not function. > Flushing iptables had no effect. > system in use > 700MHzduron , 512M ram 10GB hd, kernels 2.4.17-19mdk & 2.4.18-2mdk.. > > In its current state 8.2 could not be released as it cant be used as a > server.. > shame it looked good on the install, apart from the freeze when trying a > live update, > > If a table of bug levels I'd put this one on Egyptian level > > BR > Richard > > >
