The options where you can enforce/disable is actually part of the SELinux package. SELinux is a hybrid firewall that prevents unauthorized access to files and data on your system. for example setting up and LDAP server, we set SELinux to permissive so that the LDAP setup is not prevented from modifying the files it needs, but SElinux still tells us that access was attempted that it flagged as a potential security threat. Think of UAC in windows vista.
The Linux firewall (iptables) is where you actually open incoming ports for your server. this is where you can open 8080, ssh, ftp etc. both can be configured by typing 'setup' at the command line and pressing enter. PS unless there is a specific reason you need to Enforce SELinux rules, i reccomend you leave it in permissive mode during your testing On Wed, Nov 4, 2009 at 2:04 PM, Simon Peter Muwanga <[email protected]>wrote: > Thanks again. > > On Wed, Nov 4, 2009 at 9:42 PM, sanga collins <[email protected]> > wrote: > > NAT will work for you, but it depends on what you need. from your > original > > emails, it is hard to determine what exactly you are trrying to > accomplish. > My main goal is to have a vm pre-installed with the webapplication I > have developed. The web app sits on a tomcat server. So I would like > to access it through port 8080. I also wanna use ssh for remote > control of this. I have linux users who demand for these things. But > before i package the vm, just wanted to explicitly confirm that the > system can be accessed through a host OS. > > > > > In general a guest OS in any virtual environment should operate > > independently of the host. so for example if you are setting up IP tables > on > > the Suse server to allow ssh, this will have no impact on the centos > guest > > vm. The same goes for setting up ip tables on the Suse server to block > > traffic, will not block any traffic going to the Centos guest vm. > > > > ssh is setup by default on centos servers. from a console/command line if > > you type "setup" you will get a txt based gui (oxymoron?) that will > simplify > > the way configure the system. there is a screen shot of one of my many > > centos guest virtual machines. > > > > from the centos command line try ssh <cenots-user>@localhost > > > > this way you can test if its working without having to modify the > firewall. > I tried playing around with the options(Enforcing and Disable), i was > still unable to ssh into the guest CentOS. I opened port 8080, but > still failed. Am using a virtual appliance that only provides me with > a command line interface. > I liked the advice. > Cheers, > Simon. > > > > > > > > > > On Wed, Nov 4, 2009 at 1:18 PM, Simon Peter Muwanga <[email protected]> > > wrote: > >> > >> Thanks for the quick response. > >> > >> No, I can't ssh to the guest. The connection to the guest times out. > >> > >> BTW, will NAT work for me? Am trying to look up some useful literature > >> on the internet. > >> > >> Simon. > >> > >> On Wed, Nov 4, 2009 at 4:55 PM, sanga collins <[email protected]> > >> wrote: > >> > Are you able to ssh when you turn iptables off? > >> > > >> > On Wed, Nov 4, 2009 at 5:12 AM, Simon Peter Muwanga < > [email protected]> > >> > wrote: > >> >> > >> >> Dear Comrades, > >> >> > >> >> I have set up a firewall + iptables as follows, > >> >> > >> >> # iptables -P INPUT ACCEPT > >> >> # iptables -F > >> >> # iptables -A INPUT -i lo -j ACCEPT > >> >> # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > >> >> # iptables -A INPUT -p tcp --dport 22 -j ACCEPT > >> >> # iptables -P INPUT DROP > >> >> # iptables -P FORWARD DROP > >> >> # iptables -P OUTPUT ACCEPT > >> >> # iptables -L -v > >> >> # /sbin/service iptables save > >> >> > >> >> However, I can't ssh into the guest OS. > >> >> > >> >> Some info: > >> >> Host OS is OpenSUSE 10.3 > >> >> Guest OS,(OS in the virtual machine) is CentOS, a virtual appliance > >> >> from symbiosoft.net > >> >> Type of vm: virtualbox > >> >> > >> >> Any work-around? > >> >> > >> >> > >> >> Simon. > >> >> _______________________________________________ > >> >> LUG mailing list > >> >> [email protected] > >> >> http://kym.net/mailman/listinfo/lug > >> >> %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > >> >> > >> >> The above comments and data are owned by whoever posted them > (including > >> >> attachments if any). The List's Host is not responsible for them in > any > >> >> way. > >> >> --------------------------------------- > >> >> > >> > > >> > > >> > _______________________________________________ > >> > LUG mailing list > >> > [email protected] > >> > http://kym.net/mailman/listinfo/lug > >> > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > >> > > >> > The above comments and data are owned by whoever posted them > (including > >> > attachments if any). The List's Host is not responsible for them in > any > >> > way. > >> > --------------------------------------- > >> > > >> > > >> > > >> _______________________________________________ > >> LUG mailing list > >> [email protected] > >> http://kym.net/mailman/listinfo/lug > >> %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The List's Host is not responsible for them in any > way. > >> --------------------------------------- > >> > > > > > > _______________________________________________ > > LUG mailing list > > [email protected] > > http://kym.net/mailman/listinfo/lug > > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The List's Host is not responsible for them in any > way. > > --------------------------------------- > > > > > > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > >
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
