mythinstall fest continued (long ramble)
Jarod Wilson
jarod at wilsonet.com
Mon Apr 9 00:22:40 EDT 2007
On Apr 08, 2007, at 22:52, Ben Scott wrote:
> On 4/8/07, Bruce Labitt <bruce.labitt at verizon.net> wrote:
>> How do I do I change the firewall settings in FC6?
>
> The GUI tool is "system-config-securitylevel", but it does not
> appear to be able to do anything at the interface level. It wants
> you to work in terms of UDP and TCP service ports. :-/
Hm... Are you running that on a box with multiple interfaces? I'm
pretty sure if you're running it on a multihomed system, that it does
present an option to set a "trusted" interface (the idea being that
this is probably an internal LAN-facing NIC and the other is on the
'Net).
> I did some Google work with "HDHomeRun firewall ports" and the like,
> and couldn't find anything useful. SiliconDust's website seems to be
> a veritable ocean of cluelessness. Belch. :-P Popular suggestions
> appear to be ports 5000, 65000, 65001 (TCP and UDP, since nobody knows
> which). Try adding exceptions for all of those using
> "system-config-securitylevel" and see what happens.
>
> If that fails, email me the contents of your /etc/sysconfig/iptables
> file (off-list) and I'll see if I can figure out where things went
> wrong.
My Myth box has both a 'Net-facing interface and a LAN-facing
interface. My HDHR just hangs off a switch on my LAN, and I've got
iptables allowing all traffic on its LAN interface via a one-line
addition to /etc/sysconfig/iptables:
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
(Under ":RH-Firewall-1-INPUT - [0:0]")
I'm reasonably certain that was inserted by system-config-
securitylevel, via the "trusted" option. Adjust the interface to
suit, and you should be golden, assuming there's nothing talking on
that interface but the HDHR.
--
Jarod Wilson
jarod at wilsonet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20070409/8d82ce98/PGP.bin
More information about the gnhlug-discuss
mailing list