Forum OpenACS Q&A: ipchains, lokkit, security settings in Mandrake or Red Hat Linux

Could it be related to the OS security settings?

Unlikely. Insofar as Mandrake is a Red Hat Linux derivative, by HIGH security settings they probably mean that most ports on the system are blocked.

I am not a Mandrake user. If Mandrake has the lokkit utility as Red Hat does, you can use it to inspect your "security settings". On Red Hat Linux, it is installed at /usr/sbin/lokkit.

Alternatively, you can go for the real thing and inspect your firewall settings directly with ipchains (/sbin/ipchains on Red Hat) like so:

bash$ su - -c "ipchains -L"
Password: 
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  someplace.redhat.com  anywhere              domain ->   1025:65535
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   netbios-ns
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   netbios-dgm
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   netbios-ssn
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   1025
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   ssh
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   http
ACCEPT     udp  ------  anywhere              anywhere              bootps:bootpc ->   bootps:bootpc
ACCEPT     udp  ------  anywhere              anywhere              bootps:bootpc ->   bootps:bootpc
ACCEPT     all  ------  anywhere              anywhere              n/a
REJECT     tcp  -y----  anywhere              anywhere              any ->   0:1023
REJECT     tcp  -y----  anywhere              anywhere              any ->   nfs
REJECT     udp  ------  anywhere              anywhere              any ->   0:1023
REJECT     udp  ------  anywhere              anywhere              any ->   nfs
REJECT     tcp  -y----  anywhere              anywhere              any ->   x11:6009
REJECT     tcp  -y----  anywhere              anywhere              any ->   xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

These are slightly modified MEDIUM security settings in Red Hat. For example, this box accepts connections to ports 22 (ssh) and 80 (http), and rejects connections to all ports in the 0-1023 range that do not have an explicit ACCEPT policy. Your setup should be similar.

In any case, if you say you can serve static pages when server is running on port 8000, that means your box IS accepting connections on that port. When you try telnetting into the port on which your webserver is listening, does it look like this:

bash$ telnet www.yahoo.com 80
Trying 64.58.76.224...
Connected to www.yahoo.com.
Escape character is '^]'.

If telnet says, Connected to localhost, then your security settings are fine. You shouldn't waste your time reinstalling the system with MEDIUM security settings.