Problems with firewall configuration
Iakwbos Triantafillou
ewsforos at styx.irc.gr
Tue Mar 23 12:26:29 EET 2004
Tsabros Leonidas wrote:
>Geia sas kai pali,
> prospatho na stiso enan aplo webserver se ena pc. Ola pane mia xara alla exo
>tin eksis aporia:
>
>Otan kapoios tha thelisei na dei to webpage poy tha exo valei tote to paketo
>poy tha steilei (an ola pane kala) tha erthei ston ipologisti moy kai tha
>filtraristei apoto firewall. Ara ta paketa poy tha steilei tha einai tcp me
>source port 80 kai destination port 80 (fevgoyn apo to 80 sto pc toy kai
>erxonte sto 80 ston server). Profanos h apantisi apoton web server tha ginei
>me ton antistrofo tropo. Ara tha arkoyse se ena BOFH firewall me INPUT/
>OUTPUT/FORWARD POLICY DROP na exo ta eksis rules
>iptables -A INPUT -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED
>-j ACCEPT
>iptables -A OUTPUT -p tcp --dport 80 -m state --state ESTABLISHED,RELATED,NEW
>-j ACCEPT
>?
>
>
>
>------------------------------------------------------------------------
>
>
>
>
Oxi.
Tha fygei apo kapoio port tou (random, synithws sto upper scale kai
sigoura panw apo to 1024 pou einai ta privileged ports) kai tha erthei
sto 80 tou dikou sou.
Sta well known ports akoune services, oxi clients. Koinws mporeis na
perimeneis oti an trexeis web server ola ta requests gia to service tha
erxontai sto 80 apo default. Ayto den shmainei oti kai to client tha
steilei request apo to 80.
Fantasou as poume oti trexeis esy ton webserver. An akouei sto 80 kai
douleuei opws les pws tha mporeis na deis esy selides afou to 80 tha
einai hdh binded ston webserver?
Kane ena "netstat -ta|grep http" kai tha deis ti paizei.
Ena paradeigma apo to diko mou mhxanhma einai:
[root at styx ewsforos]# netstat -t|grep http
tcp 0 0 styx.demon.gr:37913 216.239.59.104:http
ESTABLISHED
To local port einai to 37913 kai to remote (pou xtypaei sto google)
einai sto 80 (http)
Filika,
I.T.
More information about the Linux-greek-users
mailing list