Problems with firewall configuration
Christos Ricudis
ricudis at itc.auth.gr
Tue Mar 23 12:27:12 EET 2004
On Tue, 23 Mar 2004 12:02:52 +0200
Tsabros Leonidas <ltsampros at upnet.gr> wrote:
> Geia sas kai pali,
> prospatho na stiso enan aplo webserver se ena pc. Ola pane mia xara alla exo
> tin eksis aporia:
>
> Otan kapoios tha thelisei na dei to webpage poy tha exo valei tote to paketo
> poy tha steilei (an ola pane kala) tha erthei ston ipologisti moy kai tha
> filtraristei apoto firewall. Ara ta paketa poy tha steilei tha einai tcp me
> source port 80 kai destination port 80 (fevgoyn apo to 80 sto pc toy kai
> erxonte sto 80 ston server).
Oxi.
To paketo poy 8a steilei einai TCP me destination port 80 kai source port RANDOM - synh8ws kapoio high port, by spec EI8ISTAI na einai panw apo to 1024, alla de mporeis na basisteis s'ayto gia kanena logo.
> Profanos h apantisi apoton web server tha ginei
> me ton antistrofo tropo. Ara tha arkoyse se ena BOFH firewall me INPUT/
> OUTPUT/FORWARD POLICY DROP na exo ta eksis rules
> iptables -A INPUT -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED
> -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 80 -m state --state ESTABLISHED,RELATED,NEW
> -j ACCEPT
Sxedon.
Prepei na baleis ena analogo rule gia to FORWARD chain sthn periptwsh poy o webserver de brisketai sto idio mhxanhma me to firewall. Sthn periptwsh poy brisketai sto idio mhxanhma me to firewall, tote xrhsimopoieis to INPUT chain. Sto OUTPUT chain bale policy ACCEPT kai mhn bazeis rules.
--
Christos Ricudis ricudis at itc.auth.gr
Systems Administrator +30-2310-998305
IT Support Center
Aristotles University of Thessaloniki, GREECE
More information about the Linux-greek-users
mailing list