On Wed, 8 Nov 2000, Bob Hartung wrote:
> Hi all,
> I am new to ipchains but have managed to masquerade my
> home network behing RH 6.2 (with updates) and ipchains. Now
> I would like to set up a test apache server on the
> masquerade box. This will be visible to the outside world
> for my testing of some attempts at PHP to PostgreSQL.
>
> I am not sure of the rule to allow the outside world to
> access the apache box (localhost to the firewall machine).
>
> I tried to add:
>
> ipchains -A input -i eth0 -p TCP -s 0.0.0.0/0 -d lo www
> ACCEPT
>
> This added to my originally working rule set did the
> following:
> 1. Still can't get to the apache server
> 2. Turned off internet access to the rest of the inhouse
> network.
>
> ANy ideas? I have been through the man ipchains and the
> HOW-TO to get to the point where I am now.
>
> Thanks!
> Bob
>
Is eth0 the interface to the outside would, or your local network?
Also, if you are not flushing and reloading the rules, you will probably
have to use I (incert) instead of A (add) to have the rule work
properly.
In any case, here are my rules:
# HTTP server (80)
# ----------------
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR 80 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 80 \
--destination-port $UNPRIVPORTS -j ACCEPT
EXTERNAL_INTERFACE is the interface connecting to the internet.
IPADDR is the ip address the outside world is trying to connect to.
UNPRIVPORTS="1024:65535"
Remember, you not only have to allow the incomming connection to port
80, but you have to allow the return connection as well. Otherwise, no
information makes it back to the machine trying to connect.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
