[CLUE-Tech] Banging my head on apache.

Robert L. Harris Robert.L.Harris at rdlg.net
Wed Jan 23 16:06:29 MST 2002 

Old Scenario:
 
 www server was 192.168.0.2 (internal dedicated box)
 iptables forwarded trafic going to my public IP  to the internal box

New Scenario:
  
  New firewall is "strong enough" to be www server.
  Install apache on firewall
  disable (delete rules) forwarding of port 80 traffic and restart
    iptables


Problem:  hitting port 80 of the firewall doesn't connect, through both
netscape and telnet.  It has been opened up in the iptables rules...

In the messages log I see this though:
Jan 23 16:04:33 wally kernel: IN=eth0 OUT=eth1 SRC=12.253.54.145 DST=192.168.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=13845 DF PROTO=TCP SPT=1556 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

Traffic is still being sent to the 192.168.0.2 server...  

iptables:
Chain INPUT (policy DROP)
target     prot opt source               destination         
first      all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh state NEW 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:https state NEW 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth state NEW 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp state NEW 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp state NEW 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www state NEW 
ACCEPT     tcp  --  anywhere             anywhere           tcp spt:ntp 
ACCEPT     udp  --  anywhere             anywhere           udp spt:ntp 
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere           udp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere           tcp spt:ftp 
local      all  --  anywhere             anywhere           
cleanup    all  --  anywhere             anywhere           


I have completely deleted the forwarding rules and flushed the tables
(verified) and restarted.

It's gotta be something stupid I'm overlooking.


:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the clue-tech mailing list