[CLUE-Tech] Banging my head on apache.

Jeremiah Stanley miah at miah.org
Wed Jan 23 20:54:07 MST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you post the iptables commands that you use so we can take a look at 
those. Sometimes the commands make more sense than the policy dumps...

JStanley

On Wed, 23 Jan 2002, Robert L. Harris wrote:

> 
> 
> Old Scenario:
>  
>  www server was 192.168.0.2 (internal dedicated box)
>  iptables forwarded trafic going to my public IP  to the internal box
> 
> New Scenario:
>   
>   New firewall is "strong enough" to be www server.
>   Install apache on firewall
>   disable (delete rules) forwarding of port 80 traffic and restart
>     iptables
> 
> 
> Problem:  hitting port 80 of the firewall doesn't connect, through both
> netscape and telnet.  It has been opened up in the iptables rules...
> 
> In the messages log I see this though:
> Jan 23 16:04:33 wally kernel: IN=eth0 OUT=eth1 SRC=12.253.54.145 DST=192.168.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=13845 DF PROTO=TCP SPT=1556 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> 
> Traffic is still being sent to the 192.168.0.2 server...  
> 
> iptables:
> Chain INPUT (policy DROP)
> target     prot opt source               destination         
> first      all  --  anywhere             anywhere           
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh state NEW 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:https state NEW 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth state NEW 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp state NEW 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp state NEW 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www state NEW 
> ACCEPT     tcp  --  anywhere             anywhere           tcp spt:ntp 
> ACCEPT     udp  --  anywhere             anywhere           udp spt:ntp 
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:domain 
> ACCEPT     udp  --  anywhere             anywhere           udp dpt:domain 
> ACCEPT     tcp  --  anywhere             anywhere           tcp spt:ftp 
> local      all  --  anywhere             anywhere           
> cleanup    all  --  anywhere             anywhere           
> 
> 
> I have completely deleted the forwarding rules and flushed the tables
> (verified) and restarted.
> 
> It's gotta be something stupid I'm overlooking.
> 
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                |  Micros~1 :  
> Senior System Engineer          |    For when quality, reliability 
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 

- -- 
Love is a snowmobile racing across the tundra and then suddenly it flips over, 
pinning you underneath. At night, the ice weasels come.  - Matt Groening
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8T4VhAd8Nj1SHkdcRApcdAJ9gylaH/GgdaCutQTm2gxLF38G+fgCcCF4A
g1D1WrUFYkUO473LZhS4b+U=
=NR/X
-----END PGP SIGNATURE-----

More information about the clue-tech mailing list