[CLUE-Tech] Banging my head on apache.
Robert L. Harris
Robert.L.Harris at rdlg.net
Wed Jan 23 21:02:33 MST 2002
Actually, I rebooted and it stopped forwarding. Almost like the rule
was still in the kernel or soemthing.
Thus spake Jeremiah Stanley (miah at miah.org):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can you post the iptables commands that you use so we can take a look at
> those. Sometimes the commands make more sense than the policy dumps...
>
> JStanley
>
> On Wed, 23 Jan 2002, Robert L. Harris wrote:
>
> >
> >
> > Old Scenario:
> >
> > www server was 192.168.0.2 (internal dedicated box)
> > iptables forwarded trafic going to my public IP to the internal box
> >
> > New Scenario:
> >
> > New firewall is "strong enough" to be www server.
> > Install apache on firewall
> > disable (delete rules) forwarding of port 80 traffic and restart
> > iptables
> >
> >
> > Problem: hitting port 80 of the firewall doesn't connect, through both
> > netscape and telnet. It has been opened up in the iptables rules...
> >
> > In the messages log I see this though:
> > Jan 23 16:04:33 wally kernel: IN=eth0 OUT=eth1 SRC=12.253.54.145 DST=192.168.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=60 ID=13845 DF PROTO=TCP SPT=1556 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
> >
> > Traffic is still being sent to the 192.168.0.2 server...
> >
> > iptables:
> > Chain INPUT (policy DROP)
> > target prot opt source destination
> > first all -- anywhere anywhere
> > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
> > ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
> > ACCEPT tcp -- anywhere anywhere tcp dpt:auth state NEW
> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW
> > ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
> > ACCEPT tcp -- anywhere anywhere tcp dpt:www state NEW
> > ACCEPT tcp -- anywhere anywhere tcp spt:ntp
> > ACCEPT udp -- anywhere anywhere udp spt:ntp
> > ACCEPT tcp -- anywhere anywhere tcp dpt:domain
> > ACCEPT udp -- anywhere anywhere udp dpt:domain
> > ACCEPT tcp -- anywhere anywhere tcp spt:ftp
> > local all -- anywhere anywhere
> > cleanup all -- anywhere anywhere
> >
> >
> > I have completely deleted the forwarding rules and flushed the tables
> > (verified) and restarted.
> >
> > It's gotta be something stupid I'm overlooking.
> >
> >
> > :wq!
> > ---------------------------------------------------------------------------
> > Robert L. Harris | Micros~1 :
> > Senior System Engineer | For when quality, reliability
> > at RnD Consulting | and security just aren't
> > \_ that important!
> > DISCLAIMER:
> > These are MY OPINIONS ALONE. I speak for no-one else.
> > FYI:
> > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> >
> > _______________________________________________
> > CLUE-Tech mailing list
> > CLUE-Tech at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-tech
> >
>
> - --
> Love is a snowmobile racing across the tundra and then suddenly it flips over,
> pinning you underneath. At night, the ice weasels come. - Matt Groening
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8T4VhAd8Nj1SHkdcRApcdAJ9gylaH/GgdaCutQTm2gxLF38G+fgCcCF4A
> g1D1WrUFYkUO473LZhS4b+U=
> =NR/X
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
More information about the clue-tech
mailing list