* Public Webserver behind IPtables Router
@ 2003-07-18 21:41 thomas krause
2003-07-18 21:50 ` Eric Leblond
0 siblings, 1 reply; 2+ messages in thread
From: thomas krause @ 2003-07-18 21:41 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 654 bytes --]
Hello , i tried to set up an IPTables Router for my Webserver. All hosts have has an official IP Adress. The eth0 of the Router is in a seperate Net.
The config on the Router is like this :
---------<Router>----------------------<WEBServer>
eth0 eth1 eth0
# Allow ssh ( 0.0.0.0/0 is replaced by my own client IP )
iptables -P INCOMING DROP
iptables -A INCOMING -s 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT
iptables -P OUTPUT ALLOW
Will this work ? O.K. Iam a Newbie but i will learn !
MfG Thomas
[-- Attachment #2: Type: text/html, Size: 1955 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Public Webserver behind IPtables Router
2003-07-18 21:41 Public Webserver behind IPtables Router thomas krause
@ 2003-07-18 21:50 ` Eric Leblond
0 siblings, 0 replies; 2+ messages in thread
From: Eric Leblond @ 2003-07-18 21:50 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 793 bytes --]
Le ven 18/07/2003 à 23:41, thomas krause a écrit :
> Hello , i tried to set up an IPTables Router for my Webserver. All
> hosts have has an official IP Adress. The eth0 of the Router is in
> iptables -P FORWARD DROP
> iptables -A FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT
>
> iptables -P OUTPUT ALLOW
>
> Will this work ? O.K. Iam a Newbie but i will learn !
No, you just authorize packet to port 80 and what happened to return
packet to have this working you have to add a rules using STATE, ie
accept all packet of the connection (and in particular response packet)
:
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT
BR,
--
Eric Leblond <eric@regit.org>
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-18 21:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-18 21:41 Public Webserver behind IPtables Router thomas krause
2003-07-18 21:50 ` Eric Leblond
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.