Re: Shorewall for web server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Timothy Murphy wrote:
I have shorewall working perfectly on my little home LAN,
using the two-interfaces configuration
(from <http://www.shorewall.net/two-interface.htm>).

Now I'd like to allow access to a web-server (httpd)
on my shorewall machine - a desktop computer connected to the internet through an ADSL modem.

I'm finding this surprisingly difficult;
I've added the two lines

DNAT    net    loc:192.168.1.1 tcp     80   -   86.43.71.228
DNAT     net     loc:192.168.1.1  tcp    www

to the shorewall rules (and re-started shorewall and httpd)
but when I try to access the web-server from outside
I get many warnings in /var/log/messages of the form

Dec 26 10:13:47 alfred kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=80.231.0.106 DST=86.43.71.228 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=58867 DF PROTO=TCP SPT=3849 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

That's nothing to do with the web server. Look at DPT: you web server's on 80, that looking at 1433.
[summer@bilby ~]$ grep 1433 /etc/services
ms-sql-s        1433/tcp                        # Microsoft-SQL-Server
ms-sql-s        1433/udp                        # Microsoft-SQL-Server
[summer@bilby ~]$

Aren't you glad you're not running Windows SBS?



I attach the output of iptables -L .
I'd rather not:-( Put them on your webserver




--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux