iptables help
Lisa Kachold
lisakachold at obnosis.com
Thu Apr 28 19:40:12 MST 2011
Hey Nathan,
Howzit goin?
Here's that "love":
On Thu, Apr 28, 2011 at 5:41 PM, Nathan England <nathan at paysonlinux.org>wrote:
> I'm running a fedora 14 machine with eth0 being internal and eth1
> being external. It is setup for transparent proxying with dansguardian
> and squid. All works well. I also have apache running for web
> development on port 80, and I can access it. However, I want to access
> that web server from the outside world. I cannot for the life of me
> (atleast within the limits of my patience) get port 80 open on the
> external interface so I can access the web server.
>
> Can anyone offer some advice to make iptables show me some love? Or
> can I not do this all on the one machine?
>
Dansguardian comes with basic iptables that look something like this:
# Allow port 8080 (Dansguardian) to receive connections
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
# Redirect port 80 to Dansguardian (port 8080)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-ports 8080
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT
==end example==
So, I assume you aren't doing NAT, but you don't want to have the reject
statement?
test:
# /sbin/iptables-save |grep REJECT
# /sbin/iptables-save >file
# cp file file-new
# vi file-new == change your order or read your whole tables and edit (or
post to the list so we can do it for you
# /sbin/iptables-restore <file-new
TEST your internal to external port 80
Works? Save
# /etc/init.d/iptables save
No joy? Rollback
# /sbin/iptables -F (don't do this if you are doing NAT or in production)
# /sbin/iptables-restore <file
# /etc/init.d/iptables save
And remember if you get stuck, post your whole iptables here (obfuscating
real ipaddresses, etc) and we will fix it for ya.
Also check this great resource:
http://www.krr.org/linux/debian/HOWTO_QUICKIE_-_install_dansguardian.php
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathan England
> I believe in the Constitution and the 4th Amendment. I am innocent and
> have nothing to hide, but NO agent of the state crosses my threshhold
> without a valid warrant signed by a judge and properly submitted. If
> we fail to exercise our rights, we lose them.
>
--
(503) 754-4452 iPhone
(623) 239-3392 Skype
(623) 688-3392 Google Voice
http://www.it-clowns.com
"If Python is executable pseudocode, then perl is executable line noise."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110428/4213a433/attachment.html>
More information about the PLUG-discuss
mailing list