You are not logged in.
I've been a webserver home just for kicks and some experimenting. I got the webserver working, but when I started securing it, it broke.
I started with the firewall on the Wiki.
http://wiki.archlinux.org/index.php/Sim … wall_HOWTO
With following command.
iptables -A open -i eth0 -p tcp --dport 80 -j ACCEPTSomething I'm missing?
Sebastian A. Liem
Offline
It seems you have done this right, but can you post the whole output of
iptables -nvLThat way, I can verify that your rules are correct. You could also tell us more about your network setup (ifconfig outpus would be a good start).
Offline
Of course, here you go.
[root@wong ~]$ iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
8839 692K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
125 39707 interfaces all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 open all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6647 packets, 1436K bytes)
pkts bytes target prot opt in out source destination
Chain interfaces (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
125 39707 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain open (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 192.168.1.0 0.0.0.0/0 tcp dpt:6600[root@wong ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:6E:F3:44:C6
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:6eff:fef3:44c6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:135472 errors:0 dropped:0 overruns:0 frame:0
TX packets:102836 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10683474 (10.1 Mb) TX bytes:49000898 (46.7 Mb)
Interrupt:18 Memory:feaf8000-0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:804 (804.0 b) TX bytes:804 (804.0 b)Thanks.
Sebastian A. Liem
Offline
When you say it 'broke' what exactly happened? I'd suggest that you will also need to allow DNS in from your DNS servers.
Offline
Your rules don't do anyting as all available interfaces are considered trusted. All rules in the open chain are thus redundant, as ANY traffic is accepted in the interfaces chain.
Why do you need iptables on a local network anyway?
Offline