Shorewall for web server?
John Summerfied
debian at herakles.homelinux.org
Wed Dec 28 01:22:54 UTC 2005
Timothy Murphy wrote:
> I have shorewall working perfectly on my little home LAN,
> using the two-interfaces configuration
> (from <http://www.shorewall.net/two-interface.htm>).
>
> Now I'd like to allow access to a web-server (httpd)
> on my shorewall machine - a desktop computer
> connected to the internet through an ADSL modem.
>
> I'm finding this surprisingly difficult;
> I've added the two lines
>
> DNAT net loc:192.168.1.1 tcp 80 - 86.43.71.228
> DNAT net loc:192.168.1.1 tcp www
>
> to the shorewall rules (and re-started shorewall and httpd)
> but when I try to access the web-server from outside
> I get many warnings in /var/log/messages of the form
>
> Dec 26 10:13:47 alfred kernel: Shorewall:net2all:DROP:IN=ppp0 OUT=
> MAC= SRC=80.231.0.106 DST=86.43.71.228 LEN=48 TOS=0x00 PREC=0x00
> TTL=117 ID=58867 DF PROTO=TCP SPT=3849 DPT=1433
> WINDOW=16384 RES=0x00 SYN URGP=0
That's nothing to do with the web server. Look at DPT: you web server's
on 80, that looking at 1433.
[summer at bilby ~]$ grep 1433 /etc/services
ms-sql-s 1433/tcp # Microsoft-SQL-Server
ms-sql-s 1433/udp # Microsoft-SQL-Server
[summer at bilby ~]$
Aren't you glad you're not running Windows SBS?
>
> I attach the output of iptables -L .
I'd rather not:-( Put them on your webserver
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the fedora-list
mailing list