HI I have a (website ) behind my filrewall, but cannot connect to it when my firewall is on , but when i stop my fire wall ( /etc/ini.d/iptables stop ) I am able to view my website. My firewall setting is as follows from ( /etc/sysconfig/iptables) ####################################################### Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 223.0.0.231 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed
##################################################### What changes do i need to the above setting in order to see my website ( even if the fire wall is on )
Thanks
Agnello George wrote:
HI I have a (website ) behind my filrewall, but cannot connect to it when my firewall is on , but when i stop my fire wall ( /etc/ini.d/iptables stop ) I am able to view my website.
There is a nice command line firewall utility http://rocky.eld.leidenuniv.nl/ called Arno's firewall.
http://rocky.eld.leidenuniv.nl/page/iptables/iptframe.htm
It uses command line but you need not know the exact syntax for iptables. You only need to be clear in your firewall concept. Go through the documentation. You need to edit a pre-edited config file in plain English. It is intuitive and easy to set up. The utility will then translate your settings into iptables. First try it out on a testing machine before deploying it.
On 9/13/07, Rony ronbillypop@yahoo.co.uk wrote:
Agnello George wrote:
HI I have a (website ) behind my filrewall, but cannot connect to it when my firewall is on , but when i stop my fire wall ( /etc/ini.d/iptables stop ) I am able to view my website.
There is a nice command line firewall utility http://rocky.eld.leidenuniv.nl/ called Arno's firewall.
http://rocky.eld.leidenuniv.nl/page/iptables/iptframe.htm
It uses command line but you need not know the exact syntax for iptables. You only need to be clear in your firewall concept. Go through the documentation. You need to edit a pre-edited config file in plain English. It is intuitive and easy to set up. The utility will then translate your settings into iptables. First try it out on a testing machine before deploying it.
I solved the problem , fedora ( core 6 ) has a comman called "system-config-securitylevel" i issued the this command #system-config-securitylevel ( entre ) you will get the following screen.
choose -------> customise
then choose www ( https) service
save anf restart IPtables
or
even editing iptables manually would work : iptables -A INPUT –p TCP --dport 80 --syn -m limit --limit 5/second -j ACCEPT
Agnello George wrote:
I solved the problem , fedora ( core 6 ) has a comman called "system-config-securitylevel" i issued the this command #system-config-securitylevel ( entre ) you will get the following screen.
As long as you use command line its ok. Servers don't use X environment so everything is in command line.
On 9/14/07, Rony ronbillypop@yahoo.co.uk wrote:
As long as you use command line its ok. Servers don't use X environment so everything is in command line.
Just curious, is ncurses common on servers? In case you want to recompile your kernel.
Regards, Mohan S N
On Friday 14 Sep 2007 23:10:04 Mohan Nayaka wrote:
On 9/14/07, Rony ronbillypop@yahoo.co.uk wrote:
As long as you use command line its ok. Servers don't use X environment so everything is in command line.
Just curious, is ncurses common on servers? In case you want to recompile your kernel.
Toolchain on a server? The admin should kill himself.
On 9/15/07, Mrugesh Karnik mrugeshkarnik@gmail.com wrote:
On Friday 14 Sep 2007 23:10:04 Mohan Nayaka wrote:
On 9/14/07, Rony ronbillypop@yahoo.co.uk wrote:
As long as you use command line its ok. Servers don't use X environment so everything is in command line.
Just curious, is ncurses common on servers? In case you want to recompile your kernel.
Toolchain on a server? The admin should kill himself.
Why? What about out-of-distro patches?
On 9/14/07, Mohan Nayaka mohansn@gmail.com wrote:
On 9/15/07, Mrugesh Karnik mrugeshkarnik@gmail.com wrote:
On Friday 14 Sep 2007 23:10:04 Mohan Nayaka wrote:
On 9/14/07, Rony ronbillypop@yahoo.co.uk wrote:
As long as you use command line its ok. Servers don't use X
environment
so everything is in command line.
Just curious, is ncurses common on servers? In case you want to recompile your kernel.
Toolchain on a server? The admin should kill himself.
Why? What about out-of-distro patches?
--
your'll guys are still awake it 2am !!! and BTW my problem is solved
-
Agnello George -
Mohan Nayaka -
Mrugesh Karnik -
Rony