LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-14-2006, 08:07 AM   #1
dales79
LQ Newbie
 
Registered: Jan 2006
Posts: 11

Rep: Reputation: 0
config firewall for internal http and httos


Hi

I have to do the following on a LINUX firewall using iptables:

"Provide access through the firewall to the webserver from address on the internal network using http and https. I then need to block access through the firewall from all other sources and to all other ports."

Having investigated this, I am so what confused as to how to configure the firewall to do this. I have founf two options, but am not sure what it is:

iptables -A FORWARD -m state --state ESTABLISHED, RELATED, -j accept
iptables -A FORWARD -p tcp --dport443 -j accept
iptables -A FORWARD -j log
iptables -A FORWARD -j drop

OR it is this:

iptables -A INPUT -i $ETHERNET -p tcp -d $MYIP --dport 80 -j ACCEPT
iptables -A OUTPUT -o $ETHERNET -p tcp -s $MYIP --sport 80 ! --syn -j ACCEPY

iptables -A INPUT -i $ETHERNET -p tcp -d $MYIP --dport 22 -s $MYNET -j ACCEPT
iptables -A OUTPUT -o $ETHERNET -p tcp -s $MYIP --sport 22 -d $MYNET ! --syn -j ACCEPT

Can someone help me? I am new to this and am confused what the difference is. - but I only want to enable internal traffic, not external.

I look forward to some replies

Dales79
 
Old 01-15-2006, 11:22 AM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
To allow external traffic through the firewall to an internal lan machine you would use a command like this for a tcp port. Replace xxx.xxx.xxx.xxx with your external wan IP and yyy.yyy.yyy.yyy to the internal lan server IP

IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80

The first section you have is open the 443 port on the exteranl nic of the firewall. Not needed unless you are providing the service on the firewall. The second would work with a few other lines.

You can learn a lot of iptables stuff here as well as looking at many prewritten scripts. Many have good remarks through out for ease of understanding.
http://www.linuxguruz.com/iptables/
http://www.netfilter.org/
http://iptables-tutorial.frozentux.n...-tutorial.html

Hope this helps.
Brian1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables Firewall Config - http and https dales79 Linux - Security 4 01-15-2006 01:35 PM
Firewall with http administration SlAiD Linux - Software 5 04-06-2005 10:02 AM
HELP! CGI problem : HTTP 500 - Internal server error eech55 Programming 2 10-11-2004 11:27 AM
Internal firewall... r_jensen11 Slackware 2 04-30-2003 05:36 PM
Sample Working ipchain that allows http,ftp,ssh for internal and external network munisp Linux - Networking 1 11-09-2001 05:49 PM


All times are GMT -5. The time now is 03:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration