Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just setup my NAT with webmin using the Linux Firewall. For some reason I cannot browse to my web servers or mail server. Everyone else is able to though. It feels like I am leaving out one small setting.
And one more thing I cannot get the IP_Forward to stay on 1. After reboot it is back to 0 again. I cannot figure out how to save that setting.
BAH!
Gui tools...fsck you up every time.
I suggest you read up on iptables and make your own script, starting with a base script from here: http://iptables-script.dk/
Thanks I am being such a !! I just got so close with Webmin. I am being lazy and did not want to script it. Everything works great except I cannot get into my webserver while behind my router.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Generally traffic is not allow by firewalls to go "out then back in", i.e. you cannot have internal private addresses connect to your outside public IPs. This is by design.
Instead, use the internal IP of your server for local clients to connect to.
So how does a cheap Linksys cable router handle the external to internal NAT? Before I dove headfirst into iptables, I had a Linksys doing all of my routing. I was able to do forwarding and be able to browse "back in" with no problem. Would this mean that a Linksys router is better than a Linux router? I hope not.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
No, it means a Linksys is less secure because it allows the outside IP to "talk to itself". Linksys did it out of convenience for people that don't understand how networking is supposed to work. Whatever iptables script you're using handles the situation more correctly.
You have two interfaces on your Linux router, yes? Two IPs, one outside, one inside, yes? So point your LAN clients to the IP of the inside interface, that's how it's supposed to work. If DNS is a problem, you can override it for your LAN clients by putting the Fully Qualified Domain Name in /etc/hosts and associate it with the internal IP. Note: This has to be done on the client machines, not the server. Also if you're using Windows, the hosts file will be found in various places depending on what version of Windows you use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.