Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a RedHat 7.2 box configured as a firewall with IP masquerading. The setup is rather basic: DSL ROUTER <-> FIREWALL <-> SWITCH <-> (WEBSERVER, INTERNAL MACHINE 1, INTERNAL MACHINE 2, ETC) and for the most part works fine. External machines are able to access the webserver through the firewall, and internal machines can access the webserver via its LAN IP address. The problem I have is that internal machines can't reach the webserver via the firewall's EXTIP address. In other words, if I "telnet mydomain.com" on an internal machine, DNS (from outside my LAN) returns the correct IP address but the machine can't establish a connection, whereas the same test works fine if I perform it on a machine outside the firewall. In summary, it seems there's a problem with machines on the LAN accessing other machines on the LAN through the firewall.
I'm using the seemingly-standard rc.firewall 0.63 script (copied off linuxdoc.org), with a few modifications for allowing external access to my LAN. I figure I need to add a rule that forwards port 80 LAN traffic destined for the firewall EXTIP address to the webserver, but haven't been able to make it work. I've been looking all over for help and can't find what I need, so I'd love to hear everyone's suggestions on what might be wrong. Let me know if I should post my iptables config (or anything else).
you need to DNAT the requests from the local net too. by your description I can see that you are using DNAT only for the ext network. There is a good howto for this in the netfilter site. I am giving the address for it.