Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have to do the following on a LINUX firewall using iptables:
"Provide access through the firewall to the webserver from address on the internal network using http and https. I then need to block access through the firewall from all other sources and to all other ports."
Having investigated this, I am so what confused as to how to configure the firewall to do this. I have founf two options, but am not sure what it is:
iptables -A FORWARD -m state --state ESTABLISHED, RELATED, -j accept
iptables -A FORWARD -p tcp --dport443 -j accept
iptables -A FORWARD -j log
iptables -A FORWARD -j drop
You need to set up the firewall so that users on the inside can reach a specific web-server on the outside?
Or are you trying to just allow your users to browse the web from the inside?
If you're trying to allow web-browsing from the inside just set up
The first thing I have to do is provide access through the firewall to a web-server (located on internal network) from addresses on internal network using http and https. Access should be blocked through firewall from all other sources and to all other ports.
The second thing I have to do (which I didn't mention) is to allow one machine (on internal network) to access web-servers on the internet through the firewall.
Just to clarify further:
Is the web-server in question inside the firewall in question or are we talking about the firewall on that web-server?
Are the web-server and the firewall the same machine?
If the web-server is inside the firewall the clients on the same net should be able to connect to it...
To answer the last question about allowing one client inside to reach http/https on the outside:
#Open for http-requests from one ip on the inside
iptables -A FORWARD -i <internal interface> -p tcp -m tcp --dport 80 -s <ip of client to allow> -j ACCEPT
#Open for https-requests from one ip on the inside
iptables -A FORWARD -i <internal interface> -p tcp -m tcp --dport 443 -s <ip of client to allow> -j ACCEPT
#Open for the replies to those requests
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
Did that help at all?
Still not sure I understand what you need, if you could give me the layout of the firewall/server/inside I should be able to help more...