LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-10-2015, 09:32 AM   #1
battles
Member
 
Registered: Apr 2014
Distribution: Debian GNU/Linux 7.5 (wheezy)
Posts: 258

Rep: Reputation: Disabled
Blocking port 80


I have set my server to accept TCP request from port 80 to 8080. I am the only one who needs to look at the webpage.

I used this to block port 80:
iptables -A INPUT -p tcp --destination-port 80 -j DROP

I only have eth0, so I just did this also:
iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j DROP

My question is: I don't know what I did by executing the iptables on eth0. What did this do and/or accomplish?

Thanks.
 
Old 01-10-2015, 09:53 AM   #2
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
Simple:All request to port 80 on eth0
will be droped. U need to port forward to get ur web page working on port 8080
 
Old 01-10-2015, 01:11 PM   #3
battles
Member
 
Registered: Apr 2014
Distribution: Debian GNU/Linux 7.5 (wheezy)
Posts: 258

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by zafar_dandoti View Post
Simple:All request to port 80 on eth0
will be droped. U need to port forward to get ur web page working on port 8080
Actually, I don't care for anyone to see the site, so I just look at statistics I create myself. However, I understand port forwarding, but wouldn't that be just like using port 80 in the first place?
 
Old 01-11-2015, 08:55 AM   #4
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,240

Rep: Reputation: 103Reputation: 103
Quote:
Originally Posted by battles View Post
I have set my server to accept TCP request from port 80 to 8080. I am the only one who needs to look at the webpage.

I used this to block port 80:
iptables -A INPUT -p tcp --destination-port 80 -j DROP

I only have eth0, so I just did this also:
iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j DROP

My question is: I don't know what I did by executing the iptables on eth0. What did this do and/or accomplish?

Thanks.
The second command is completely redundant as long as the first one stands. The first one blocks incoming traffic on tcp port 80 from anywhere to any network interfaces. So as long as you only have one interface, don't bother with specificying -i eth0, just use the first line and delete the second.

As far as the main sentence is concerned, you're rather ambiguous. Are you referring to port forwarding from 80 to 8080? You'll probably need to use DNAT and enable IP forwarding (depending on your distros, this can be done in numerous ways. In Centos 6.6 you can run # echo "1" > /proc/sys/net/ipv4/ip_forwarding or sysctl -w net.ipv4.ip_forwarding=1). On the other hand, if your webserver does not belong to a private network, then I suppose there's no use for port forwarding, is there?

If you've got a client with a stable public ip, then you can accept traffic on port 80 only from that ip. If not, probably the only (easy/easier) way to restrict http access so that only you can connect to your web server is to set up authentication on Apache.

Last edited by vincix; 01-11-2015 at 08:59 AM.
 
Old 01-11-2015, 11:58 AM   #5
battles
Member
 
Registered: Apr 2014
Distribution: Debian GNU/Linux 7.5 (wheezy)
Posts: 258

Original Poster
Rep: Reputation: Disabled
Yes, I guess I don't understand port forwarding. I probably don't need it. My isp only gives static IPs to business accounts, so doing the static ip thing is out of the question. Your answer about the port blocking is really what I want to know. I wasn't sure if you needed to block both TCP and eth0 together.

Thanks.
 
Old 01-12-2015, 03:28 PM   #6
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,240

Rep: Reputation: 103Reputation: 103
Quote:
Originally Posted by battles View Post
Yes, I guess I don't understand port forwarding. I probably don't need it. My isp only gives static IPs to business accounts, so doing the static ip thing is out of the question. Your answer about the port blocking is really what I want to know. I wasn't sure if you needed to block both TCP and eth0 together.

Thanks.
Just another thing I'd like to make clear. Your web server doesn't necessarily need to belong to a private network in order for port forwarding to make sense, but it makes sense when it belongs to some other subnet (private or not) to which the router is connected. So if the router is connected to both the subnet on which you receive the http requests and the subnet to which the web server belongs, then it makes sense to use port forwarding.

But in your case the router and the web server are the same, so there's no need for that.
 
Old 01-12-2015, 03:38 PM   #7
battles
Member
 
Registered: Apr 2014
Distribution: Debian GNU/Linux 7.5 (wheezy)
Posts: 258

Original Poster
Rep: Reputation: Disabled
Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking port amartlk Linux - Newbie 6 02-09-2012 12:19 AM
Blocking port(s) emailbuilder88 Linux - Networking 3 07-10-2011 02:05 PM
Help Blocking Port 25 hammertime1983 Linux - Security 5 02-23-2011 05:40 PM
port blocking BwiNfon Linux - Security 4 09-25-2003 10:51 AM
port blocking EyaL Linux - Security 3 10-19-2002 08:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration