Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
well I have prepared a simply web server running Apache and I am interested in setting up a firewall which will block all outside access to this server except for port 80 traffic..
can anybody help me in this setup, i will really apperciate
You may want to rethink using FC5 as a web server. It has not had any updates (of any kind) for a few years. Fedora is currently on Fedora 10(just to give you an idea how far you are behind). You may want to consider Centos 5 instead. Centos is RHEL(Red Hat Enterprise Linux) with the logos removed. It is free to download/update (unlike RHEL) and has a five year support life(as opposed to Fedora's 13month support life). Centos 5 was based on FC6 so it will "feel" reasonably close to FC5.
thanks for the input, basically if there is any scripts it would help alot because I really don't know iptables and ipchains so well, I mean I can work but not an expert.
also I'll try downloading the centos 5.2 which is the lastest release and in the mean time if anyone can help me build iptables and ipchains firewall it would be great, previously I had used aron-iptables-firwall but in that scenario I was doing NAT and was using the machine as gateway for small workgroup. But in this case there is no NAT & no gateway, just a simple firewall to block all outside access on it expect for port 80 which is the webserver.
Try the two iptables commands that I gave in the previous post #2. Look if they are what you need. You do not say much and do not give information on what you have tried.
On the basis of what you have said you need those two will deny access to all the ports other than 80. You could add another rule to make the default rule for INPUT chain to DROP.
It will. You will need to open ssh port either through tcpwrappers or iptables.
If you want ssh port to be open for your machine you will need to add another online rule
iptables -A INPUT -s youipaddress --dport 22 -j ACCEPT
or you can add a line in /etc/hosts.allow
sshd:<youripaddress>
Edit:
But make sure that you insert all the rules before DROP. Otherwise they wont work.
Last edited by linuxlover.chaitanya; 01-23-2009 at 05:21 AM.
It will. You will need to open ssh port either through tcpwrappers or iptables.
If you want ssh port to be open for your machine you will need to add another online rule
iptables -A INPUT -s youipaddress --dport 22 -j ACCEPT
or you can add a line in /etc/hosts.allow
sshd:<youripaddress>
Edit:
But make sure that you insert all the rules before DROP. Otherwise they wont work.
I tired that above iptables and i got this error
Bad argument `22'
Try `iptables -h' or 'iptables --help' for more information.
I have put the entries in hosts.allow file and also did the port 80 using iptables, but another small question, won't I have to restart some services in order to get the new iptables to work or they will automatically become active
No they wont automatically reload new rules. You will need to save new rules and reload iptables. Man iptables for any information.
I forgot one parameter there -d yourserveraddress.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.