Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 01-14-2006, 09:07 AM   #1
LQ Newbie
Registered: Jan 2006
Posts: 11

Rep: Reputation: 0
config firewall for internal http and httos


I have to do the following on a LINUX firewall using iptables:

"Provide access through the firewall to the webserver from address on the internal network using http and https. I then need to block access through the firewall from all other sources and to all other ports."

Having investigated this, I am so what confused as to how to configure the firewall to do this. I have founf two options, but am not sure what it is:

iptables -A FORWARD -m state --state ESTABLISHED, RELATED, -j accept
iptables -A FORWARD -p tcp --dport443 -j accept
iptables -A FORWARD -j log
iptables -A FORWARD -j drop

OR it is this:

iptables -A INPUT -i $ETHERNET -p tcp -d $MYIP --dport 80 -j ACCEPT
iptables -A OUTPUT -o $ETHERNET -p tcp -s $MYIP --sport 80 ! --syn -j ACCEPY

iptables -A INPUT -i $ETHERNET -p tcp -d $MYIP --dport 22 -s $MYNET -j ACCEPT
iptables -A OUTPUT -o $ETHERNET -p tcp -s $MYIP --sport 22 -d $MYNET ! --syn -j ACCEPT

Can someone help me? I am new to this and am confused what the difference is. - but I only want to enable internal traffic, not external.

I look forward to some replies

Old 01-15-2006, 12:22 PM   #2
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 64
To allow external traffic through the firewall to an internal lan machine you would use a command like this for a tcp port. Replace with your external wan IP and yyy.yyy.yyy.yyy to the internal lan server IP

IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80

The first section you have is open the 443 port on the exteranl nic of the firewall. Not needed unless you are providing the service on the firewall. The second would work with a few other lines.

You can learn a lot of iptables stuff here as well as looking at many prewritten scripts. Many have good remarks through out for ease of understanding.

Hope this helps.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables Firewall Config - http and https dales79 Linux - Security 4 01-15-2006 02:35 PM
Firewall with http administration SlAiD Linux - Software 5 04-06-2005 11:02 AM
HELP! CGI problem : HTTP 500 - Internal server error eech55 Programming 2 10-11-2004 12:27 PM
Internal firewall... r_jensen11 Slackware 2 04-30-2003 06:36 PM
Sample Working ipchain that allows http,ftp,ssh for internal and external network munisp Linux - Networking 1 11-09-2001 06:49 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:50 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration