LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-09-2006, 02:45 PM   #1
hazmatt20
Member
 
Registered: Jan 2006
Distribution: FC5, Ubuntu
Posts: 126

Rep: Reputation: 15
Certain web pages inaccessible


So, I have a firewall/dhcp server running Ubuntu 6.06 server edition. The server (as well as the machines behind it) cannot access a handful of web pages. So far I've noticed adobe.com, macromedia.com, and any downloads at java.sun.com like sdlc5e.sun.com. If I connect one of the computers behind the firewall directly to the incoming ethernet connection, I have no problem connecting. Does anyone have any ideas?
 
Old 10-09-2006, 02:48 PM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Which firewall do you have and can you post up the rules? The fact that a direct connection works fine would indicate that it's your firewall blocking things....
 
Old 10-09-2006, 03:09 PM   #3
hazmatt20
Member
 
Registered: Jan 2006
Distribution: FC5, Ubuntu
Posts: 126

Original Poster
Rep: Reputation: 15
The firewall only controls ports, not addresses. Here is the script I run to load the iptables rules:

Code:
#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

EXTIF="eth0"
INTIF="eth1"

iptables -P INPUT DROP
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F -t nat

# Flush the user chain.. if it exists
if [ "`iptables -L | grep drop-and-log-it`" ]; then
   iptables -F drop-and-log-it
fi

# Delete all User-specified chains
iptables -X

# Reset all IPTABLES counters
iptables -Z

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $INTIF -j ACCEPT
iptables -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTIF -p tcp --dport 56789 -j ACCEPT
iptables -A INPUT -i $EXTIF -p tcp --dport 80 -j ACCEPT

iptables -A FORWARD -i $EXTIF -o $EXTIF -j DROP
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state  ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $INTIF -p tcp --dport 20:21 -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 20:21 -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 5901 -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 6881:6999 -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 56789 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 20:21 -j DNAT --to-destination 192.168.0.3
iptables -t nat -A PREROUTING -p tcp --dport 5900 -j DNAT --to-destination 192.168.0.2:5901
iptables -t nat -A PREROUTING -p tcp --dport 6881:6999 -j DNAT --to-destination 192.168.0.2
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Last edited by hazmatt20; 10-09-2006 at 03:13 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dynamic web pages bussandtech Linux - Newbie 2 12-28-2005 06:36 PM
ADSL Router Web configuration pages appears instead of Personal Web Server Pages procyon Linux - Networking 4 12-20-2004 06:44 PM
some web pages are not web opening in linux emailssent Linux - Networking 4 09-19-2004 07:28 AM
I can't login to web pages ybc Mandriva 2 04-18-2004 04:10 PM
Can't access Linux web server web pages from LAN client jaydave Linux - Networking 4 03-16-2003 03:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration