Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So its not allowing to initiate a connection (SYN) from the outside. Try adding a rule -d $SECUREHOST158:80 -s $ANY $UNPRIVPORTS -j ACCEPT
, no TCP connection flags, and add logging to see if it sticks.
IIRC, ANY=0.0.0.0 and UNPRIVPORTS=1204:60000
Hi ,
There is some confusion i am unable to understand weather your webserver is on real ip address or on fake ip address as you say that u are running it behind the firewall then u just need a packet forwarder runing on your firewall u can use "ipmasqadm"
command to redirect all 80 traffic on your secure webserver machine it means your firewall machine listening on port 80 but there is no webserver runing there webserver will be running on separate secure machine your firewall just redirecting all connections comming on port 80 to your secure machine for this purpose u can use any tcp_redirector programme
Then set your ipchains rules as follows.
ipchains -A input -p tcp -s 0/0 --sport 1023:65535 -d firewalls_ip_address --dport 80 -j ACCEPT
ipchains -A output -p tcp -s firewalls_ip_address --sport 80 -d 0/0 -j ACCEPT
This works well, but can be slow over high loads, so don't use it on anything higher then a E1 line.
If you can afford an E1 then route the packets with ip routing.
Obviously don't let anything on the firewall take port 80 like an Apache install, or it gets first choice.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.