-   Mandriva (
-   -   Mandrake 10: Issues with "higher" security setting and web server (

maverick106 04-07-2004 12:22 PM

Mandrake 10: Issues with "higher" security setting and web server
Hi all.

I'm not entirely new to linux, but this is certainly my first time attempting to set up a fairly secure server. I have Mandrake 10.0 installed, and am running the apache2 web server that is installed with the distro. I have copied all of my files over, modified the httpdcommon.conf file, and was still getting a 403 Forbidden error when attempting to go to the page from an external box. However, i noticed that if i moved the security setting down to "High" instead of "Higher", i was able to access the web page fine. \

I guess I don't really know enough about what the security settings are changing, but I need this box to be as secure as possible. I haven't been able to find any really good documentation on what the specific differences are between each of the security settings...can anyone help?

Redeye2 04-07-2004 12:28 PM

I suppose it's blocking the port 80 which is the one web servers use to communicate (in this case apache). Maybe you'll want to find and install a firewall that blocks every other port except those you definetely need and keep using the high setting on the mandrake security feature. Look for one in

maverick106 04-07-2004 12:39 PM

I thought the same thing, but running nmap on localhost shows that port 80 is open for i wrong in assuming that nmap can accurately show me which ports are actually open to connections?

Redeye2 04-07-2004 01:01 PM

Then it must the ports for the data that's going out. Because HTTP listens on port 80, but it sends data over other free ports 1800+ or so I think.
So I think that your server listens and connects on port 80 but can't send data back because the higher security settings won't allow it to acquire those out ports. Just a guess obviously :)

maverick106 04-07-2004 01:10 PM

hmm, interesting. The only ports i see open are 22, 80, and 111, so that very well could be true. How do i go about changing that in mandrake? I assume i have to manually set some port to be the output port, or give httpd access to opening output ports...

Redeye2 04-07-2004 04:49 PM

The HTTP protocol automatically finds and assigns a free port to that connection which then it also automatically closes once it has transmitted the files. Which is to say that is doesn't open a permanent channel, it just opens, transmits and closes (that's why you have to use JSP sometimes if you need a persistent connection).
First, I'd say that you verify that connections are actually established on port 80. To see that:
1) In a console type netstat
2) Check if the port 80 is listening
3) Try to access a webpage on your computer and inmediately type netstat again. You should see that instead of listening, it should established, time wait, or something like that. It means that you had a connection (or currently have) which was established.

Once that is off the way, do the same but now with the mandrake firewall High settings (the ones that let you see the webpage) and do the same thing. But now it should state that other port (which wasn't there in netstat before), has been opened and it's status is established, time wait or whatever. That was the port used to send data to the client.
Up to this point you should be pretty much aware if mandrake is indeed blocking the out port, or the problem is still on port 80.
Keep replying until it works :)

maverick106 04-26-2004 10:39 AM

I'd like to re-open this thread...i was out of town for a few weeks, and am now back to working on this server :-/

Anyway, I did the netstat tests suggested above, and found something interesting, though i'm not sure what to make of it.

When mandrake is set to 'high' (lower setting that it is allowing web access from) and I open a web page on the server, it establishes 2 connections as random high numbered ports. When i turn it up to 'higher', it only establishes one high numbered port for output, and, of course, does not allow access to the page. What could this indicate?

All times are GMT -5. The time now is 08:14 AM.