| View previous topic :: View next topic |
| Author |
Message |
linderox
n00b
Joined: 03 Jun 2007
Posts: 41
|
 Posted: Mon Dec 17, 2007 11:44 am Post subject: Apache and iptables for external Network |
 |
|
Please show me why my Gentoo Apache server is not aviliable from the external Network
here is my IPTABLES rules
| Code: |
#!/bin/sh
#clear all chains
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port smtp -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port ssh -j ACCEPT
iptables -P INPUT DROP
# ati
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port 20003 -j ACCEPT
iptables -A FORWARD -s 10.0.3.2 -j ACCEPT
iptables -A FORWARD -s 10.0.3.3 -j ACCEPT
iptables -A FORWARD -d 10.0.3.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p icmp -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port https -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port 5190 -j ACCEPT
iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
|
here is my /etc/apache2/http.conf
| Code: |
ServerRoot "/usr/lib/apache2"
PidFile "/var/run/apache2.pid"
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 10.0.3.1:80
LoadModule access_module modules/mod_access.so
#
#LOTS of DIFFERENT STUFF HERE!
#
Include /etc/apache2/modules.d/*.conf
User apache
Group apache
ServerAdmin stssar_adm@stslogistics.net
ServerName www.stssar
UseCanonicalName Off
DirectoryIndex index.php index.html index.html.var
AccessFileName .htaccess
TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost
CustomLog logs/access_log common
ServerTokens Prod
ForceLanguagePriority Prefer Fallback
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
Include /etc/apache2/vhosts.d/*.conf
|
|
|
| Back to top |
|
 |
papahuhn
l33t
Joined: 06 Sep 2004
Posts: 626
|
| Posted: Mon Dec 17, 2007 11:46 am Post subject: |
|
|
| Code: | | iptables -A INPUT -i ppp0 -p tcp --destination-port http -j ACCEPT |
maybe?
_________________
Death by snoo-snoo! |
|
| Back to top |
|
|
linderox
n00b
Joined: 03 Jun 2007
Posts: 41
|
| Posted: Wed Dec 19, 2007 1:27 pm Post subject: |
|
|
| no. it is desn't work! |
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Wed Dec 19, 2007 3:23 pm Post subject: |
|
|
iptables -A INPUT -i ppp0 -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state NEW -p tcp --dport 443 -j ACCEPT
I assume that your apache server is on maching with iptables.
btw papahuhn rule is correct.
ps your apache is listening ONLY on local IP. Change it if you want external access.
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
|
Networking & Security
