Re: iptables setup: masq, opening ports, security

To: debian-russian <debian-russian@lists.debian.org>
Subject: Re: iptables setup: masq, opening ports, security
From: Andrey Nekrasov <andy@spylog.ru>
Date: Wed, 11 Dec 2002 18:05:23 +0300
Message-id: <[🔎] 20021211150523.GA1018@an.local>
Mail-followup-to: debian-russian <debian-russian@lists.debian.org>
In-reply-to: <[🔎] 3DF74C0C.3020703@hot.ee>
References: <[🔎] 3DF4CA1B.90101@hot.ee> <[🔎] 20021211103841.GA1584@mirkwood.office2.investigator.ru> <[🔎] 000701c2a103$0eb63070$0d0ba8c0@jar> <[🔎] 20021211105731.GB1584@mirkwood.office2.investigator.ru> <[🔎] 3DF723FB.1030502@hot.ee> <[🔎] 20021211120106.GC1584@mirkwood.office2.investigator.ru> <[🔎] 3DF74C0C.3020703@hot.ee>

Здравствуйте.

Странные правила.

  Chain INPUT (policy DROP)
  target     prot opt source               destination
  ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

  все. зачем остальные - ты уже всех впустил :)

  В "OUTPUT" подобное.


Сотри свой скрипт, прочитай
/usr/share/doc/iptables/html/packet-filtering-HOWTO.html

Пункт "5. Rusty's Really Quick Guide To Packet Filtering"

Поменяй имя интерфейса и добавь правила для своих сервисов.


> А где?! Ведь апач и sendmail у меня независимо от xinetd, там, значит,
> все в порядке... Трафик по маскараду идет, значит, входящие соединения 
> разрешаются, если есть соответствующее исходящее...

 Вот именно.

 Apache/sendmail/... должны биндиться на внешний интерфейс с реальным адресом.
 Или NAT настрой.

-- 
Any statement is incorrect.

Reply to:

Follow-Ups:
- Re: iptables setup: masq, opening ports, security
  - From: Andrei Sosnin <demonsly@hot.ee>

References:
- iptables setup: masq, opening ports, security
  - From: Andrei Sosnin <demonsly@hot.ee>
- Re: iptables setup: masq, opening ports, security
  - From: "Vasiliy 'Druid' Misharev" <druid@ice.ru>
- Re: iptables setup: masq, opening ports, security
  - From: "Dmitriy Sirant" <lex@paradise.net.ua>
- Re: iptables setup: masq, opening ports, security
  - From: "Vasiliy 'Druid' Misharev" <druid@ice.ru>
- Re: iptables setup: masq, opening ports, security
  - From: Andrei Sosnin <demonsly@hot.ee>
- Re: iptables setup: masq, opening ports, security
  - From: "Vasiliy 'Druid' Misharev" <druid@ice.ru>
- Re: iptables setup: masq, opening ports, security
  - From: Andrei Sosnin <demonsly@hot.ee>

Prev by Date: Re: iptables setup: masq, opening ports, security
Next by Date: Re: iptables setup: masq, opening ports, security
Previous by thread: Re: iptables setup: masq, opening ports, security
Next by thread: Re: iptables setup: masq, opening ports, security
Index(es):
- Date
- Thread