[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: ipchains & rinetd

It turns out that the reason I couldn't access my web page from the outside
is my ISP is blocking packets going to port 80. If I use another port it
works fine! Thanks to those who responded and tried to help!

Bruce

-----Original Message-----
From: Bodnyk, Bruce W [mailto:BBodnyk@fciconnect.com]
Sent: Monday, April 01, 2002 8:29 AM
To: debian-user@lists.debian.org
Subject: ipchains & rinetd


I have a GNU/Linux machine set up at home as my firewall. Behind the
firewall on
my home network I have several machines one of which is another GNU/Linux
machine on which I'm running the Apache web server. I'm trying to set the
firewall
up so the web server is available from the outside. I also am allowing
telnet access
to the firewall but will eventually limit it to access from my computer at
work and
change to ssh.

I've been able to telnet into the firewall but have been unable to access my
web server
from outside. My ipchains are as follows:

:input ACCEPT
:forward DENY
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 0:1023 -i ppp+ -p 17 -j DENY
-l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -i ppp+ -p 6 -j ACCEPT
-l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 23:23 -i ppp+ -p 6 -j ACCEPT
-l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 0:1023 -i ppp+ -p 6 -j DENY
-l
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i ppp+ -p 6 -j DENY -l -y
-A input -s 0.0.0.0/0.0.0.0 8:8 -d 0.0.0.0/0.0.0.0 -i ppp+ -p 1 -j DENY -l
-A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j MASQ

I'm also running rinetd and the rinetd.conf file contains:

# bindadress    bindport  connectaddress  connectport
0.0.0.0		80	  192.168.0.4	  80

I believe the ipchains are correct to allow me to access my web server
(192.168.0.4) but
am unsure the rinetd.conf is set correctly. Any help would be appreciated.

Thanks!
Bruce

Bruce W. Bodnyk
Staff Engineer, CAE Development
FCI Electronics
825 Old Trail Road
Etters, PA 17319-9351

Phone: (717) 938-7543
Fax: (717) 938-7224
E-Mail: bbodnyk@fciconnect.com



-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: