[Cialug] Allowing web traffic through firewall
Sean Flattery
sean.r.flattery at gmail.com
Mon Apr 24 13:40:26 CDT 2017
That depends entirely upon how the rest of your network is setup. I'm
going to make a whole truckload of guesses about your network here...
Your firewall is internet facing with eth0 to the public. Eth1 goes to
your web server, or something that passes traffic to your web server.
*Assuming
that's correct,* then requests from the public (eth0) would get dropped
instead of being forwarded to your web server off eth1. You also may want
to restrict outbound connections from eth1 to the internet for security
reasons.
Sean Flattery
-------------------------------------------------------------
Date: Mon, 24 Apr 2017 08:43:27 -0500
From: Tom Sellers <tsellers2009 at gmail.com>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Subject: [Cialug] Allowing web traffic through firewall
Message-ID:
<CAGMb6GTrAuAuD+j44vBpNSNYytVYf_fWD9vHa-Gdiv51UHyAOA at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Does the first entry in this firewall iptables block traffic to my web
server? It appears to me that the "NEW" portion would do so.
Chain FORWARD (policy DROP 138 packets, 5575 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth0 any anywhere anywhere ctstate
INVALID,NEW
0 0 DROP tcp -- any any anywhere
anywhere multiport dports
epmap,netbios-ns:netbios-ssn,microsoft-ds
9 702 DROP udp -- any any anywhere
anywhere multiport dports
epmap,netbios-ns:netbios-ssn,microsoft-ds
51M 59G ACCEPT all -- any any anywhere
anywhere ctstate RELATED,ESTABLISHED
102K 8792K ACCEPT all -- eth1 any anywhere
anywhere ctstate NEW
More information about the Cialug
mailing list