WEB server

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	sendmail configuration on redhat
•	kernel 2 6 and /dev/sound/mixer not found
•	Promise 378 controller
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	Lotus Notes under Wine
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	rpm database corrupt
•	Command stream end of file while reading
•	qla2300 modules

WEB server

WEB server

2007-07-03 - By Mad Unix

Back
Hi all,

I am hosting a webservices to the public, the webserver got 2x interfaces;
one pointing to my network LAN (10.x.x.x)
and the other one connecting to the DMZ 192.168.10.x of the PIX.

Inside PIX I blocked every protocol except WWW and DNS.
>From inside the LAN I did the following rules to allow outgoing ssh, Oracle
ports, www, ... from the private network.
I want to add more rules via iptableas to _protect_ my internal LAN from the
public packets. i.e
to block any forwarded packets to my internal lan.

Routing table of the web server:
-- ---- ---- ---- ---- ---- ---- ---- ---- -----
Destination Gateway Genmask Iface
10.5.0.0 0.0.0.0 255.255.0.0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 eth1
192.168.0.0 0.0.0.0 255.255.0.0 eth1
10.0.0.0 10.5.0.1 255.0.0.0 eth0
0.0.0.0 192.168.10.1 0.0.0.0 eth1

IPTABLES
-- ---- ---- ---
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1 (See http://all-1.ora-code.com)-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1 (See http://all-1.ora-code.com)-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1 (See http://all-1.ora-code.com)-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:1521
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

--
madunix
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list