Re: IPTABLES and Apache ProxyPass

[Lionel Fairon <lfairon@xxxxxxxx>]

You should enable stateful packet inspection on both INPUT an OUTPUT, as the communications between your reverse proxy and the origin server are not included in your rules: OUTPUT any, but responses (received on INPUT) are only accepted if sent to... Port 80 or 443. Responses are sent to the original source port (>1024)

Iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT

Envoyé de mon iPad

Le 18 May 2015 à 08:35, "Kevin Caliati" <kcaliati@xxxxxxxxx> a écrit :

Hi everyone,

I posted my issue on stackoverflow but nobody answer me.

I have a webserver secured with iptables :

iptables -L -v
Chain INPUT (policy DROP 67 packets, 8002 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   62  4648 ACCEPT     tcp  --  any    any     192.168.200.0/24     anywhere            tcp dpt:ssh 
    0     0 ACCEPT     tcp  --  any    any     192.168.200.0/24     anywhere            tcp dpt:ndmp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:http 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:https 
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere            

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 30 packets, 4600 bytes)
 pkts bytes target     prot opt in     out     source               destination

I also have some ProxyPass and ProxyPassReverse configurations in httpd.conf file.

If I stop iptables service, the ProxyPass configuration is working but when it's up it failed.

Which iptables configuration should I set ?