Is your webserver on your firewall?
Also your rule for port 80....you're source port is wrong. Remember if I were to access your webpage on your server I will be coming in with a source port that my OS has given me. So instead of source port change it to destination port cause that is were you request is going?
Also I would suggest moving your webserver to another server behind your firewall.
Just my 5 cents.
PS:
You could also set your OUTPUT Policy to default ACCEPT, but if your really paranoid then just make it DROP
-----Original Message-----
From: Chris Barnes [mailto:runtimeerror@bigpond.com]
Sent: 17 02 2003 09:43 AM
To: Netfilter
Subject: newbie problem
hi people i'm new to the list.
anyway, I have a very simple firewall on a web server. I want to deny access to everything except the web server (port 80)
i have set the poilcy on all chains to drop and i have added a rule to the input chain which says
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
i've done it like this because the web server has 2 interfaces (eth0 and
eth1) which i would like to have access to the server (eth0 is local 10.3.2.0/24 and eth1 is external)
i also made a rule for output
iptables -A OUTPUT -p tcp -j ACCEPT
the problem is that nothing can get to the web server...the packets are being dropped...i checked the counters and none of the rules counted any packets or bytes so the packets are being dropped before the rules.
what am i doing wrong or what is a better way to do this?
thanks heaps for your help.
