Le ven 18/07/2003 à 23:41, thomas krause a écrit : > Hello , i tried to set up an IPTables Router for my Webserver. All > hosts have has an official IP Adress. The eth0 of the Router is in > iptables -P FORWARD DROP > iptables -A FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT > > iptables -P OUTPUT ALLOW > > Will this work ? O.K. Iam a Newbie but i will learn ! No, you just authorize packet to port 80 and what happened to return packet to have this working you have to add a rules using STATE, ie accept all packet of the connection (and in particular response packet) : iptables -P FORWARD DROP iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT iptables -A FORWARD -s 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT BR, -- Eric Leblond <eric@xxxxxxxxx>
Attachment:
signature.asc
Description: Ceci est une partie de message=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
