apache2 behind firewall / gateway / router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!

I have apache2 behind a firewall / gateway / router. 
I want to setup firewall so, that one can it reach from the internet.

I red the documentations:
Linux 2.4 Packet Filtering HOWTO from Rusty Russell
Linux 2.4 NAT HOWTO from Rusty Russell
man iptables
Setting up a simple Debian gateway
<http://www.debian-administration.org/articles/23>
etc.

I setup my firewall-gateway so I can:
to browse the internet, from the box behind firewall,
to use ekiga, gaim,
but one can't to reach from the internet my apache2 server on that box behind 
firewall.

I have a public IP, a registered domain name: csanyi-pal.info.

The iptables rules in iptables-save file on firewall are:
-------------------------------------------------------->
# Generated by iptables-save v1.3.6 on Mon Jul 16 15:18:29 2007
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Jul 16 15:18:29 2007
# Generated by iptables-save v1.3.6 on Mon Jul 16 15:18:29 2007
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Jul 16 15:18:29 2007
# Generated by iptables-save v1.3.6 on Mon Jul 16 15:18:29 2007
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ! ppp0 -m state --state NEW -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 25 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 5060 -j ACCEPT
-A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o ppp0 -j ACCEPT
-A FORWARD -i ppp0 -o ppp0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Jul 16 15:18:29 2007
--------------------------------------------------------<

My ISP has a weird setup; to connect to ISP, I must use pptp-linux, and
iproute:

interfaces:
----------->
auto eth0 sks-tunnel

iface eth0 inet dhcp

iface sks-tunnel inet ppp
        provider sks-tunnel
        up /etc/network/ip-up
        down /etc/network/ip-down

# connection to LAN

auto eth1

iface eth1 inet static
        address 192.168.1.1
        netmask 255.255.255.0
-----------<

ip-up file:
----------->
#!/bin/sh

echo "Wait 10 seconds to ppp0 bringing up.."
sleep 10

ip route add 192.168.16.1 via 192.168.70.1 dev eth0
ip route replace default dev ppp0

echo "Set up the firewall."
iptables-restore < /etc/network/IPTABLES_rules

# set up forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
-----------<

My question is: how to set up the DNAT with iptables in my case, so one
can to reach from the internet my apache2 server behind the firewall?

Any advices will be appreciated!

-- 
Regards, Paul Csányi
http://www.freewebs.com/csanyi-pal/index.htm


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux