On Sun, Oct 19, 2003 at 10:29:38PM -0500, lrnobs wrote: > It is behind a Dlink router. When online the port 80 coming in will be > directed to 8080 internally which Tomcat is using. I haven't opened it up > for full time Internet access, until I get some things secure and > working. My internal network access via 192.168.0.X cannot connect to the > web site once I load this particular firewall. > > Is the > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT DROP
Sorry, my bad. The policy statements are right there near the beginning where it should be. The lack of comments in the script makes it harder to follow than it should be.
Just so I get it right, I assume since there is only one nic declared in the ruleset that the Dlink is providing NAT for the LAN?
Jack,
I think the answer is yes. The configuration is dsl to dlink router, dlink router to hub. Internal pcs have 192.168.0.X addresses. Once things are prepared the dlink router will allow public port 80 to route to internal port 8080 and will point to a specific internal pc, which has one network board and a 192.168.0.X address.
Comments for the script are at: http://www.sns.ias.edu/~jns/security/iptables/rules.html
When I first tried using the script I had errors. I could not identify them so I just retyped the script line by line testing it every few lines until it ran without errors. I had one typo in the original script and the script would fail on a "\" character that the author had in the text when dealing with UP_PORTS. So I didn't retype the comments. I'll try reusing the original script later tonight.
Thanks,
Larry Nobs
-- Jack Bowling mailto: jbinpg@xxxxxxx
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
