steven... thanks for the input.... sorry.. the ip address wasn't my real address!!! however, the following is the output of the commands that you suggested... everything looks ok.. but i'm new to Linux... do i have to shut Linux down before these changes go into effect....?? after stopping the iptables.. i tried to hit my external server.. no change... any other suggestions!!! i've been playing with this for 2-3 days now!!! and frankly.. i'm not sure why this is an issue.. and windows isn't!!! -bruce bedouglas@earthlink.net [root@lserver2 root]# ps -ef | grep httpd root 9694 1 0 Jan16 ? 00:00:24 Xvnc :1 -desktop X -httpd /usr/s root 9847 1 0 Jan16 ? 00:01:57 Xvnc :2 -desktop X -httpd /usr/s root 11040 1 0 20:57 ? 00:00:01 /usr/sbin/httpd apache 11043 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11044 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11045 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11046 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11047 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11048 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11049 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd apache 11050 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd root 11054 1 0 21:11 ? 00:00:00 redhat-config-httpd root 11142 9858 0 23:03 pts/2 00:00:00 grep httpd [root@lserver2 root]# netstat -natp | grep httpd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11040/httpd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11040/httpd [root@lserver2 root]# tcdump -i eth0 port 80 -bash: tcdump: command not found [root@lserver2 root]# tcpdump -i eth0 port 80 tcpdump: listening on eth0 23:05:03.536575 1 packets received by filter 0 packets dropped by kernel [root@lserver2 root]# [root@lserver2 root]# [root@lserver2 root]# [root@lserver2 root]# service iptables stop Flushing all chains: [ OK ] Removing user defined chains: [ OK ] Resetting built-in chains to the default ACCEPT policy: [ OK ] [root@lserver2 root]# service iptables stop Flushing all chains: [ OK ] Removing user defined chains: [ OK ] Resetting built-in chains to the default ACCEPT policy: [ OK ] [root@lserver2 root]# [root@lserver2 root]# -----Original Message----- From: psyche-list-admin@redhat.com [mailto:psyche-list-admin@redhat.com]On Behalf Of Stephen Carville Sent: Saturday, January 18, 2003 11:51 AM To: psyche-list@redhat.com Subject: Re: linux security/network issue.... Are those really your addresses? Dig reports the SOA as: 222.12.in-addr.arpa. 10800 IN SOA ns4.asp.att.net. hostmaster.ns.asp.att.net. 2001101603 10800 3600 604800 604800 222.198.in-addr.arpa. 3497 IN SOA afnoc.af.mil. dnsman.afnoc.af.mil. 2002062501 10800 1800 604800 3540 (# == as root or with sudo, $ == doesn't matter) Check that httpd is running. $ ps -ef | grep httpd root 26838 1 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26841 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26842 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26843 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26844 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26845 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26846 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26847 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd apache 26848 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd stephen 27289 27234 0 11:40 pts/0 00:00:00 grep httpd Then make sure Linux is listening on the correct port and interface # netsat -natp | grep httpd. tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 26838/httpd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 26838/httpd If both if both of the above are true, use tcpdump to determine if the traffic is really getting to the linux box # tcpdump -i eth0 port 80 If httpd is up and running on the correct port and the traffic is getting thru, the problem is probably the RH firewalling. Try turin ing it off: # service iptables stop On Saturday 18 January 2003 10:57 am, Bruce Douglas wrote: > hi... > > I have an issue that I believe points to Linux network security. > I'm trying to set my network up to allow external users view my > internal Apache server. My network setup is as follows: > > > > he Setup: > > +----------------+ > > | External World | > > +----------------+ > ^ > > |(12.222.33.11) > > v > +-----------------+ > > | Firewall/Router | (198.222.33.1) > | (Linksys) |<--------------+ > > +-----------------+ | > > | (Internal Network) > > v > +------------------------------------------+ > > > v v > +--------------+ +---------------+ > > | Linux Box | (192.222.33.4) | Windows 2K > > Box|(192.222.33.5) > > | (Apache) | | (Apache) | > | > | | | (PuTTY) | > > +--------------+ | | > +---------------+ > > > If I configure my router to do port forwarding with Port 80 > pointing to the Windows Box with Apache, external users can view > the server. If I change the router/port forwarding to point to the > Linux Box/Apache server, the user is unable to access the Apache > server. A quick review of the Apache log files does not reveal a > hit to the server. This seems to indicate that the request from the > external user didn't "get" to the Apache server. > > I'm begining to believe that the real issue has to do with how the > Linux box is configured to accept/handle network communications. > I'm able to look at the linux Apache server from other boxes within > my network, provided I use the internal (192.XX) address. So the > Apache server is working properly. > > So my question: How do I expand the IP addresses that are able to > access the Linux Box? Or, might there perhaps be another problem? > I'm realtively new to the world of Linux. I have RH 8.0 with the > Gnome GUI. Pointers/assistance to whatever functions/commands would > be appreciated!! > > > Thanks > > Bruce Douglas > bedouglas@earthlink.net > > > > > > > -----Original Message----- > From: psyche-list-admin@redhat.com > [mailto:psyche-list-admin@redhat.com]On Behalf Of > mlist.redhat.psyche@urs.us > Sent: Saturday, January 18, 2003 10:02 AM > To: psyche-list@redhat.com > Subject: Re: Mozilla 1.2.1 fails to start > > > ==> "wh" == Wade Hampton <wade.hampton@nsc1.net> writes: > > wh> Folks, I have a strange problem. I updated RH8 to the > latest wh> packages and to Mozilla 1.2.1 xft > (mozilla-1.2.1-0_rh8_xft). wh> All seemed OK until this morning. > When I went to start wh> mozilla, it would not start initially > > I've also had mozilla-won't-start problems. I wasn't sure of > the initial cause, but I traced it to a corrupted 'XUL.mfasl' file > in the profile directory. If I deleted this file, mozilla > started again. > > Carl -- Stephen Carville http://www.heronforge.net/~stephen/gnupgkey.txt Blessed are those who, in the face of death, think only of the front sight. -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
