RE: linux security/network issue....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



steven...

thanks for the input.... sorry.. the ip address wasn't my real address!!!
however, the following is the output of the commands that you suggested...
everything looks ok.. but i'm new to Linux...

do i have to shut Linux down before these changes go into effect....??

after stopping the iptables.. i tried to hit my external server.. no
change... any other suggestions!!! i've been playing with this for 2-3 days
now!!! and frankly.. i'm not sure why this is an issue.. and windows
isn't!!!

-bruce
bedouglas@earthlink.net


[root@lserver2 root]# ps -ef | grep httpd
root      9694     1  0 Jan16 ?        00:00:24 Xvnc :1 -desktop X -httpd
/usr/s
root      9847     1  0 Jan16 ?        00:01:57 Xvnc :2 -desktop X -httpd
/usr/s
root     11040     1  0 20:57 ?        00:00:01 /usr/sbin/httpd
apache   11043 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11044 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11045 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11046 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11047 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11048 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11049 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
apache   11050 11040  0 20:57 ?        00:00:00 /usr/sbin/httpd
root     11054     1  0 21:11 ?        00:00:00 redhat-config-httpd
root     11142  9858  0 23:03 pts/2    00:00:00 grep httpd
[root@lserver2 root]# netstat -natp | grep httpd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
11040/httpd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
11040/httpd
[root@lserver2 root]# tcdump -i eth0 port 80
-bash: tcdump: command not found
[root@lserver2 root]# tcpdump -i eth0 port 80
tcpdump: listening on eth0
23:05:03.536575
1 packets received by filter
0 packets dropped by kernel
[root@lserver2 root]#
[root@lserver2 root]#
[root@lserver2 root]#
[root@lserver2 root]# service iptables stop
Flushing all chains:                                       [  OK  ]
Removing user defined chains:                              [  OK  ]
Resetting built-in chains to the default ACCEPT policy:    [  OK  ]
[root@lserver2 root]# service iptables stop
Flushing all chains:                                       [  OK  ]
Removing user defined chains:                              [  OK  ]
Resetting built-in chains to the default ACCEPT policy:    [  OK  ]
[root@lserver2 root]#
[root@lserver2 root]#

-----Original Message-----
From: psyche-list-admin@redhat.com
[mailto:psyche-list-admin@redhat.com]On Behalf Of Stephen Carville
Sent: Saturday, January 18, 2003 11:51 AM
To: psyche-list@redhat.com
Subject: Re: linux security/network issue....


Are those really your addresses?  Dig reports the SOA as:

222.12.in-addr.arpa.    10800   IN      SOA     ns4.asp.att.net.
hostmaster.ns.asp.att.net. 2001101603 10800 3600 604800 604800

222.198.in-addr.arpa.   3497    IN      SOA     afnoc.af.mil.
dnsman.afnoc.af.mil. 2002062501 10800 1800 604800 3540

(# == as root or with sudo, $ == doesn't matter)

Check that httpd is running.

$ ps -ef | grep httpd

root     26838     1  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26841 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26842 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26843 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26844 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26845 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26846 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26847 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
apache   26848 26838  0 09:22 ?        00:00:00 /usr/sbin/httpd
stephen  27289 27234  0 11:40 pts/0    00:00:00 grep httpd

Then make sure Linux is listening on the correct port and interface

# netsat -natp | grep httpd.

tcp        0      0 0.0.0.0:80              0.0.0.0:*
LISTEN      26838/httpd

tcp        0      0 0.0.0.0:443             0.0.0.0:*
LISTEN      26838/httpd


If both if both of the above are true, use tcpdump to determine if the
traffic is really getting to the linux box

# tcpdump -i eth0 port 80

If httpd is up and running on the correct port and the traffic is
getting thru, the problem is probably the RH firewalling.  Try turin
ing it off:

# service iptables stop

On Saturday 18 January 2003 10:57 am, Bruce Douglas wrote:
> hi...
>
> I have an issue that I believe points to Linux network security.
> I'm trying to set my network up to allow external users view my
> internal Apache server. My network setup is as follows:
>
>
>
> he Setup:
>
> 	+----------------+
>
> 	| External World |
>
> 	+----------------+
> 	         ^
>
> 	         |(12.222.33.11)
>
> 	         v
> 	+-----------------+
>
> 	| Firewall/Router | (198.222.33.1)
> 	|    (Linksys)    |<--------------+
>
> 	+-----------------+               |
>
>                                         | (Internal Network)
>
>                                         v
>                 +------------------------------------------+
>
>
>                 v                                          v
>            +--------------+                       +---------------+
>
>            |  Linux Box   | (192.222.33.4)        | Windows 2K
>
> Box|(192.222.33.5)
>
>            |   (Apache)   |                       |    (Apache)   |
>            |
>            |              |                       |  (PuTTY)      |
>
>            +--------------+                       |               |
>                                                   +---------------+
>
>
> If I configure my router to do port forwarding with Port 80
> pointing to the Windows Box with Apache, external users can view
> the server. If I change the router/port forwarding to point to the
> Linux Box/Apache server, the user is unable to access the Apache
> server. A quick review of the Apache log files does not reveal a
> hit to the server. This seems to indicate that the request from the
> external user didn't "get" to the Apache server.
>
> I'm begining to believe that the real issue has to do with how the
> Linux box is configured to accept/handle network communications.
> I'm able to look at the linux Apache server from other boxes within
> my network, provided I use the internal (192.XX) address. So the
> Apache server is working properly.
>
> So my question: How do I expand the IP addresses that are able to
> access the Linux Box? Or, might there perhaps be another problem?
> I'm realtively new to the world of Linux. I have RH 8.0 with the
> Gnome GUI. Pointers/assistance to whatever functions/commands would
> be appreciated!!
>
>
> Thanks
>
> Bruce Douglas
> bedouglas@earthlink.net
>
>
>
>
>
>
> -----Original Message-----
> From: psyche-list-admin@redhat.com
> [mailto:psyche-list-admin@redhat.com]On Behalf Of
> mlist.redhat.psyche@urs.us
> Sent: Saturday, January 18, 2003 10:02 AM
> To: psyche-list@redhat.com
> Subject: Re: Mozilla 1.2.1 fails to start
>
>
> ==> "wh" == Wade Hampton <wade.hampton@nsc1.net> writes:
>
>     wh> Folks, I have a strange problem.  I updated RH8 to the
> latest wh> packages and to Mozilla 1.2.1 xft
> (mozilla-1.2.1-0_rh8_xft). wh> All seemed OK until this morning.
> When I went to start wh> mozilla, it would not start initially
>
> I've also had mozilla-won't-start problems.  I wasn't sure of
> the initial cause, but I traced it to a corrupted 'XUL.mfasl' file
> in the profile directory.  If I deleted this file, mozilla
> started again.
>
> Carl

--
Stephen Carville http://www.heronforge.net/~stephen/gnupgkey.txt
Blessed are those who, in the face of death, think only of the front
sight.



--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list



-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list

[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux