Bruce Douglas writes.... > > steven... > > thanks for the input.... sorry.. the ip address wasn't my real address!!! > however, the following is the output of the commands that you suggested... > everything looks ok.. but i'm new to Linux... > > do i have to shut Linux down before these changes go into effect....?? > > after stopping the iptables.. i tried to hit my external server.. no > change... any other suggestions!!! i've been playing with this for 2-3 days > now!!! and frankly.. i'm not sure why this is an issue.. and windows > isn't!!! Probably not it, cause by default you 'should' be okay. But make sure /etc/hosts.deny and /etc/hosts.deny are empty (except for comments maybe.) --JC > > -bruce > bedouglas@earthlink.net > > > [root@lserver2 root]# ps -ef | grep httpd > root 9694 1 0 Jan16 ? 00:00:24 Xvnc :1 -desktop X -httpd > /usr/s > root 9847 1 0 Jan16 ? 00:01:57 Xvnc :2 -desktop X -httpd > /usr/s > root 11040 1 0 20:57 ? 00:00:01 /usr/sbin/httpd > apache 11043 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11044 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11045 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11046 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11047 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11048 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11049 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > apache 11050 11040 0 20:57 ? 00:00:00 /usr/sbin/httpd > root 11054 1 0 21:11 ? 00:00:00 redhat-config-httpd > root 11142 9858 0 23:03 pts/2 00:00:00 grep httpd > [root@lserver2 root]# netstat -natp | grep httpd > tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN > 11040/httpd > tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN > 11040/httpd > [root@lserver2 root]# tcdump -i eth0 port 80 > -bash: tcdump: command not found > [root@lserver2 root]# tcpdump -i eth0 port 80 > tcpdump: listening on eth0 > 23:05:03.536575 > 1 packets received by filter > 0 packets dropped by kernel > [root@lserver2 root]# > [root@lserver2 root]# > [root@lserver2 root]# > [root@lserver2 root]# service iptables stop > Flushing all chains: [ OK ] > Removing user defined chains: [ OK ] > Resetting built-in chains to the default ACCEPT policy: [ OK ] > [root@lserver2 root]# service iptables stop > Flushing all chains: [ OK ] > Removing user defined chains: [ OK ] > Resetting built-in chains to the default ACCEPT policy: [ OK ] > [root@lserver2 root]# > [root@lserver2 root]# > > -----Original Message----- > From: psyche-list-admin@redhat.com > [mailto:psyche-list-admin@redhat.com]On Behalf Of Stephen Carville > Sent: Saturday, January 18, 2003 11:51 AM > To: psyche-list@redhat.com > Subject: Re: linux security/network issue.... > > > Are those really your addresses? Dig reports the SOA as: > > 222.12.in-addr.arpa. 10800 IN SOA ns4.asp.att.net. > hostmaster.ns.asp.att.net. 2001101603 10800 3600 604800 604800 > > 222.198.in-addr.arpa. 3497 IN SOA afnoc.af.mil. > dnsman.afnoc.af.mil. 2002062501 10800 1800 604800 3540 > > (# == as root or with sudo, $ == doesn't matter) > > Check that httpd is running. > > $ ps -ef | grep httpd > > root 26838 1 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26841 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26842 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26843 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26844 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26845 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26846 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26847 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > apache 26848 26838 0 09:22 ? 00:00:00 /usr/sbin/httpd > stephen 27289 27234 0 11:40 pts/0 00:00:00 grep httpd > > Then make sure Linux is listening on the correct port and interface > > # netsat -natp | grep httpd. > > tcp 0 0 0.0.0.0:80 0.0.0.0:* > LISTEN 26838/httpd > > tcp 0 0 0.0.0.0:443 0.0.0.0:* > LISTEN 26838/httpd > > > If both if both of the above are true, use tcpdump to determine if the > traffic is really getting to the linux box > > # tcpdump -i eth0 port 80 > > If httpd is up and running on the correct port and the traffic is > getting thru, the problem is probably the RH firewalling. Try turin > ing it off: > > # service iptables stop > > On Saturday 18 January 2003 10:57 am, Bruce Douglas wrote: > > hi... > > > > I have an issue that I believe points to Linux network security. > > I'm trying to set my network up to allow external users view my > > internal Apache server. My network setup is as follows: > > > > > > > > he Setup: > > > > +----------------+ > > > > | External World | > > > > +----------------+ > > ^ > > > > |(12.222.33.11) > > > > v > > +-----------------+ > > > > | Firewall/Router | (198.222.33.1) > > | (Linksys) |<--------------+ > > > > +-----------------+ | > > > > | (Internal Network) > > > > v > > +------------------------------------------+ > > > > > > v v > > +--------------+ +---------------+ > > > > | Linux Box | (192.222.33.4) | Windows 2K > > > > Box|(192.222.33.5) > > > > | (Apache) | | (Apache) | > > | > > | | | (PuTTY) | > > > > +--------------+ | | > > +---------------+ > > > > > > If I configure my router to do port forwarding with Port 80 > > pointing to the Windows Box with Apache, external users can view > > the server. If I change the router/port forwarding to point to the > > Linux Box/Apache server, the user is unable to access the Apache > > server. A quick review of the Apache log files does not reveal a > > hit to the server. This seems to indicate that the request from the > > external user didn't "get" to the Apache server. > > > > I'm begining to believe that the real issue has to do with how the > > Linux box is configured to accept/handle network communications. > > I'm able to look at the linux Apache server from other boxes within > > my network, provided I use the internal (192.XX) address. So the > > Apache server is working properly. > > > > So my question: How do I expand the IP addresses that are able to > > access the Linux Box? Or, might there perhaps be another problem? > > I'm realtively new to the world of Linux. I have RH 8.0 with the > > Gnome GUI. Pointers/assistance to whatever functions/commands would > > be appreciated!! > > > > > > Thanks > > > > Bruce Douglas > > bedouglas@earthlink.net > > > > > > > > > > > > > > -----Original Message----- > > From: psyche-list-admin@redhat.com > > [mailto:psyche-list-admin@redhat.com]On Behalf Of > > mlist.redhat.psyche@urs.us > > Sent: Saturday, January 18, 2003 10:02 AM > > To: psyche-list@redhat.com > > Subject: Re: Mozilla 1.2.1 fails to start > > > > > > ==> "wh" == Wade Hampton <wade.hampton@nsc1.net> writes: > > > > wh> Folks, I have a strange problem. I updated RH8 to the > > latest wh> packages and to Mozilla 1.2.1 xft > > (mozilla-1.2.1-0_rh8_xft). wh> All seemed OK until this morning. > > When I went to start wh> mozilla, it would not start initially > > > > I've also had mozilla-won't-start problems. I wasn't sure of > > the initial cause, but I traced it to a corrupted 'XUL.mfasl' file > > in the profile directory. If I deleted this file, mozilla > > started again. > > > > Carl > > -- > Stephen Carville http://www.heronforge.net/~stephen/gnupgkey.txt > Blessed are those who, in the face of death, think only of the front > sight. > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list > -- Jay Crews jpc@jaycrews.com -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
