iptables on SuSE 7.3, webserver and our intranet
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, a customer of mine is using suse 7.3 and iptables v1.2.2. The iptables command are called direct, not with SuSEfirewall. Normally I use shorewall, I am not a specialist for iptables commands, I did not write the commands, but have to support them now. The server is an internet-webserver. Because of some attacs the firewall is important. There are a postfix E-Mail-Server and there are Websites on the Server. Accessing in no problem from the internet. BUT: from the intranet we cannot call the websites and load the E-Mails from the server. I think, it is not a DNS problem, but a firewall problem. With "iptables -t nat -L" I get (names changed for public) for PREROUTING - Chain: DNAT tcp -- anywhere linus.localnet.de tcp dpt:http to:172.21.85.11 DNAT tcp -- anywhere linus.localnet.de tcp dpt:domain to:172.21.85.11 DNAT udp -- anywhere linus.localnet.de udp dpt:domain to:172.21.85.11 DNAT tcp -- anywhere linus.localnet.de tcp dpt:smtp to:172.21.85.11 DNAT tcp -- anywhere linus.localnet.de tcp dpt:pop3 to:172.21.85.11 DNAT tcp -- 172.21.85.0/24 linus.localnet.de tcp dpt:http to:172.21.85.11:80 DNAT udp -- 172.21.85.0/24 linus.localnet.de udp dpt:http to:172.21.85.11:80 DNAT tcp -- anywhere linus.localnet.de tcp dpt:smakynet to:172.21.85.11:22 ((I did not now, what "smakynet" is)). The INPUT-Chain shows (here a part of all): ACCEPT tcp -- 172.21.85.0/24 linuso.localnet.de tcp dpt:http ACCEPT tcp -- 172.21.85.0/24 linus.localnet.de tcp dpt:http ACCEPT tcp -- 172.21.85.0/24 anywhere tcp dpt:http THe OUTPUT-Chain shows (a part too): ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http Under the POSTROUTING I get: MASQUERADE all -- 172.21.85.0/24 anywhere Which iptables command is nessacary for getting access from the intranet (172.21.85.0) to the webserver (172.21.85.11)? Many thanks in advance. Manfred Rebentisch - -- COMPARAT Software-Entwicklungs-GmbH Mobile Voice Solutions Prießstr. 16, 23558 Lübeck Tel: 0451/479 56 60 http://www.comparat.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+iJ6c385pq8Zuir4RAqcMAKCLh4sTz72LgFxT6NxQY+PbfvCNhACfWkZY V7TJBaV80T5hFIlGRQvpfTw= =hdyt -----END PGP SIGNATURE-----
On Monday 31 March 2003 22:01, Manfred Rebentisch wrote: > Hello, > a customer of mine is using suse 7.3 and iptables v1.2.2. > The iptables command are called direct, not with SuSEfirewall. > Normally I use shorewall, I am not a specialist for iptables commands, I > did not write the commands, but have to support them now. > > The server is an internet-webserver. Because of some attacs the firewall is > important. There are a postfix E-Mail-Server and there are Websites on the > Server. Accessing in no problem from the internet. > > BUT: from the intranet we cannot call the websites and load the E-Mails > from the server. I think, it is not a DNS problem, but a firewall problem. >... > Which iptables command is nessacary for getting access from the intranet > (172.21.85.0) to the webserver (172.21.85.11)? Because I do not know your network layout and all the Firewall rules, just some general tips to locate the problem: - is the routing from your Intranet to your webserver ok ? - you could place LOG targets in your ruleset to check where the packets get dropped Andreas Baetz
participants (2)
-
Andreas Baetz -
Manfred Rebentisch