-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello, a customer of mine is using suse 7.3 and iptables v1.2.2. The iptables command are called direct, not with SuSEfirewall. Normally I use shorewall, I am not a specialist for iptables commands, I did not write the commands, but have to support them now.
The server is an internet-webserver. Because of some attacs the firewall is important. There are a postfix E-Mail-Server and there are Websites on the Server. Accessing in no problem from the internet.
BUT: from the intranet we cannot call the websites and load the E-Mails from the server. I think, it is not a DNS problem, but a firewall problem.
With "iptables -t nat -L" I get (names changed for public) for PREROUTING - Chain:
DNAT tcp -- anywhere linus.localnet.de tcp dpt:http to:172.21.85.11 DNAT tcp -- anywhere linus.localnet.de tcp dpt:domain to:172.21.85.11 DNAT udp -- anywhere linus.localnet.de udp dpt:domain to:172.21.85.11 DNAT tcp -- anywhere linus.localnet.de tcp dpt:smtp to:172.21.85.11 DNAT tcp -- anywhere linus.localnet.de tcp dpt:pop3 to:172.21.85.11 DNAT tcp -- 172.21.85.0/24 linus.localnet.de tcp dpt:http to:172.21.85.11:80 DNAT udp -- 172.21.85.0/24 linus.localnet.de udp dpt:http to:172.21.85.11:80 DNAT tcp -- anywhere linus.localnet.de tcp dpt:smakynet to:172.21.85.11:22
((I did not now, what "smakynet" is)). The INPUT-Chain shows (here a part of all): ACCEPT tcp -- 172.21.85.0/24 linuso.localnet.de tcp dpt:http ACCEPT tcp -- 172.21.85.0/24 linus.localnet.de tcp dpt:http ACCEPT tcp -- 172.21.85.0/24 anywhere tcp dpt:http
THe OUTPUT-Chain shows (a part too): ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http
Under the POSTROUTING I get: MASQUERADE all -- 172.21.85.0/24 anywhere
Which iptables command is nessacary for getting access from the intranet (172.21.85.0) to the webserver (172.21.85.11)?
Many thanks in advance. Manfred Rebentisch - -- COMPARAT Software-Entwicklungs-GmbH Mobile Voice Solutions Prießstr. 16, 23558 Lübeck Tel: 0451/479 56 60 http://www.comparat.de
On Monday 31 March 2003 22:01, Manfred Rebentisch wrote:
Hello, a customer of mine is using suse 7.3 and iptables v1.2.2. The iptables command are called direct, not with SuSEfirewall. Normally I use shorewall, I am not a specialist for iptables commands, I did not write the commands, but have to support them now.
The server is an internet-webserver. Because of some attacs the firewall is important. There are a postfix E-Mail-Server and there are Websites on the Server. Accessing in no problem from the internet.
BUT: from the intranet we cannot call the websites and load the E-Mails from the server. I think, it is not a DNS problem, but a firewall problem. ... Which iptables command is nessacary for getting access from the intranet (172.21.85.0) to the webserver (172.21.85.11)?
Because I do not know your network layout and all the Firewall rules, just some general tips to locate the problem: - is the routing from your Intranet to your webserver ok ? - you could place LOG targets in your ruleset to check where the packets get dropped
Andreas Baetz
-
Andreas Baetz -
Manfred Rebentisch