On Fri, Jun 06, 2003 at 08:05:10PM +0200, Ruprecht Helms wrote:
Following addition
at the moment the webserver has a iptablefirewall but is not reachable from outside (internet) completely. Connection to the webservice is wanted.
Is this some firewall tool or do you have your own startup script to set up all the rules? If it is some script, it should be easy to insert rule specifications for the INPUT and maybe the OUTPUT chain.
how have I to define iptablerules that a webserver can be reaches in the internet and on the webserver itselve are able to use port 80 and port 53.
All other ports without port 80 should not be available.
Some more information is necessary to build the rules. Which
interfaces are used? Are you shure that no other ports have to be
openend? Is it necessary to open ports for dns queries? If some name
server is already reachable it can handle the queries. You should
allow at least some icmp types (0,3,4,11 as far as I can remember
right now)
Some settings in /proc/sys/net/ipv4/ should be checked or modified.
iptables is well documented in the manual page, but I don't know
where to find some nice documentation/HOWTO for the last-mentioned topic.
--
Stefan Tichy