[Cialug] Allowing web traffic through firewall

Sean Flattery sean.r.flattery at gmail.com
Mon Apr 24 13:40:26 CDT 2017


That depends entirely upon how the rest of your network is setup.  I'm
going to make a whole truckload of guesses about your network here...

Your firewall is internet facing with eth0 to the public.  Eth1 goes to
your web server, or something that passes traffic to your web server.
*Assuming
that's correct,* then requests from the public (eth0) would get dropped
instead of being forwarded to your web server off eth1.  You also may want
to restrict outbound connections from eth1 to the internet for security
reasons.

Sean Flattery


-------------------------------------------------------------
Date: Mon, 24 Apr 2017 08:43:27 -0500
From: Tom Sellers <tsellers2009 at gmail.com>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Subject: [Cialug] Allowing web traffic through firewall
Message-ID:
        <CAGMb6GTrAuAuD+j44vBpNSNYytVYf_fWD9vHa-Gdiv51UHyAOA at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Does the first entry in this firewall iptables block traffic to my web
server?  It appears to me that the "NEW" portion would do so.

Chain FORWARD (policy DROP 138 packets, 5575 bytes)
 pkts bytes target     prot opt in     out     source destination
    0     0 DROP       all  --  eth0   any     anywhere anywhere    ctstate
INVALID,NEW
    0     0 DROP       tcp  --  any    any     anywhere
anywhere             multiport dports
epmap,netbios-ns:netbios-ssn,microsoft-ds
    9   702 DROP       udp  --  any    any     anywhere
anywhere             multiport dports
epmap,netbios-ns:netbios-ssn,microsoft-ds
  51M   59G ACCEPT     all  --  any    any     anywhere
anywhere             ctstate RELATED,ESTABLISHED
 102K 8792K ACCEPT     all  --  eth1   any     anywhere
anywhere             ctstate NEW


More information about the Cialug mailing list