[Techtalk] MSN.COM
Raquel Rice
raquel at thericehouse.net
Fri Oct 25 11:56:25 EST 2002
I have a situation here that I'm unsure of. I have my own servers
running here, one of which is a web server. I'm just finding out
that some friends who use MSN.COM aren't able to access the sites
here. I don't think I have the firewall configured to block port 80
from anyone's use. (Don't try a traceroute or a ping ... both of
those ARE blocked)
Is anyone able to help?
My firewall (IPCHAINS) starts with denying access to everyone. Then
for http:
##=> HTTP-infw
/sbin/ipchains -A input -i eth0 -s 63.206.160.16/255.255.255.248
1024:65535 -d 63.206.160.18 80 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s 63.206.160.18 80 -d
63.206.160.16/255.255.255.248 1024:65535 ! -y -p tcp -j ACCEPT
##=> HTTP-inout
/sbin/ipchains -A input -i eth0 -s 63.206.160.16/255.255.255.248
1024:65535 -d ! 63.206.160.18 80 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s ! 63.206.160.18 80 -d
63.206.160.16/255.255.255.248 1024:65535 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 63.206.160.18 80 -d
63.206.160.16/255.255.255.248 1024:65535 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s 63.206.160.16/255.255.255.248
1024:65535 -d ! 63.206.160.18 80 -p tcp -j ACCEPT
/sbin/ipchains -A forward -i eth0 -s 63.206.160.16/255.255.255.248
1024:65535 -d ! 63.206.160.18 80 -p tcp -j ACCEPT
/sbin/ipchains -A forward -i eth0 -s ! 63.206.160.18 80 -d
63.206.160.16/255.255.255.248 1024:65535 ! -y -p tcp -j ACCEPT
##=> HTTP-outfw
/sbin/ipchains -A input -i eth0 -s ! 63.206.160.18 1024:65535 -d
63.206.160.18 80 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s 63.206.160.18 80 -d !
63.206.160.18 1024:65535 ! -y -p tcp -j ACCEPT
##=> HTTP-outin
/sbin/ipchains -A input -i eth0 -s ! 63.206.160.18 1024:65535 -d
63.206.160.16/255.255.255.248 80 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s 63.206.160.16/255.255.255.248 80
-d ! 63.206.160.18 1024:65535 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s 63.206.160.16/255.255.255.248 80
-d ! 63.206.160.18 1024:65535 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s ! 63.206.160.18 1024:65535 -d
63.206.160.16/255.255.255.248 80 -p tcp -j ACCEPT
/sbin/ipchains -A forward -i eth0 -s ! 63.206.160.18 1024:65535 -d
63.206.160.16/255.255.255.248 80 -p tcp -j ACCEPT
/sbin/ipchains -A forward -i eth0 -s 63.206.160.16/255.255.255.248
80 -d ! 63.206.160.18 1024:65535 ! -y -p tcp -j ACCEPT
##=> HTTP-fwin
/sbin/ipchains -A output -i eth0 -s 63.206.160.18 1024:65535 -d
63.206.160.16/255.255.255.248 80 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s 63.206.160.16/255.255.255.248 80
-d 63.206.160.18 1024:65535 ! -y -p tcp -j ACCEPT
##=> HTTP-fwout
/sbin/ipchains -A output -i eth0 -s 63.206.160.18 1024:65535 -d !
63.206.160.18 80 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 63.206.160.18 80 -d
63.206.160.18 1024:65535 ! -y -p tcp -j ACCEPT
--
Raquel
============================================================
Whatever course you decide upon, there is always someone to tell you
that you are wrong. There are always difficulties arising which
tempt you to believe that your critics are right. To map out a
course of action and follow it to an end requires courage.
--Ralph Waldo Emerson
More information about the Techtalk
mailing list