host my website on my linux box

Greetings,

I got an apache server listening on port 80
I have as well a registered domain name which follows my dynamic ip
My router is configured to route all requests from port 80 to my machine
in my lan :

Indx Prot Inside-address:Port Outside-address:Port oreign-address:Port
Flgs Expir State Control

4 6 10.0.0.1:37134 90.14.157.251:11717
204.1.226.226:443 1
60 1
5 6 10.0.0.1:80 90.14.157.251:80 0.0.0.0:0

My iptables follow

# Default rule : All Output accepted
$protec -P OUTPUT ACCEPT


#$protec -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED
-j ACCEPT
$protec -A INPUT -i eth0 -p tcp --source-port 80 -j ACCEPT -> Should be
ok no ??
$protec -A INPUT -i eth0 -p tcp --source-port 20 -j ACCEPT
$protec -A INPUT -i eth0 -p tcp --match multiport --sports
110,119,20,21,80,22,53,25 -m state --state RELATED,ESTABLISHED -j ACCEPT
$protec -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j
ACCEPT
$protec -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

I tried a tcpdump to see what was happening but maybe misread the output


So what did I do wrong ??

If someone can shed some light on this, thank you very much !

On Mon, 01 Dec 2003 23:11:22 +0100, charly <(E-Mail Removed)> wrote:
> Greetings,
>
> I got an apache server listening on port 80
> I have as well a registered domain name which follows my dynamic ip
> My router is configured to route all requests from port 80 to my machine
> in my lan :
>
> Indx Prot Inside-address:Port Outside-address:Port oreign-address:Port
> Flgs Expir State Control
>
> 4 6 10.0.0.1:37134 90.14.157.251:11717
> 204.1.226.226:443 1
> 60 1
> 5 6 10.0.0.1:80 90.14.157.251:80 0.0.0.0:0
>
> My iptables follow
>
> # Default rule : All Output accepted
> $protec -P OUTPUT ACCEPT
>
>
> #$protec -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED
> -j ACCEPT
> $protec -A INPUT -i eth0 -p tcp --source-port 80 -j ACCEPT -> Should be
> ok no ??
> $protec -A INPUT -i eth0 -p tcp --source-port 20 -j ACCEPT
> $protec -A INPUT -i eth0 -p tcp --match multiport --sports
> 110,119,20,21,80,22,53,25 -m state --state RELATED,ESTABLISHED -j ACCEPT
> $protec -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j
> ACCEPT
> $protec -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
>
> I tried a tcpdump to see what was happening but maybe misread the output
>
>
> So what did I do wrong ??

You are specifically accepting input from --source-port 80, but a web
server is reached by --destination-port 80 (or -dport 80), and source port
could be anything.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

> You are specifically accepting input from --source-port 80, but a web
> server is reached by --destination-port 80 (or -dport 80), and source port
> could be anything.


Oh yes, you're right

I'm still working and corrected my iptables script to this :

$protec -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j
ACCEPT
$protec -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT

Should work now but seems that I have to come from outside my lan to
test it...

thank you very much for the remark : you helped me a lot (I had
forgotten the obvious )

(E-Mail Removed) (David Efflandt) wrote in message news:<(E-Mail Removed)>...
> On Mon, 01 Dec 2003 23:11:22 +0100, charly <(E-Mail Removed)> wrote:
> > Greetings,
> >
> > I got an apache server listening on port 80
[snip]
>
> You are specifically accepting input from --source-port 80, but a web
> server is reached by --destination-port 80 (or -dport 80), and source port
> could be anything.

You may also find it easier to configure iptables using a gui.