appropriate iptables rules for a website with dynamic DNS

Discussion in 'Linux Networking' started by Wenjie, Sep 8, 2003.

  1. Wenjie

    Wenjie Guest

    Hello again,


    I have an apache server with a router and then the ADSL modem
    connected
    to the internet. I have a domain name for the website and use a dyn
    DNS
    service. Now I wonder if my redhat 8.0 iptables setting is good or not
    since my friends experience freezing problems when they surf the
    website
    with 'forward' 'back' 'refresh' of IE6.x buttons:

    /sbin/iptables --list
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Lokkit-0-50-INPUT all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain RH-Lokkit-0-50-INPUT (1 references)
    target prot opt source destination
    ACCEPT udp -- MY_ISP_DNS_SERVER1 anywhere udp
    spt:domain dpts:1025:65535
    ACCEPT udp -- MY_ISP_DNS_SERVER2 anywhere udp
    spt:domain dpts:1025:65535
    ACCEPT tcp -- anywhere anywhere tcp
    dpt:http flags:SYN,RST,ACK/SYN
    ACCEPT tcp -- anywhere anywhere tcp
    dpt:ssh flags:SYN,RST,ACK/SYN
    ACCEPT all -- anywhere anywhere
    REJECT tcp -- anywhere anywhere tcp
    flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
    REJECT udp -- anywhere anywhere udp
    reject-with icmp-port-unreachable


    I actually don't add the following entries to the iptables:
    ACCEPT udp -- MY_ISP_DNS_SERVER1 anywhere udp
    spt:domain dpts:1025:65535
    ACCEPT udp -- MY_ISP_DNS_SERVER2 anywhere udp
    spt:domain dpts:1025:65535

    Anyway, could you please verify whether my iptables setting is
    appropriate
    for a web sever? If not, how could I change it properly?


    Thanks and best regards,
    Wenjie
     
    Wenjie, Sep 8, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.