allowing users to access internal webserver

I want users to be able to access my webserver that's internal to my environment.  I'm assuming I need to use IPChains and have tried a few things without success.  Can someone give me a sample code to allow this?  
Seems like it only takes about 3-4 lines of additional code in my rc.firewall
LVL 1
ivanhAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ivanhAuthor Commented:
Oh, I'm running redhat 6.1
0
j2Commented:
ipchains -A input -p TCP --destination-port 80 -j ACCEPT

ipchains -A output -p TCP --source-port 80 -j ACCEPT

Should open port 80 to everyone who tries
0
ivanhAuthor Commented:
How do I tell it to go to a specific computer on my internal network?


ipchains -A input -p TCP --destination-port 80 -d <webserver ip> -j ACCEPT

is that right?  
Anything special for the output?

To clarify, 'users' means people out on the internet.  The webserver is behind my linux box that's running ipchains.

0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

j2Commented:
Oh, ipchains doesnt support port forwarding, i think you need ipmasqadm (which i havent used)

So, i do not think i can offer much more help then that. Sorry, feel free to reject my answer.

http://www.freshmeat.net/search.php3?query=port+forward has good resources tho.

A friend uses http://www.freshmeat.net/appindex/2000/01/01/946765065.html as a ipmasqadm frontend, to forward ports for a VPN. Worth a look?

0
ivanhAuthor Commented:
How do I tell it to go to a specific computer on my internal network?


ipchains -A input -p TCP --destination-port 80 -d <webserver ip> -j ACCEPT

is that right?  
Anything special for the output?

To clarify, 'users' means people out on the internet.  The webserver is behind my linux box that's running ipchains.

0
mzehnerCommented:
If you're trying to set up the client side for your users, if using IE, roght click on it, select properties, connections, settings.  Click on "proxy server", then click on "bypass proxy server for local address", then unclick "proxy server".  Then you can enter the name of the machine on the address line to find the home page of your web server.
Note:  To surf the web normally, your users would need to set the IE settings back the way they were.  The easy way for the users is for them to surf normally using your proxy server, and just type the name of your internal machine on the command line.  You will need to run a proxy server to do this, if you don't have one.
I'm not sure if this is what you mean when you say:
"How do I tell it to go to a specific computer on my internal network? "
0
RobWMartinCommented:
Assuming you are running ipchains to provide network address translation (i.e. masquerading), you will need a port forwarder to handle your need.  You will need to grab the ipportfw package.  Follow the instructions in the package for your particulars.  You can then forward port 80 on the NAT host to your internal HTTP host.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ivanhAuthor Commented:
RobWMartin:  That was it.  Got it working.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.