• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 637
  • Last Modified:

How do I configure my Linux Fedora 12 firewall to be reasonably secure while serving up external web requests to my Apache 2 web server?

Hello,

My LAN operates at 192.168.1.xxx.

My Fedora 12  Linux box running Apache 2 is located at 192.168.1.99 (static IP).

When I'm physically on this Fedora 12 Linux box, I'm able to use Firefox to successfully display the Fedora Web Test Page by navigating to either: http://192.168.1.99/  OR   http://myhost.mydomain/

PROBLEM IS...This does not work on any other machine on my network.

Therefore, I *suspect* that my Linux "firewall" needs to be reconfigured to accept external requests.

QUESTION...What do I need to do to get my Linux-Apache machine serving up web pages to other machines on the same network?
0
SqueezeOJ
Asked:
SqueezeOJ
  • 5
  • 3
1 Solution
 
sukamtoCommented:
look into your /etc/httpd/conf/httpd.conf
make sure the "Listen" part is including your LAN Network
0
 
sukamtoCommented:
or to open firewall http port, try below.

iptables -A INPUT -p tcp --dports 80 -j ACCEPT
service iptables save

if possible, post your iptables status with command :
service iptables status

0
 
AsrCommented:
Hi,
you need to allow all related connection using iptables state modules. try this one.
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
SqueezeOJAuthor Commented:
Thank you for your quick responses.  I will try your solutions this afternoon (Eastern US Time) - and get back with what I find.
Jason
0
 
SqueezeOJAuthor Commented:
Here's what I found...(I ran all commands after su-ing)

______Sukamto______

gedit /etc/httpd/conf/httpd.conf shows this for listen:

#Listen 12.34.56.78:80
Listen 80
iptables -A INPUT -p tcp --dports 80 -j ACCEPT

Returns Error:  iptables v1.4.5: unknown option `--dports'

______Asr______

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Runs without Error but didn't solve problem

______Everyone______

Problem still persists.  

Cannot use another LAN computer to display web page on the Linux Apache box.  The connection simply times out.

I am able to successfully PING the Linux Apache box at 192.168.1.99 from other LAN computers.

I will post results of service iptables status in next post



0
 
SqueezeOJAuthor Commented:
Results of service iptables status...

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
6    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination        
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination  
0
 
sukamtoCommented:
sorry typos, should be --dport, not --dports
pls try this :

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
service iptables save

then post result of " service iptables status " again if still error
0
 
SqueezeOJAuthor Commented:
Hi Sukamto,

Problem still persists.  PING works fine but http://192.168.1.99 and http://192.168.1.99:80 both say "Connection has timed out".  Here is the out put from my terminal:

>> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>> service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
>> service iptables status

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination        
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

What should I do next?

Thanks for your time!

Jason
0
 
SqueezeOJAuthor Commented:
Problem Solved!  Here's what I did...

  • System --> Administration --> Firewall
  • Type in Root Password
  • On Trusted Services Tab I selected the following Ports:
  • WWW (HTTP) - 80 / tcp
  • Secure WWW (HTPS) - 443 / tcp
  • Click theApply button and Confirmed my Changes
  • Went to another PC on the LAN and tested it.  It worked fine!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now