Re: IP Tables -A What am I doing wrong

From: D. Stussy (kd6lvw@bde-arc.ampr.org)
Date: 08/19/02 

From: "D. Stussy" <kd6lvw@bde-arc.ampr.org>
Date: Mon, 19 Aug 2002 04:03:42 GMT

On Sun, 18 Aug 2002, Steve Harper wrote:
>I'm trying to set up IP tables on my box manually (currently have it
>configured with FWBuilder) and keep getting a cannot connect message
>when I try to view a web page with the following two rules. I'm running
>a stand alone box on a dial up connection.
>
>iptables -A INPUT -i ppp0 -p tcp --sport 80 -d localhost \ --dport
>1024:65535 -j ACCEPT
>
>iptables -A OUTPUT -o ppp0 -p tcp --dport 80\
> -s localhost --sport 1024:65535 -j ACCEPT
>
>The way I read it is the first rule is for stuff coming into my box from
>the outside. It is coming from port 80 to the local host through an
>unpriveleged port.
>
>The second rule is for stuff I'm sending from an unpriveleged port on
>local host to port 80 on the server.
>
>Where am I missing something in here? I figure if I could get this
>working I could build a firewall.
>
>I've checked the Man page for iptables, the netfilter how_to, a couple
>of on line tutorials, and "Linux Firewalls" by Ziegler and the only
>other thing I can think of is that in some of the scripts I see stuff
>from /proc/sys before any of the firewall rules start. Are the lines
>referencing the /proc/sys required for a firewall to run?

1) I seriously doubt that your ppp0 interface resolves to [127.0.0.1], as
implied by your "-s/-d localhost" entry on the rule. You are using the wrong
address for yourself. Why even specify an address? You already are specifying
the ports (port-ranges), the interface, and the direction. With no forwarding
rules (i.e. policy drop), all the packets will be for you anyway - and let the
webserver worry about the IP virtual hosting.

2) Why specify "port 80" as "port 80"? It works just as well specifying it as
"port http" and that makes it more human readable.

3) Don't forget about FRAGMENTED TCP packets. I note one of the other
responses already mentioned the "syn" flag.

Relevant Pages

  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is secedit.exe left by a hacker?
    ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
    (microsoft.public.win2000.security)