Hi Carsten > From: "Carsten Weber" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Date: Sun, 12 May 2002 18:16:24 +0200 > Subject: [Bridge] non-transparent bridging firewall > > Hello, > > I have just set up a RedHat server which I want to use as a > bridging firewall, as well as a web server. I am experiencing > problems reaching the server from the outside. > > I have enabled iptables and bridging and applied the firewall > patch (bridge.sourceforge.net). When I set it up as a > transparent bridge (eth0 and eth1 as 0.0.0.0, bridge as > xxx.xxx.xxx.70), I can get across with no problems and the > firewalling works fine. However, I also want to allow access > to the server, i.e. it should be visible to the outside (for > httpd for example). Is this possible at all?
Yes this is definitely possible. You must open the port that you wish to be viewed in the input and Output chains, and also the loopback lo access to itself .... -s lo -j accept. Obviously this is isn't the most secure way to configure your firewall. To open for access to Httpd at port 80 for admin you might want to specify the internal eth device. E.g. iptables -A INPUT -i eth1 ... Or only from an external IP... -i eth0 -s 203.111.5.67 -d xxx.xxx.xxx.65 --dport 80 > > I have the IPs xxx.xxx.xxx.70-127 in our LAN and we route via > external router xxx.xxx.xxx.65 (66 and 67 being IPs of the > antennas). Do I need to bring up the interfaces with IPs as > well, or can I access the server from the outside directly > through the bridge interface? Not sure what you mean here? Maybe a little more info... > > Thank you for your advice or places where I can look for an > answer. Carsten Hope this helps anyway. Cheers, Lewis Shobbrook _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
