|
Hello Lewis.
>> firewalling works fine.
However, I also want to allow access
>> to the server, i.e. it should be visible to the outside (for >> httpd for example). Is this possible at all? > Yes this is definitely possible. You must open the
port that you wish to be viewed in the input and Output chains, and also the
>loopback lo access to itself .... -s lo -j accept.
>Obviously this is isn't the most secure way to configure
your firewall. To open for access to Httpd at port 80 for admin you might
want >to specify the internal eth device. E.g. iptables -A INPUT -i
eth1 ...
The problem is that even when I open everything up,
i.e. -P INPUT/OUTPUT/FORWARD ACCEPT, -P PREROUTING ACCEPT, then I can still not
reach the server from the outside. Interestingly enough, I can reach it from
within the subnet, even if the computer that I am trying from is put behind the
server, i.e. on the outside.
so:
-----------------------------------------------
-------------------------------------------
| IP outside xxx.xxx.xxx.64/26 | | IP inside
xxx.xxx.xxx.64/26 |
----------------------------------------------- --------------------------------------------
\ /
no yes
\
/
-----------------------------------
|
bridge xxx.xxx.xxx.70 |
-----------------------------------
|
yes
|
----------
| LAN
|
---------- I set up my bridge as follows:
brctl addbr
gollum
brctl
setbridgeprio gollum 0
brctl addif
gollum eth0
brctl addif
gollum eth1
brctl
sethello gollum 1
brctl
setmaxage gollum 4
brctl setfd gollum 4 ifconfig
gollum xxx.xxx.xxx.70 netmask 255.255.255.192 broadcast xxx.xxx.xxx.127
up
ifconfig
eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up Do I need to give one of the interfaces an IP as
well?
Thanks for your help,
Carsten
|
Title: RE: Bridge digest, Vol 1 #445 - 1 msg
- [Bridge] RE: Bridge digest, Vol 1 #445 - 1 msg Lewis Shobbrook
