> > > I've configured a webserver, which runs perfectly on it's own net. The
> > > problem is that it's behind a firewall and everything that comes through
> > > that firewall are being ignored by the server.
> > >
> > > Must be some kind of spoof-protection. Because the packets get trapped by
> > > rp_filter.
> > >
> > > So I've disabled rp_filter, I've set all iptables rules to ACCEPT, and
> > > I've tried lowering the security level with msec. Nothing changed. I've
> > > used tcpdump to see what's going on, and I can see that packets coming
> > > from a machine on the internal net, gets answers. But packets arriving
> > > through the firewall arrives at the interface, but no answer is sent. So I
> > > know for sure that the problem is at this machine.
> >
> > Have you configured NAT?
>
> No, this machine is not the firewall itself, only a http-server. It's
> packets coming through another firewall that are being filtered out. In
> that case NAT shouldn't be necessary since it's not doing any
> gatewaying/routing. Or am I wrong here...?
No, you're right, you don't have to do anything in the webserver, my question
wasn't right :) what I wanted to ask you is whether the NAT in the firewall is
configured OK.
Also, your firewall should allow to pass all packets with a connection already
established; for example, if your firewall were a Linux box with iptables you
should have something like that:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Regards,
Toshiro.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
