But you will also have to add an output policy.
ipchains -A output -j ACCEPT -i <interface> -p tcp -s <your ip address> http
-d 0.0.0.0/0
<interface> can be ppp0, eth0 and so on
As a complete example: If I'm connected to my ISP via ppp, and my ip address
is 200.1.1.1 then my ipchains would be
ipchains -A input -j ACCEPT -i ppp0 -p tcp -s 0.0.0.0/0 -d 200.1.1.1 http
ipchains -A output -j ACCEPT -i ppp0 -p tcp -s 200.1.1.1 http -d 0.0.0.0/0
the above example would be good for static ip address. For dynamic ip
address, you can make use of ifconfig, awk & sed or cut the ip address on
the screen.
hope this helps...
> -----Original Message-----
> From: Igor Gashinsky [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, April 02, 2000 3:43 PM
> To: Andr� Bell; [EMAIL PROTECTED]
> Subject: Re: How open port 80?
>
>
> Andre,
>
> Running Apache on the firewall box is not a good idea,
> but if this is your
> only choice, place the ofllowing ipchains rule in your firewall script
> before the blanket deny:
>
> -A input -s 0/0 -d <YOUR MACHINE OUTSIDE IP HERE> 80 -i
> <INTERFACE HERE> -p
> 6 -j ACCEPT
>
> This will let anyone (0/0 = 0.0.0.0/0 = any) go to your
> machine's outside
> IP, on the specified interface to connect to port 80/tcp
> (protocol 6 = tcp)
> and exchange data. If you want to log all the attempts, which is
> recommended, but may not be practical for high traffic sites,
> you can add a
> "-l" t the end of that string.
>
> Hope this helps, and if you need any further help, don't
> hesitate to ask,
>
> -Igor Gashinsky
>
> At 11:25 PM 4/1/00 -0800, Andr� Bell wrote:
> >I know this is going to sound like a dumb question to most
> but I don't know
> >how to open port 80 when using ipchains.
> >
> >I am running pmfirewall and it runs beautifully at blocking
> access -- too
> >well. I can get out to the internet 100% unrestricted but
> unfortunately
> >all of my services are blocked from allowing anyone to get in. I am
> >running apache and need to allow others to reach the web
> server on my linux
> >box but my firewall is blocking access to that port along
> with nearly all
> >other ports.
> >
> >How do I configure ipchains to allow access to my web server without
> >opening the linux box up to unnecessary dangers?
> >
> >Yes I read the ipchains HOW-TO and if the answer is in there
> I missed it,
> >or didn't understand. I am six months new to Linux and
> still learning.
> >Until I installed linux nevr even seen it before, only heard
> about it. I
> >feel proud that I've successfully installed and configured
> three seperate
> >distributions so far as well as know a little more than how
> to 'point and
> >click' my way through linux. Now I need to learn how to
> control and manage
> >my firewall, among other things.
> >
> >Thanks for your help.
> >
> >Andr�
> >
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
