PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Webserver nur im internen Netz



realtec
29.07.02, 23:09
Hallo, ich verwende Suse Linux 8.0. Apache Webserver läuft auch ohne Probleme wenn ich http://linux-server von einer Windows Kiste aufrufe....
Wenn ich aber von der Windowskiste mit http://aktuelleDSLip "über das Internet" auf den Websever will, bekomme ich "Seite kann nicht......"
In der Suse Firewall habe ich ALLE Dienste freigegeben.
Kann jmd helfen?

Spike05
29.07.02, 23:13
Hast du noch einen Router dazwischenhängen???

realtec
29.07.02, 23:24
Nein, die Linux Maschine geht direkt per Netzwerkkarte und DSL Modem ins I-Net (T-DSL)

Fir3fly
30.07.02, 07:49
da wirds doch schon spannend. Ping auf die DSL IP geht?

Fir3fly

realtec
30.07.02, 16:54
ja, ohne probleme

realtec
30.07.02, 18:54
Hallo,

habe mich geirrt:
Von der Windows Kiste geht der Ping nicht, auf dem Linux Server mittels ssh geht es!

Fir3fly
30.07.02, 18:54
Dann würd´ ich mir mal die Firewall regeln anschaun. iptables -L

Fir3fly

realtec
30.07.02, 19:16
Wo finde ich die, und was muss ich da einstellen?
Ich dachte die Firewall von Suse lässt sich nur über das Yast2 Fontend einstellen :-))

Fir3fly
30.07.02, 19:49
einfach mal als root an der konsole eintippeln:

iptables -L

und dann ma den output hier pasten. Dann kamma ma guggn, ob der port 80 abgefangen wird

Fir3fly

realtec
30.07.02, 20:05
Hallo,

erhalte einen Haufen Ausgaben in der Konsole, aber wie kann ich die kopieren und einfügen????

realtec
30.07.02, 20:10
Habe es gefunden:

Linux-Server:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:netbios-ns:netbios-dgm
DROP all -- loopback/8 anywhere
DROP all -- anywhere loopback/8
DROP all -- Linux-Server.local anywhere
DROP all -- p50837AB5.dip.t-dialin.net anywhere
input_ext all -- anywhere p50837AB5.dip.t-dialin.net
input_int all -- anywhere Linux-Server.local
DROP all -- anywhere 192.168.0.255
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere p50837AB5.dip.t-dialin.netLOG level war
ning tcp-options ip-options prefix `SuSE-FW-NO_ACCESS_INT->FWEXT '
DROP all -- anywhere p50837AB5.dip.t-dialin.net
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SY
N TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
forward_ext all -- anywhere anywhere
forward_int all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
LOG all -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-FORWARD-ERROR '

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp port-unreachabl
e
ACCEPT icmp -- anywhere anywhere icmp fragmentation-n
eeded
ACCEPT icmp -- anywhere anywhere icmp network-prohibi
ted
ACCEPT icmp -- anywhere anywhere icmp host-prohibited

ACCEPT icmp -- anywhere anywhere icmp communication-p
rohibited
DROP icmp -- anywhere anywhere icmp destination-unr
eachable
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
LOG all -- anywhere anywhere LOG level warning tc
p-options ip-options prefix `SuSE-FW-OUTPUT-ERROR '

Chain forward_dmz (0 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- 192.168.0.0/24 anywhere
DROP all -- anywhere Linux-Server.local
DROP all -- anywhere p50837AB5.dip.t-dialin.net
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere

Chain forward_ext (1 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
DROP all -- anywhere Linux-Server.local
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere

Chain forward_int (1 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- anywhere p50837AB5.dip.t-dialin.net
ACCEPT icmp -- anywhere anywhere state RELATED icmp d
estination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT all -- anywhere anywhere state NEW,RELATED,ES
TABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
DROP all -- anywhere anywhere

Chain input_dmz (0 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
DROP all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:time flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:finger flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:login flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:printer flag
s:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:swat flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:mysql flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:telnet
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:finger
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:who
DROP udp -- anywhere anywhere udp dpt:printer
DROP udp -- anywhere anywhere udp dpt:smpnameres
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
DROP all -- anywhere anywhere

Chain input_ext (1 references)
target prot opt source destination
DROP all -- 192.168.0.0/24 anywhere
ACCEPT icmp -- p50837AB5.dip.t-dialin.net anywhere icmp source-q
uench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:rsync
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED tcp dpt:telnet
REJECT tcp -- anywhere anywhere tcp dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:telnet flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:time flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:finger flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags
:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:login flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:printer flag
s:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:swat flags:S
YN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:mysql flags:
SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW,
RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:telnet
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:time
DROP udp -- anywhere anywhere udp dpt:finger
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:who
DROP udp -- anywhere anywhere udp dpt:printer
DROP udp -- anywhere anywhere udp dpt:smpnameres
DROP udp -- anywhere anywhere udp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:x11
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES
TABLISHED udp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state ESTABLISHED ud
p dpts:61000:65095
DROP all -- anywhere anywhere

Chain input_int (1 references)
target prot opt source destination
DROP all -- p50837AB5.dip.t-dialin.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp address-mask-reply
DROP icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:ident flags: SYN,RST,ACK/SYN reject-with tcp-reset
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABL ISHED tcp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES TABLISHED udp dpt:1024
ACCEPT udp -- www-proxy.SB1.srv.t-online.de anywhere state NEW, RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES TABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ES TABLISHED udp dpts:1024:65535
DROP all -- anywhere anywhere
Linux-Server:~ #

LinuxNewbee
30.07.02, 20:35
Um das problem selbst werd ich mich später mal kümmern, aber dennoch habe ich eine frage dazu:

Wenn ich den rechner mit der aktuellen IP nicht anpingen kann, wie können dann progs wie iexplorer, icq, irc-tools und andere proggys die auf dem client-server prinzip via tcp/ip basieren, eine Verbindung aufbauen???

Kevin:confused: