[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Basic IPTables rules for RaQ550
- Subject: Re: [cobalt-security] Basic IPTables rules for RaQ550
- From: Eric Frisch <ericf@xxxxxxxxxxx>
- Date: 18 Mar 2003 19:49:29 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tue, 2003-03-18 at 16:13, Michelle A. Hoyle wrote:
<snip>
>
> I ran into another question: I did get the firewall all configured
> *BUT* it only works for the main site IP/name. If I try to access
> any of the virtual hosts, they're blocked. I had a look at the
> [scanty] documentation and saw info about NATs and suchlike, but
> nothing specifically about passing through virtual IPs. With my RaQ4
> ipchains configuration, this was never an issue. I saw something in
> the configuration directory called "routables." There are files in
> there to fill in IPs for something. Is it required to fill in the
> entire range of virtual host IPs in there plus permit the various
> services in the routables.conf as well? How did you handle that?
>
Basically what I think you want to do is add port 80 and any other
public ports, one per line to conf/open_ports. e.g. if you add port 80,
users from any source can get to any virtual web site on the box. I
have only done this on non-Cobalt machines and I only needed to provided
web access this way, all other services are funneled through the main IP
of the box. Depending on how Cobalt by default handles various mail
configurations, MX records and such, you may need to add more ports. I
haven't analyzed their virtual server configs too much, I have more
experience just manually configuring stuff.
Hope this helps . . .
Eric