httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael" <x...@xshellr8.com>
Subject RE: [users@httpd] problem with distant vs. local acces with apache 2
Date Mon, 14 Jun 2004 20:18:43 GMT
Well I'm sorry to hear that this is the case, but I'm also glad you finally
did determine it was indeed from 80 being closed as I suspected.

Take care and good luck on finding a legitimate ISP.

Michael

-----Original Message-----
From: irisson jean-olivier [mailto:jo.irisson@noos.fr] 
Sent: Monday, June 14, 2004 10:44 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] problem with distant vs. local acces with apache
2

Vasiliy Boulytchev wrote:
>  Vasiliy Boulytchev wrote: 
>>My first guess with Md 10.0 is msec :)
> 
> I guess this was a joke but sorry, my english/computer knowledge is not
good
> enough to understand this one... :-(
> 
> No joke,  with Mandrake 10.0 you get msec.  Mandrake Security.  Adds neat
> and easy lock downs to your system.

ok thanks. I found about this after sending you my reply. sorry. I'll 
check for this but in fact I don't really need a very secure system not 
beeing on a network or having much network activity (apart from a simple 
Apache web server!). In addition I do not really know who would want to 
break into my computer ;-)

Anyway I think I dicovered something while trying to set up this:
             Apache is great but my ISP is crap!!!
After several emails they finally sent me back to (paying) technical 
phone assistance which was barely capable of understanding my problem. 
They conclude by saying that port 80 should indeed be blocked and that 
there was nothing to do about it.

I'm therefore sorry to have wasted your time, the problem apparently 
came from something independant of Apache. I am nevertheless willing to 
thank you for the great deal of assistance I found here: quick and 
efficient (the complete opposite of my ISP's ;-) ). I'll might contact 
you in the future if I have a problem with another server... as soon as 
I've changed my ISP! thank again and I'll keep reading this list anyway.

> What does your firewall rules say?   Iptables -L

In case you still want to know ;-). my firewall is supposed to block 
everything except acces to a ftp, ssh and web server (so 21, 22 and 80 
should be open)
here is the output of iptables -L:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP      !icmp --  anywhere             anywhere            state INVALID
eth0_in    all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:INPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP      !icmp --  anywhere             anywhere            state INVALID
eth0_fwd   all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:FORWARD:REJECT:'
reject     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP      !icmp --  anywhere             anywhere            state INVALID
fw2net     all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:OUTPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain Drop (1 references)
target     prot opt source               destination
RejectAuth  all  --  anywhere             anywhere
dropBcast  all  --  anywhere             anywhere
DropSMB    all  --  anywhere             anywhere
DropUPnP   all  --  anywhere             anywhere
dropNonSyn  all  --  anywhere             anywhere
DropDNSrep  all  --  anywhere             anywhere

Chain DropDNSrep (2 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp spt:domain

Chain DropSMB (1 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:135
DROP       udp  --  anywhere             anywhere            udp 
dpts:netbios-ns:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp 
dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:135
DROP       tcp  --  anywhere             anywhere            tcp 
dpt:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp 
dpt:microsoft-ds

Chain DropUPnP (2 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:1900

Chain Reject (4 references)
target     prot opt source               destination
RejectAuth  all  --  anywhere             anywhere
dropBcast  all  --  anywhere             anywhere
RejectSMB  all  --  anywhere             anywhere
DropUPnP   all  --  anywhere             anywhere
dropNonSyn  all  --  anywhere             anywhere
DropDNSrep  all  --  anywhere             anywhere

Chain RejectAuth (2 references)
target     prot opt source               destination
reject     tcp  --  anywhere             anywhere            tcp dpt:auth

Chain RejectSMB (1 references)
target     prot opt source               destination
reject     udp  --  anywhere             anywhere            udp dpt:135
reject     udp  --  anywhere             anywhere            udp 
dpts:netbios-ns:netbios-ssn
reject     udp  --  anywhere             anywhere            udp 
dpt:microsoft-ds
reject     tcp  --  anywhere             anywhere            tcp dpt:135
reject     tcp  --  anywhere             anywhere            tcp 
dpt:netbios-ssn
reject     tcp  --  anywhere             anywhere            tcp 
dpt:microsoft-ds

Chain all2all (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:all2all:REJECT:'
reject     all  --  anywhere             anywhere

Chain dropBcast (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = 
broadcast
DROP       all  --  anywhere             anywhere            PKTTYPE = 
multicast

Chain dropNonSyn (2 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp 
flags:!SYN,RST,ACK/SYN

Chain dynamic (2 references)
target     prot opt source               destination

Chain eth0_fwd (1 references)
target     prot opt source               destination
dynamic    all  --  anywhere             anywhere            state NEW

Chain eth0_in (1 references)
target     prot opt source               destination
dynamic    all  --  anywhere             anywhere            state NEW
net2fw     all  --  anywhere             anywhere

Chain fw2net (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain icmpdef (0 references)
target     prot opt source               destination

Chain net2all (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
Drop       all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:net2all:DROP:'
DROP       all  --  anywhere             anywhere

Chain net2fw (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport 
dports http,https,ssh,ftp-data,ftp
ACCEPT     icmp --  anywhere             anywhere            icmp 
echo-request
net2all    all  --  anywhere             anywhere

Chain reject (11 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = 
broadcast
DROP       all  --  anywhere             anywhere            PKTTYPE = 
multicast
DROP       all  --  broadcast.net81-66-123.noos.fr  anywhere
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with 
tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with 
icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere            reject-with 
icmp-host-unreachable
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-host-prohibited

Chain shorewall (0 references)
target     prot opt source               destination

Chain smurfs (0 references)
target     prot opt source               destination
LOG        all  --  broadcast.net81-66-123.noos.fr  anywhere 
LOG level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  broadcast.net81-66-123.noos.fr  anywhere
LOG        all  --  255.255.255.255      anywhere            LOG level 
info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  255.255.255.255      anywhere
LOG        all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            LOG 
level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message