httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasiliy Boulytchev" <vasi...@boulytcheva.com>
Subject RE: [users@httpd] problem with distant vs. local acces with apache 2
Date Mon, 14 Jun 2004 18:22:17 GMT

Ah!   Post-Code-Red / slash / control system.  Well, if you want, check out
our website, you can have simple hosting for under 10 bucks.  If you want to
play with Apache (which is always great), find a normal ISP. :) 


Vasiliy Boulytchev
Colorado Information Technologies, Inc.
http://www.coinfotech.com

-----Original Message-----
From: irisson jean-olivier [mailto:jo.irisson@noos.fr] 
Sent: Monday, June 14, 2004 11:44 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] problem with distant vs. local acces with apache
2


Vasiliy Boulytchev wrote:
>  Vasiliy Boulytchev wrote: 
>>My first guess with Md 10.0 is msec :)
> 
> I guess this was a joke but sorry, my english/computer knowledge is 
> not good enough to understand this one... :-(
> 
> No joke,  with Mandrake 10.0 you get msec.  Mandrake Security.  Adds 
> neat and easy lock downs to your system.

ok thanks. I found about this after sending you my reply. sorry. I'll check
for this but in fact I don't really need a very secure system not beeing on
a network or having much network activity (apart from a simple Apache web
server!). In addition I do not really know who would want to break into my
computer ;-)

Anyway I think I dicovered something while trying to set up this:
             Apache is great but my ISP is crap!!!
After several emails they finally sent me back to (paying) technical phone
assistance which was barely capable of understanding my problem. 
They conclude by saying that port 80 should indeed be blocked and that there
was nothing to do about it.

I'm therefore sorry to have wasted your time, the problem apparently came
from something independant of Apache. I am nevertheless willing to thank you
for the great deal of assistance I found here: quick and efficient (the
complete opposite of my ISP's ;-) ). I'll might contact you in the future if
I have a problem with another server... as soon as I've changed my ISP!
thank again and I'll keep reading this list anyway.

> What does your firewall rules say?   Iptables -L

In case you still want to know ;-). my firewall is supposed to block
everything except acces to a ftp, ssh and web server (so 21, 22 and 80
should be open) here is the output of iptables -L:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP      !icmp --  anywhere             anywhere            state INVALID
eth0_in    all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:INPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP      !icmp --  anywhere             anywhere            state INVALID
eth0_fwd   all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:FORWARD:REJECT:'
reject     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP      !icmp --  anywhere             anywhere            state INVALID
fw2net     all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:OUTPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain Drop (1 references)
target     prot opt source               destination
RejectAuth  all  --  anywhere             anywhere
dropBcast  all  --  anywhere             anywhere
DropSMB    all  --  anywhere             anywhere
DropUPnP   all  --  anywhere             anywhere
dropNonSyn  all  --  anywhere             anywhere
DropDNSrep  all  --  anywhere             anywhere

Chain DropDNSrep (2 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp spt:domain

Chain DropSMB (1 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:135
DROP       udp  --  anywhere             anywhere            udp 
dpts:netbios-ns:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp 
dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:135
DROP       tcp  --  anywhere             anywhere            tcp 
dpt:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp 
dpt:microsoft-ds

Chain DropUPnP (2 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:1900

Chain Reject (4 references)
target     prot opt source               destination
RejectAuth  all  --  anywhere             anywhere
dropBcast  all  --  anywhere             anywhere
RejectSMB  all  --  anywhere             anywhere
DropUPnP   all  --  anywhere             anywhere
dropNonSyn  all  --  anywhere             anywhere
DropDNSrep  all  --  anywhere             anywhere

Chain RejectAuth (2 references)
target     prot opt source               destination
reject     tcp  --  anywhere             anywhere            tcp dpt:auth

Chain RejectSMB (1 references)
target     prot opt source               destination
reject     udp  --  anywhere             anywhere            udp dpt:135
reject     udp  --  anywhere             anywhere            udp 
dpts:netbios-ns:netbios-ssn
reject     udp  --  anywhere             anywhere            udp 
dpt:microsoft-ds
reject     tcp  --  anywhere             anywhere            tcp dpt:135
reject     tcp  --  anywhere             anywhere            tcp 
dpt:netbios-ssn
reject     tcp  --  anywhere             anywhere            tcp 
dpt:microsoft-ds

Chain all2all (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:all2all:REJECT:'
reject     all  --  anywhere             anywhere

Chain dropBcast (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = 
broadcast
DROP       all  --  anywhere             anywhere            PKTTYPE = 
multicast

Chain dropNonSyn (2 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp 
flags:!SYN,RST,ACK/SYN

Chain dynamic (2 references)
target     prot opt source               destination

Chain eth0_fwd (1 references)
target     prot opt source               destination
dynamic    all  --  anywhere             anywhere            state NEW

Chain eth0_in (1 references)
target     prot opt source               destination
dynamic    all  --  anywhere             anywhere            state NEW
net2fw     all  --  anywhere             anywhere

Chain fw2net (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain icmpdef (0 references)
target     prot opt source               destination

Chain net2all (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
Drop       all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Shorewall:net2all:DROP:'
DROP       all  --  anywhere             anywhere

Chain net2fw (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport 
dports http,https,ssh,ftp-data,ftp
ACCEPT     icmp --  anywhere             anywhere            icmp 
echo-request
net2all    all  --  anywhere             anywhere

Chain reject (11 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = 
broadcast
DROP       all  --  anywhere             anywhere            PKTTYPE = 
multicast
DROP       all  --  broadcast.net81-66-123.noos.fr  anywhere
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with 
tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with 
icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere            reject-with 
icmp-host-unreachable
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-host-prohibited

Chain shorewall (0 references)
target     prot opt source               destination

Chain smurfs (0 references)
target     prot opt source               destination
LOG        all  --  broadcast.net81-66-123.noos.fr  anywhere 
LOG level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  broadcast.net81-66-123.noos.fr  anywhere
LOG        all  --  255.255.255.255      anywhere            LOG level 
info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  255.255.255.255      anywhere
LOG        all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            LOG 
level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message