Find the answer to your Linux question:
Results 1 to 5 of 5
i had a scenario like this(of three or four machines ) Machine-1(LINUX RHEL3) 192.168.1.12 as sendmail server , dns server and also apache server Machine -2(linux RHEL3) another machine having ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Posts
    2

    firewall problem


    i had a scenario like this(of three or four machines )
    Machine-1(LINUX RHEL3)
    192.168.1.12 as sendmail server , dns server and also apache server
    Machine -2(linux RHEL3)
    another machine having two nic cards
    eth0 192.168.1.17
    eth1 10.0.0.1
    and on this machine(machine -2) i had configured transparent proxy like this
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_users_host_header on
    and an acl list is allowed for network 10.0.0.0
    and on this machine my firewall rules are like this
    iptables -t nat -A PREROUTING -i eth0 -p eth0 -p tcp --dport 80 -j
    REDIRECT --to-port 3128

    iptables -t nat -A POSTROUTING -p tcp -s 0/0 --dport 110 -j MASQUERADE
    iptables -t nat -A POSTROUTING -p tcp -s 0/0 --dport 25 -j MASQUERADE

    Machine -3(windows machine)
    ip adress 10.0.0.15 and gateway as 10.0.0.1
    FROM THIS MACHINE i am able to send and receive mails from my
    sendmail server through microsoft outlook (THROUGH SQUID TRANSPARENT
    PROXY )
    through smtp and pop id of my sendmail server(192.168.1.12)

    BUT I AM NOT ABLE TO BROWSE THE WEB SERVER USING MY DOMAIN NAME BUT I
    CAN BROWSE USING IP ADDRESS
    LIKE HTTP://192.168.1.12 AND IS WORKING FINE
    MY DNS IS WORKING FINE
    I KNOW THE PROBLEM IS REGARDING DNS. AS FIREWALL IS NOT ALLOWING DNS
    BEHIND THE FIREWALL
    HOW CAN I ALLOW DNS BEHIND THE FIREWALL SO THAT I CAN HAVE A ACCESS
    TO MY WEBSERVER LIKE WWW.SUN.COM
    OR IS THERE ANY CONFIGURATION MISSING PLEASE LET ME KNOW

  2. #2
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    dns uses port 53, open up both TCP and UDP

    hope this helps

    and please STOP USING ANNOYING CAPS, it's hard to read

  3. #3
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    please stop using all capitols it is not good etiqeit and it is in the forum rules http://www.linuxforums.org/rules.php
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Feb 2005
    Posts
    2

    firewall problem

    sorry for writing in caps
    used this still not working
    iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:6535 -j ACCEPT
    iptables -A INPUT -p udp - eth0 --sport 53 --dport 1024:6535 -j ACCEPT

    is this rule ok or some modification is required

  6. #5
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    if your iptables is acting as a firewall, use iptables -A FORWARD

    Try to drop 1024:6535 (by the way, the maximum number is 65535, not 6535)

    good luck

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •