[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Help on Qube 3 firewall setup
- Subject: Re: [cobalt-users] Help on Qube 3 firewall setup
- From: "dr. mikey." <mikey@xxxxxxxxxxxxxxxxx>
- Date: Mon Mar 4 03:47:03 2002
- Organization: biosearch technologies, inc.
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
milend wrote:
> As far as I understand I can create Input rules only if I need to
> restrict the access to our LAN from outside.
this is correct, except that you really do need to restrict access to
your lan, unless you really like being hacked of course. use the
firewall to close any unnecessary incoming ports, otherwise you are
leaving yourself vulnerable.
> I do not have to specify Output rules if I want all computers in our
> LAN to have access to Internet.
correct
> So, I do not have any input/output rules and still I can not access
> the web server running in out LAN. Even when the basic firewall is
> off I can't access the website.
>
> Do I need to have some other products installed? Or just change of
> firewall configuration is enough? If so what do I need to change
> in order to make the web server accessible for the outside world?
the firewall alone will not give you access to your internal webserver.
you will need to install something else to do so. basically, by
default webservers are accessed through port 80, so all incoming traffic
on port 80 will be stopped by the qube's built in webserver. if you
want to access an internal webserver, you will need to forward web
traffic to the internal computer. you do this using "port forwarding".
you can search the archives (and elsewhere) for more discussions about
how to re-direct traffic to internal ports.
fortunately, the emea group has created a nice little pkg file you can
install through the web gui on your qube that will provide port
forwarding for you (i think it is even gui configurable). i've not yet
used this package myself (i use a different 3rd party utility called
portfwd, you can search the archives if interested), but if you want to
try it, it can be found at:
http://pkgmaster.com/i386/Q3-Portfw-1.1.pkg
however, you need to be careful here. the problem is that if you
forward all web traffic from the qube to a different computer on your
lan, then you will no longer be able to access the qube's public website
(including the web-based admin gui for your qube if you aren't careful).
this will probably not make you happy. to get around this you could
specify a different port in the url and then forward that port to port
80 on the internal computer. for example, you could use the alt http
port, 8080, which would make your url "www.mydomain.com:8080". of
course you also have to make sure that whatever port you use does not
conflict with another service and that it is open in the firewall.
for a comprehensive list of port numbers see:
http://www.redhat.com/support/resources/tips/urls/txt/port_numbers
it occurs to me that you may be able to set this up without port
forwarding by using dns on the qube, but someone else will have to help
you with that, as do not use dns on our qube and am not even sure if dns
alone would work in your case.
anyway, good luck.
mikey.
--
mike songster work1: www.biosearchtech.com
mikey@xxxxxxxxxxxxxxxxx work2: www.chem.umn.edu/orgs/ampepsoc
an eye for an eye leaves the whole world blind
gandhi