[101688] in RedHat Linux List
Re: Can go out!
daemon@ATHENA.MIT.EDU (Michael Jinks)
Sat Nov 28 15:57:41 1998
Date: Sat, 28 Nov 1998 20:51:55 +0000
From: Michael Jinks <michael@twopoint.com>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Rafi wrote:
>
> Does apache comes
> with proxy capabilities?
It does indeed, at least these days (not sure if it's had it forever).
That would certainly get around ipfwadm.
Don't know what to tell you about the Apache part (I could read the docs
for you but that wouldn't be doing you any favors, and really it isn't
Apache that's broken anyhow) but if you'd like to start experimenting
with opening things up a bit on the firewall, I can advise you there.
Probably the first thing to check is like so:
# cat /proc/sys/net/ipv4/ip_forward
If you get a 0, then IP forwarding hasn't been enabled at all, and you
will need to fix that in your network config scripts, possibly also in
the kernel itself.
Whatever your result above, check to be sure that ipfwadm is really
present and enabled on your system. As root, type "ipfwadm -Il",
"ipfwadm -Ol", and "ipfwadm -Fl" and examine the results. You might
want to save the output of those commands to files for easy examination,
but it's probably not a good idea to post them, at least not yet.
If ipfwadm is present but fails with an error like "IP forwarding not
enabled in the kernel," then you may need to compile a new kernel.
Once you've learned a bit about how ipfwadm works (there is a decent
manpage, the firewall HOWTO talks about it IIRC, and there is a really
neat utility to help you get the details right available as a module for
the Dotfile Generator: http://dune.wolfenet.com/~jhardin/ipfwadm.html),
then set up your own table of commands and experiment. Be careful,
because although it sounds like you don't have much to lose right now,
ipfwadm might be able to shut off the service that you do have if you
feed it the wrong commands. Users can be so cranky sometimes. . .
And of course, be careful in general. The fact that you have a firewall
suggests that you have sensitive systems on the inside, and one can
tread a difficult path between security and functionality, as you're
seeing now. If you haven't already, read a good book on network
security, or better yet a book on UNIX firewalls (O'Reilly has one
called, oddly enough, "Building Internet Firewalls," and there's a link
at the DotFileGen page).
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
