sslug-teknik team mailing list archive

Thread
Date

Re: Firewall

To: sslug-teknik@xxxxxxxx
From: Gunner <gunner@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Nov 2008 23:36:16 +0100
Delivered-to: mailing list sslug-teknik@xxxxxxxx
In-reply-to: <78e398b30811240524p3822e7c0w7c110a00c75419d5@mail.gmail.com>
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
Sender: gcarst@xxxxxxxxx

24. nov. 2008 14.24 skrev Doc Nielsen <docnielsen@xxxxxxxxx>:
> On Mon, Nov 24, 2008 at 12:58 PM, Gunner <gunner@xxxxxxxxxxxxxxxxxxxx> wrote:
>>> netstat -anp | grep apache
>> tcp6       0      0 :::80                   :::*
>> LISTEN     10291/apache2
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:3401
>> ESTABLISHED11036/apache2
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:3391
>> ESTABLISHED11037/apache2
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:3390
>> ESTABLISHED12421/apache2
>> unix  3      [ ]         STREAM     CONNECTED     717071   11037/apache2
>>
>>
>>> netstat -anp | grep ':80'
>> tcp        0      0 10.10.1.98:59213        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59212        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59214        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59209        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59208        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59210        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59205        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59204        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59207        194.182.134.43:80       FIN_WAIT2  -
>> tcp        0      0 10.10.1.98:59203        194.182.134.43:80       FIN_WAIT2  -
>> tcp6       0      0 :::80                   :::*  LISTEN     10291/apache2
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:3401   TIME_WAIT  -
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:3391
>> ESTABLISHED11037/apache2
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:3390   TIME_WAIT  -
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:2807   TIME_WAIT  -
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:2806   TIME_WAIT  -
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:10.10.1.1:2809   TIME_WAIT  -
>> tcp6       0      0 ::ffff:10.10.1.98:80    ::ffff:208.36.144.:4392 TIME_WAIT  -
>
> ja, den lytter på port 80
>  tcp6       0      0 :::80                   :::* LISTEN     10291/apache2
> Det ser meget fint ud.
>
> Så må vi jo kigge på iptables
>
> iptables -n -L |grep 80

:~# iptables -n -L |grep 80
Giver ingenting. Prøver jeg uden grep giver det:

:~# iptables -n -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


>
> ( eller iptables-save |grep 80 )

~# iptables-save | grep 80
:OUTPUT ACCEPT [2687499:4288803885]
:POSTROUTING ACCEPT [2687499:4288803885]

Siger ikke mig så meget ?

mvh
Gunner



>
> -Doc
> --
> No trees were killed in the sending of this message
> However, a large number of electrons were terribly inconvenienced.
> Also, Wil Wheaton Says, "Don't be a dick!"
>

References

Firewall
From: Gunner, 2008-11-24
Re: Firewall
From: Doc Nielsen, 2008-11-24
Re: Firewall
From: Gunner, 2008-11-24
Re: Firewall
From: Doc Nielsen, 2008-11-24
Re: Firewall
From: Gunner, 2008-11-24
Re: Firewall
From: Doc Nielsen, 2008-11-24