iptables and virtual hosts problem
- From: Erik Persson <erik-maillist@xxxxxxxxxx>
- Date: Tue, 30 Oct 2007 17:09:50 +0100
Hello!
I have a server which is running 2 different virtual hosts (vserver), let's call them S for the server, A and B for the virtual hosts A and B.
S, A and B have different ip-addresses (say s.s.s.s, a.a.a.a and b.b.b.b).
Since the server isn't really forwarding anything I haven't used the FORWARD chain for anything, and I use INPUT and OUTPUT to regulate the flow to the different servers, for example:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -I INPUT -d a.a.a.a -p tcp --dport 80 -j ACCEPT
on the server
seems to do what I want. In the example above letting A and only A answer requests on port 80.
However, when I try to regulate the flow of traffic between the different "machines" (S, A, and B) strange things happen.
For example:
iptables -I OUTPUT -d a.a.a.a -p tcp --dport 25 -j ACCEPT
doesn't only allow any of the "machines" to try to contact port 25 on A, but it *also allows A to answer* !!!
I would very much like to know why:
iptables -I INPUT [...] -d a.a.a.a -p tcp --dport 25 -j ACCEPT
isn't required.
Thanks in advance!
/erik
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: iptables and virtual hosts problem
- From: Andrew Sackville-West
- Re: iptables and virtual hosts problem
- Prev by Date: RE: /etc/host.conf questions
- Next by Date: Re: iptables and virtual hosts problem
- Previous by thread: /etc/host.conf questions
- Next by thread: Re: iptables and virtual hosts problem
- Index(es):
Relevant Pages
|
|
