I'm currently running pmfirewall to set up my firewall....It's doing a great job setting things up with one exception: I can't seem to open my http port 80. I have the following ipchains line withink pmfirewall's script:

ipchains -A input -p tcp -s 0/0 -d outer.ip/32 80 -j ACCEPT

Now, I thought this would do it, but according to www.grc.com, (http://www.grc.com,) my port 80 is still in "Stealth" mode.

Does anyone know what else could be blocking this, or am I doing something wrong? I'm running Mandrake 8.0. Thanks in advance!!

-Tack

are you running port sentry??

You may need a output rule also.

ipchains -A output -p tcp -d 0/0 -s outer.ip 80 -j ACCEPT

I don't use a /32 with a single ip, doesn't seem to make a difference.

Mychl, I've tried it with and without portsentry (standard config files for it) with no luck.

jumpedintothefire, I added that output chain as you had suggested, and there doesn't seem to be any change.

Any other possibilities? This is really driving me nuts!?

-Tack

This is my line in a pmfirewall assisted setup.

OUTERIF=eth0
REMOTENET=0/0
OUTERIP=`ifconfig $OUTERIF | grep inet | cut -d : -f 2 | cut -d \ -f 1`
OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
OUTERNET=$OUTERIP/$OUTERMASK


#HTTPD
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 80 -j ACCEPT

This should work. One thing make sure you flush your chains first before, you might have rules already blocking port 80.

I seem to have that exact code in my system, but I still can't seem to gain outside access to my web site. By default, pmfirewall utility flushes all chains when it begins its scripts.

Does anyone know of other prog's that would be blocking this port? I can access the site flawlessly from my internal network (unrestricted access), so I know httpd is actually running.

Since no-one else has asked and your still having trouble...

Are you sure your isp is not blocking port 80 attempts?

Glowworm, I believe that's the case, unfortunatley.....I've been able to have a server up for quite a while now, but looking further into it, I've found that my isp's policy is that they "...do not allow servers to be connected to the cable modem...... So perhaps they've just started blocking port 80 connects.....If that's the case, it's a major bummer. C'est la vie, I guess!

-Tack

is your system blocking syn packet requests on that port?
do you have something like this in your rules?

ipchains -A input -p tcp -y -s 0/0 -d 0/0 -j DENY

note the -y that is the "Syn packet" switch in ipchains if you do you'll have to accept syn packets on that port

Ispider,

I don't have that string anywhere in my ipchains rules....What's this "syn packet" deal? Should I add it to my rules for port 80? I've never heard of that before.....

As I mentioned before, I had absoluetly no problems with this stuff in Mandrake 7.1, but when I reinstalled from scratch to 8.0 (Total revamping of my server), I've never been able to get any connections to my web site from outside. HELP!? :mad: :mad: :mad:

i thought most isps were blocking port 80 cause of redworm anyway....but im pretty new to this so i could be thinking of it the wrong way....

This may sound silly but are you running the webserver? Has it started correctly and is it attached to port 80. Check the conf file it'll sya in there.

wurmy
If you block all port 80 connections you'd have no webserver, unless you bind apache to another port. But that would pretty much stop your webservice anyway.

Most webservers Linux or Unix won't be bothered too much due to the fact their completely unaffected by that exploit, only good old Microsoft IIS was/is affected.

"Now, I thought this would do it, but according to www.grc.com, (http://www.grc.com,) my port 80 is still in "Stealth" mode.

Does anyone know what else could be blocking this, or am I doing something wrong? I'm running Mandrake 8.0. Thanks in advance!!"


Originally posted by ferrol:
<STRONG>This may sound silly but are you running the webserver? Has it started correctly and is it attached to port 80. Check the conf file it'll sya in there.

wurmy
If you block all port 80 connections you'd have no webserver, unless you bind apache to another port. But that would pretty much stop your webservice anyway.

Most webservers Linux or Unix won't be bothered too much due to the fact their completely unaffected by that exploit, only good old Microsoft IIS was/is affected.</STRONG>


What he means is simply this. Most, or a lot of service providers are blocking port 80, thus making it imposible to get port 80 open to the bublic. Best bet to see if port 80 is closed is to go look around dsl reports.com for others using the same service provider as you, that are complaining about port 80 woe's. Or simply call your service provider. If port 80 is closed then there is no way it will be available to the public, but it would be available to a local network.

[ 22 August 2001: Message edited by: yogee ]

Well yogee, I'm using AT&T broadband (formerly MediaOne Roadrunner) in, you guessed it, the Boston area....Now, I did check my apache conf file and it is indeed attached to port 80. I'm going to try attaching to some other port, but it'll probably be a real pain in the arse to re-create all the links on my website.

I'll also check that dslreports.com place, but I don't know if that'll help me since I'm using a broadband cable modem. Thx for the info, though!

-Tack


P.S.
Anyone else have any clues?

http://www.dslreports.com/forums covers all or most broadband services. Seperate forums (even road runner) for many providers.