HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   Server setup for Web Purposes with custom Firewall (http://www.howtoforge.com/forums/showthread.php?t=2325)

ramangill 31st January 2006 21:34

Server setup for Web Purposes with custom Firewall
 
Hi,

I am a little bit of a newbie starting out with Linux. I must say that I am pretty impressed so far. I just managed to get my firewall setup and let me explain the setup as to how I got there so you have an understanding of my architecture and will allow you guys to help me here.

Linux Distro: Fedora Core 4
2 NIC cards.
-eth0 has DSL line coming in from provider
-eth1 is connected to D-LINK router with an IP of 192.168.*.*
Running FireStarter (http://www.fs-security.com/) as my firewall and it is up an running. I can ping my XP box and vice versa.

Question #1: I am able to SSH into my linux box from PC’s within my network. I would like to also connect to my linux box from my work also via SSH, but I am unsure as to how? Can someone please help?

Questions #2: I read the “Perfect Setup for Fedora Core 4”, and there are some gaps that I need answered to as my setup is a little different. I would like to setup my Linux Firewall box as a Web Server as well with Apache running on it. What would be the steps for this if I am running a setup like I have listed above as the document on the site assumes you have a static IP address from your provider with a host name?

I hope this all makes sense. If not, please post a reply and I will reply in more detail.

Thanks again 

falko 1st February 2006 14:23

Is your Fedora box in a local network behind a router, or is it directly connected to the internet? Why does it have 2 network cards? I found this a little bit unclear...

ramangill 1st February 2006 15:52

Hi Falko,

Thanks for your reply. My Linux box is acting as the firewall and as such I have 2 NIC cards. eth0 has the external line from my DSL Provider and eth1 has the internal line with an IP of 192.168.*.* and is directly connected to my D-LINK router. So I guess "Yes, my linux box is in a local network behind a router.

Also, I last night just setup a domain and configured it with Apache, and I am able to run http://localhost and http://IP_ADDRESS_OF_SERVER and I can see my Apache test page, but when I http://mydomain.org is comes to some sort of Modem Status page from my provider...weird????!!!!! Why do I not see the apache test page like I should be. The reason why I am posting it here is because it almost seems like the same thing where an outside source is not able to see my network/domain. Internall I can run everything smoothly, but from the outside I can not.

I did read a little more on the web after I posted this that thing much be 99% more easier if I had domain registered and configured on my linux box with Apache, which I did now. So essentially I can SSH into my domain and get onto that Linux box like SSH mydomain.com

I hope this clears up some things for you :)

Awaiting for your reply eagerly :)

ramangill 1st February 2006 17:36

Also, I went to your site and read up on "Perfect Setup for Fedora Core 4". Can you please explain a little more on ISPConfig. I went to the site and I am still a little unclear as to the purpose of it. Is it a GUI for a firewall like FireStarter?

Should I be using ISPConfig to benifit my needs?

falko 1st February 2006 17:41

Quote:

Originally Posted by ramangill
My Linux box is acting as the firewall and as such I have 2 NIC cards. eth0 has the external line from my DSL Provider and eth1 has the internal line with an IP of 192.168.*.* and is directly connected to my D-LINK router. So I guess "Yes, my linux box is in a local network behind a router.

Your server has two network cards, one having the DSL line. But why then do you need another router (D-Link)? :confused:

Quote:

Originally Posted by ramangill
Also, I last night just setup a domain and configured it with Apache, and I am able to run http://localhost and http://IP_ADDRESS_OF_SERVER and I can see my Apache test page

IP_ADDRESS_OF_SERVER: is it your public IP address, or your internal one (192.168.*.*)?

Quote:

Originally Posted by ramangill
but when I http://mydomain.org is comes to some sort of Modem Status page from my provider...weird????!!!!! Why do I not see the apache test page like I should be. The reason why I am posting it here is because it almost seems like the same thing where an outside source is not able to see my network/domain. Internall I can run everything smoothly, but from the outside I can not.

I guess it's either a problem with the DNS records of mydomain.org, or you haven't properly enabled port forwarding on your router (but to know better I have to fully understand your network setup first -> why do you have another router (D-Link)).

falko 1st February 2006 17:51

Quote:

Originally Posted by ramangill
Also, I went to your site and read up on "Perfect Setup for Fedora Core 4". Can you please explain a little more on ISPConfig. I went to the site and I am still a little unclear as to the purpose of it. Is it a GUI for a firewall like FireStarter?

ISPConfig is a server control panel like Plesk, Cpanel, ..., but it's free. You can manage web sites, email addresses, databases, quota, DNS records, etc. with it, and you have 3 levels of administration: the admin user, resellers, and clients.
You can also set up a simple firewall with it. With this firewall you can block ports. It's good for servers, but as I'M not quite sure yet if your system is also acting as a router I can't tell you if the ISPConfig firewall is good for you.

ramangill 1st February 2006 17:55

Sorry, let me be a little more clear and in detail.

The way I set it up is the way many online howto documents are telling me to do it. Here are two examples:
#1
http://www.webmonkey.com/webmonkey/9...tml?tw=backend
(Look at the 4th Paragraph)
#2
http://www.fs-security.com/docs/connection-sharing.php
(This is the site for the firewall app and it also gave a rundown on how to setup a home firewall)

So my 2nd NIC card is plugged into my Hub/Router and the rest of my PC's (Windows based for now) are set with a static IP like 192.168.*.* with the default gateway set to the IP address of the eth1 on my linux box

The IP_ADDRESS_OF_SERVER is the IP Address of my Linux machine (192.168.*.*) and not of the DSL Provider (I assume you mean this as my public IP Address)

Does this give you a better understanding of what I have setup? Another thing I have now noticed is that to try and work with my D-LINK Router to see if I can enable port forwarding, I need to get into my D-LINK settings via logging into it as the IP Address of the router is 192.168.0.1 (the default). But now I can not for some reason. It will not reconize it anymore. What happened here????

Any other questions please ask.

Also, great site!!! I like what you have done with it and there is plenty of info there for people like me :)

ramangill 2nd February 2006 06:41

I just wanted to give an update here. I was fooling around a little more this evening and this is where I got now. I am no longer seeing my DSL's modem status page when I type http://idbsgroup.hoptp.com. Now I see the infamous page can not be found on XP and on my linux machine I get "The connection was refused when attempting to contact 69.156.*.*:8***"

So when I do a ping on my domain it is working now and I can do it from the web also (I had my friend test it with ping). When I performed a trace route, it went back to my domain provider so I am assume I got the domain issue solved. Now it seems like my firewall is not letting me see my apache test page. In my httpd.conf file I have an entry for my listener as

listen 192.168.*.*:8***
Is this right? Or should I have

listen 8***
???

So now my issue is why I can not access the actual page now. Seems like I have gotten one step further :)

falko 2nd February 2006 10:33

Quote:

Originally Posted by ramangill
In my httpd.conf file I have an entry for my listener as

listen 192.168.*.*:8***
Is this right? Or should I have

listen 8***
???

Try to put
Code:

Listen 80
in httpd.conf instead of
Code:

listen 192.168.*.*:8***
, at least for debugging purposes. Then restart Apache.

falko 2nd February 2006 10:36

I've just found out this:

Code:

# dig idbsgroup.hoptp.com

; <<>> DiG 9.2.1 <<>> idbsgroup.hoptp.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59337
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;idbsgroup.hoptp.com.          IN      A

;; ANSWER SECTION:
idbsgroup.hoptp.com.    86400  IN      CNAME  pjn.qsrch.net.
pjn.qsrch.net.          30      IN      A      64.94.29.64


;; AUTHORITY SECTION:
qsrch.net.              257344  IN      NS      ns3.qsrch.net.
qsrch.net.              257344  IN      NS      ns4.qsrch.net.
qsrch.net.              257344  IN      NS      ns1.qsrch.net.
qsrch.net.              257344  IN      NS      ns2.qsrch.net.

;; ADDITIONAL SECTION:
ns1.qsrch.net.          172799  IN      A      64.74.134.1
ns2.qsrch.net.          259199  IN      A      64.74.134.51
ns3.qsrch.net.          172799  IN      A      64.94.29.1
ns4.qsrch.net.          172799  IN      A      64.94.29.51

;; Query time: 821 msec
;; SERVER: 81.169.163.104#53(81.169.163.104)
;; WHEN: Thu Feb  2 09:34:44 2006
;; MSG SIZE  rcvd: 216

So idbsgroup.hoptp.com points to pjn.qsrch.net which then points to 64.94.29.64. Is this your public IP address?


All times are GMT +2. The time now is 12:58.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.