Timothy Lee Young on Fri, 2 Nov 2001 13:50:10 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] IPChains Question: HTTP port access


The IP addresses will not be changing... ethernet addresses are cool, but
I'd rather stick with IP addresses.  There will be just a few,
non-contiguous IP addresses that I want to allow access to the HTTP port.

I've considered IPtables--and I run Red Hat Linux 7.2 so it should be able
to do it, but don't I have to do things like insmod or enable IP tables in
the kernel?  I don't quite feel ready to fool around with the kernel on
this yet, and IPchains is readily available.


On Thu, 1 Nov 2001 paul@dpagin.net wrote:

> Is there any possibility of the IP addresses changing? If the
> computers are on the same network segment, you might be able to use
> MAC addresses instead of IPs.
> 
> I can't pull the syntax out of my hat right now. Have you looked at
> the IPchains HOWTO?
> 
> It might be a good idea to get used to IPtables instead of IPchains.
> 
> 
> 
> Timothy Lee Young wrote:
> > 
> > Greetings, all!
> > 
> > I'm new to the world of IPchains firewall, and I'm attempting to secure a
> > Linux server.  I know a few IPChains basics, such as I have closed off my
> > designated server to all traffic (types of services, http/telnet/etc) from
> > all users, except I have it opened for 'all traffic' for certain designated
> > users.  But here's my question--
> > 
> > Instead of closing off the server the way I have, I'd prefer to leave the
> > server and traffic open to all, except I'd like to close off HTTP port 3000
> > to everyone reading it EXCEPT a few designated IP addresses (so these
> > designated machines can read/pull data from HTTP port 3000).  I have a
> > network monitoring package running and users can view it's data on HTTP port
> > 3000, and would like only users on select machines (IP addresses) to access &
> > view the data (web page).  What is the IPchains command/setup to do this?
> > 
> > Thanks, in advance for all your help!
> > Tim
> > 
> > ______________________________________________________________________
> > Philadelphia Linux Users Group       -      http://www.phillylinux.org
> > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> > General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug
> 
> ______________________________________________________________________
> Philadelphia Linux Users Group       -      http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug
> 


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug