FC4 - SSL přístup na Webmin

vitan · listopad 24, 2005, 2:20pm

Na FC4 mám rozchozený Webmin 1.240, defaultně na portu 10000. Chtěl bych na něj mít zabezpečený přístup. Postupoval jsem přesně podle tohoto návodu: http://www.webmin.com/ssl.html . (nainstaloval Net::SSLeay, povolil SSL Encryption a vytvořil tunel). Https připojení jede, bohužel tunel na portu 10001 ne. Nevíte si s tím někdo rady? Díky

covex · listopad 24, 2005, 4:24pm

A co na to rikaji iptables a chain FORWARD? Neni problem tam?

vitan · listopad 25, 2005, 9:29am

V iptables mám port 10001 povolený. Stále to nejede, ani když vypnu firewall, možná bude chyba někde jinde? Nu nejsem expert, pro jistotu přikládam konfigurák.

Firewall configuration written by system-config-securitylevel

Manual customization of this file is not recommended.

*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 10000 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 10001 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Generated by webmin

*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

Completed

Generated by webmin

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

Completed

[root@postmaster ipv4]# iptables -v -L
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all – any any anywhere anywhere

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2567 256K RH-Firewall-1-INPUT all – any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 918 packets, 525K bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – lo any anywhere anywhere
0 0 ACCEPT icmp – any any anywhere anywhere icmp any
0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere
0 0 ACCEPT ipv6-auth-- any any anywhere anywhere
0 0 ACCEPT udp – any any anywhere 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp – any any anywhere anywhere udp dpt:ipp
734 65204 ACCEPT all – any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp – any any anywhere anywhere state NEW tcp dpt:ssh
0 0 ACCEPT tcp – any any anywhere anywhere state NEW tcp dpt:http
0 0 ACCEPT tcp – any any anywhere anywhere state NEW tcp dpt:ftp
0 0 ACCEPT tcp – any any anywhere anywhere state NEW tcp dpt:smtp
17 816 ACCEPT tcp – any any anywhere anywhere tcp dpt:10000 state NEW
5 240 ACCEPT tcp – any any anywhere anywhere tcp dpt:10001 state NEW
1811 190K REJECT all – any any anywhere anywhere reject-with icmp-host-prohibited

vitan · listopad 25, 2005, 1:21pm

Díky za poradu, už to jede! Jak říkal jeden můj profesor: člověk by se za prvé měl naučit POŘÁDNĚ číst