First, make sure that the server is actually running and that you can ping it from another computer on the network. Occasionally you may need to do disable that completely manually, especially if you are not using the iptables script, try the following commands to flush all the kernel rules tables (Thanks Lloyd).If you’re trying to connect to a Linux server running Webmin from your home network, and you can’t seem to get it to work, there are a few things you can try. # remove all the rules by stopping iptables: On your VPS command line, you should now be able to run iptables -list to get a listing of all the active rules. If you accidentally setup an iptable rule that locks you out of your RimuHosting VPS then you can enable the console-over-ssh feature and stop iptables from there, then re-setup your rules. Under debian comment out or remove the line that triggers the rule file loading, from /etc/network/interfaces. To prevent the rules being loaded on boot, on a CentOS/RHEL server use chkconfig -del iptables Some more advanced topics are covered at Webmin: Linux Firewall Managing the firewall manually A INPUT -p udp -m udp -dport 33434:33523 -j ACCEPT A INPUT -p tcp -m tcp -dport 1024:63353 -j ACCEPT # Allow connections to unprivileged ports A INPUT -p tcp -m tcp -dport 7000:7010 -j DROP A INPUT -p tcp -m tcp -dport 6000:6063 -j DROP A INPUT -p tcp -m tcp -dport 2049:2050 -j DROP A INPUT -p icmp -m icmp -icmp-type echo-request -j ACCEPT A INPUT -p tcp -m tcp -dport auth -j ACCEPT A INPUT -p tcp -m tcp -m multiport -j ACCEPT -dports ssh,www,https,pop3,smtp,imap,imaps,pop3s,10000 A INPUT -p icmp -m icmp -icmp-type parameter-problem -j ACCEPT # Accept notifications of protocol problems A INPUT -p icmp -m icmp -icmp-type time-exceeded -j ACCEPT A INPUT -p icmp -m icmp -icmp-type source-quench -j ACCEPT # Accept notifications to reduce sending speed A INPUT -p icmp -m icmp -icmp-type destination-unreachable -j ACCEPT # Accept notifications of unreachable hosts A INPUT -p icmp -m icmp -icmp-type echo-reply -j ACCEPT A INPUT -p udp -m udp -dport 1024:65535 -sport 53 -j ACCEPT A INPUT -m state -state RELATED -j ACCEPT # Allow data that is related to existing connections A INPUT -m state -state ESTABLISHED -j ACCEPT # Allow incoming data that is part of a connection we established A INPUT -p tcp -m tcp -tcp-flags ACK ACK -j ACCEPT # Accept traffic from internal interfaces When you're done, you will have an /etc/sysconfig/iptables (or /etc/iptables.up.rules under debian) similar to this: # Generated by iptables-save v1.2.7a on Sat Sep 27 02:06:00 2003 Set Destination TCP or UDP port 'Equals' 'Port Range' '33434' to '33523'.For Rule Comment set "Allow traceroutes".10000 webmin/virtualmin (remote access).Add in whatever other ports you need, or remove ports you want to exclude.On the Edit Rule page, go down to the "Destination TCP or UDP port" option.On the next page there will be a bunch of options, select "If protocol is TCP and destination port is ssh".You don't need to enter anything in the input to the right of the "eth0" dropdown.The dropdown show read "eth0", change it to that if it is something else like bond0.Select the "Block all except SSH, IDENT, ping and high ports on interface" option.Webmin will create a new set of default rules for you, if you select the "Reset Firewall" button at the bottom.The Webmin interface in particular can be handy for this. if you have multiple IPs or interfaces, you may need separate rules for each.Keep your server up to date (eg per Debian/Ubuntu and CentOS) firewalls don't protect you from insecure services.the very best way to prevent someone from accessing services on your VPS is to simply to not run those services.We provide direct console access for VPS customers in case you get stuck. mis-configuring a firewall can prevent you from accessing your own server.You can also configure a firewall on your VPS using one of our optional hosting panels.īefore you decide to set up a firewall, please note. There are a number of frameworks that have been build around iptables, including Firewald (CentOS), and Uncomplicated Firewall aka UFW (Ubuntu). (There is a newer nftables command that has a iptables compatibility layer so it can still be used like iptables.) The main low level command used to do this in linux is 'iptables'. Securing Your Server: Setting up a Linux FirewallĪ firewall is software that lets you manage network access to your server.
0 Comments
Leave a Reply. |