Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: HOWTO: Use iptables as firewall with a daemon on system startup

  1. #11
    Join Date
    Sep 2005
    Beans
    2

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    hello

    i have a little problem after installing and performing all the things published here for configuration of iptables. After that my server doesn't work anymore, nobody can connect to it. Just after I perform the command $ sudo /etc/init.d/iptables stop my server works perfectly. I don't really understand what is tha problem with iptables and how can I solve it. maybe someone had simmilar problem and can tell what is wrong? thanks

  2. #12
    Join Date
    Feb 2005
    Location
    Geneva, Switzerland
    Beans
    976

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Quote Originally Posted by chivchila
    hello

    i have a little problem after installing and performing all the things published here for configuration of iptables. After that my server doesn't work anymore, nobody can connect to it. Just after I perform the command $ sudo /etc/init.d/iptables stop my server works perfectly. I don't really understand what is tha problem with iptables and how can I solve it. maybe someone had simmilar problem and can tell what is wrong? thanks
    Which ports do you use ?

  3. #13
    Join Date
    Jun 2005
    Beans
    49

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Thanks for this tutorial, it gives a nice example of how to play with iptables.

    However, I think most Ubuntu users use a wm and firestarter is just a GUI to iptables. This would be a helpful comment before joe sixpack starts to mess up his network connections.

    What I have been wondering is that how we could you get a system that pops-up outgoing connection attempts and offers to make a rule of it (i.e. similar to Zonealarm etc in windows)? Does this really require recompiling the kernel?

    //mulperi

  4. #14
    Join Date
    Feb 2006
    Beans
    10
    Distro
    Ubuntu Breezy 5.10

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Hi!!
    because i am running my server without any security i am intend to use this script.But before that i want to ask you e few questions before apply it.

    1.I have two network interfaces in my server.I supose that the script works fine with two ethernet cards?
    2.I am running a proftpd server(standalone,anonymous) and ssh-server in other ports than the usuals.If i am guess right the only think i have to do is to change the ports number into the script. e.g 21-->1500 and 22--> 1600

    #ftp (20,21)
    if [ $allow_ftp -eq "1" ] ; then
    iptables -A INPUT -p tcp -m multiport --destination-ports ftp-data,ftp -j ACCEPT
    fi

    #ssh (22)
    if [ $allow_ssh -eq "1" ] ; then
    iptables -A INPUT -p tcp --dport ssh -j ACCEPT


    Thanks!!!!!!!

  5. #15
    Join Date
    Feb 2006
    Beans
    10
    Distro
    Ubuntu Breezy 5.10

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Everything works fine (apache2,ssh,mysql) exept my proftpd server in port 1980.
    Any ideas??

  6. #16
    Join Date
    Feb 2005
    Location
    Geneva, Switzerland
    Beans
    976

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Hello slapper

    1) Don't know this one. If iptables manages all interfaces, the answer is yes.

    2) Just change the port numbers or add a new service:

    First part of the script:
    Code:
    allow_proftpd="0"
    echo -n "Allow proftpd (y/n)? [y] "
    read input
    if [ -z "$input" ] || [ "$input" == "y" ] || [ "$input" == "yes" ] || [ "$input" == "Y" ] || [ "$input" == "YES" ] ; then
    	allow_proftpd="1"
    fi
    Second part
    Code:
    #proftpd (1500,1600)
    if [ $allow_proftpd -eq "1" ] ; then
    	iptables -A INPUT -p tcp -m multiport --destination-ports 1500,1600 -j ACCEPT
    fi

  7. #17
    Join Date
    Jun 2006
    Beans
    13
    Distro
    Ubuntu 6.06

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Excellent howto, much thanks!

    I have a suggestion though: This is most common for headless servers, I'd imagine. There's always the danger of mistakenly locking oneself out (say, disabling SSH accidentally). Is there a way to make this similar to resolution-switching safety? That is, have it give you 15 seconds to click 'Yes I am sure' after the firewall has been activated, and if you don't respond, disable the firewall...

  8. #18
    Join Date
    Feb 2005
    Location
    Geneva, Switzerland
    Beans
    976

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Quote Originally Posted by lutzky
    Excellent howto, much thanks!

    I have a suggestion though: This is most common for headless servers, I'd imagine. There's always the danger of mistakenly locking oneself out (say, disabling SSH accidentally). Is there a way to make this similar to resolution-switching safety? That is, have it give you 15 seconds to click 'Yes I am sure' after the firewall has been activated, and if you don't respond, disable the firewall...
    Yes you're right. But the script doesn't handle that feature, however some scripting is required to do that. However, you can use the 'at' command to do some actions at some time (like deactivating the firewall).

    But notice that this script must be used by people knowing what they do.

  9. #19
    Join Date
    Apr 2006
    Beans
    9

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    do you use this script only for servers?
    i'm looking for something like this, i want to use it on my gateway box, but i'd need it not to block icq, jabber, etc...

  10. #20
    Join Date
    Feb 2005
    Location
    Geneva, Switzerland
    Beans
    976

    Re: HOWTO: Use iptables as firewall with a daemon on system startup

    Quote Originally Posted by docko
    do you use this script only for servers?
    i'm looking for something like this, i want to use it on my gateway box, but i'd need it not to block icq, jabber, etc...
    I don't know if it works for a gateway. The thing is to use iptables only for the incoming interface.

    To add more services you can modify the script as described here.

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •