× Warning! This forum is in archival status. New contributions may not work.
IP Chains Firewall
  • I in installed airtime.  For a firewall I have IP chains.  What is a good firewall configuration for the server?
  • 11 Comments sorted by
  • You should not be using ipchains

    Ipchains is for <linux kernel 2.2
    Iptables for >2.2
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • I meant iptables.
  • Okay so the easy way and the hard way

    If you are on ubuntu
    • enable ufw  (sudo ufw enable)
    • If you hate terminal then also install gufw its the Gui for ufw (optional and you must use desktop for the gui)

    In my days with debian I first started with firestarter but its not maintain so I later  moved to shorewall,you have to ask the debian people

    If you ever have to do anything with server applications then the key ports are
    • ssh
    • port 80
    • port 443
    Airtime only need port 80 and port 443 as default
    If you run a webserver on port 80 and airtime on a different port (say port 45678) you need to forward that port

    Word of caution
     for public purpose ( that is if you need to access airtime over the web use only port 443 should be used) but you should use a VPN  to Access bot 443 and ssh)

    Here it is from the command line

    sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport www -j ACCEPT

    one line command
    sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT && sudo iptables -A INPUT -p tcp --dport www -j ACCEPT

    notice I used www it covers both port 80 and 443

    for ufw

    sudo ufw allow ssh
    sudo ufw allow www


     
    Post edited by Voisses Tech at 2015-04-29 16:51:20
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • I have Ubuntu.  I ran the iptables single line command.  I was able to enable ufw. When I tried running ufw I got the following error. 

    root@sofradio:/home/user1# sudo allow ssh
    sudo: allow: command not found

    Is iptables a different firewall then ufw?

  • sorry I made a mistake ,I fixed it now.

    Darn,these homebrew whiskey are a whopper.

    So its best you read

    https://help.ubuntu.com/community/UFW

    Iptables is the main script to do firewall in linux

    iptables is the utility
    ufw is just the script to mantain it via the terminal,
    Gufw is the Graphical user interface
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • I accepted both ssh and www. I can't access airtime via a browser using the sub domain sofradio.sofpomona.com. I figured it was because I need to allow dns. I tried to configure the firewall to allow dns with the following and I still can't acces the sub domain.

    sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT

  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    You need to set up port forward in your router

    or if you are using a vps,then there are instructions on how to make your applications public
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • The data center does not block ports so there is no reason for port forward.

    Greg
  • if you are talking isp when they say you have static Ip its only true for some of them.I recently whent to a station and the engineer ,highly qualified , said he "thought so"

    If you have ever set up Amazon ecs you have to state what ports you want allowed and the applications

    please check with your data center as you might be surprise that you have to make those ports available to the public.

    Please also read your first questions it explicitly state a firewall and I answer in general for other readers 

    the second part says "if"


    The data center does not block ports so there is no reason for port forward.

    Greg




    You need to set up port forward in your router

    or if you are using a vps,then there are instructions on how to make your applications public




    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • I talked to the data center I got the dedicated server from.  They say they do not block ports so there is no need.
  • use  CanYouSeeMe.org to check your Ports
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.