Hi all,
Don't suppose anyone knows how to set up IPTables on CentOS? I know it's installed, just not a clue which rules I should and shouldn't be using! It's a dedicated server, off site and I don't have physical access to it
Thanks in advance
CentOS IPTables
Hi all,
Don't suppose anyone knows how to set up IPTables on CentOS? I know it's installed, just not a clue which rules I should and shouldn't be using! It's a dedicated server, off site and I don't have physical access to it
Thanks in advance
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GBOriginally Posted by Mr. Strawberry
What are you running on it?
On the server? It's a web server
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GB
So just apache?
What port for TS3.
Do you need FTP SSH etc?
Ah, sorry! Yes, Apache, TS3, FTP, SSH and POP/IMAP mail. (Now that I've decided I may as well have everything)
TS3 on port 11175
Thanks!
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GB
total overkill, but open this in wordpad...
http://www.spaceboy.co.uk/general/firewall2.sh
that was for a rig with 4 network interfaces, public, dmz, development, internal, with specific rules between each interface.
Hopefully you can follow it, strip out what you don't need, and change the ports for the ones you need
If you open your mind too much, your brain will fall outThey dont let me in the shop
---------------------------------------------------------------
Fractal R3, Core i5 3570k, z77x-d3h, 8gb exceleram, GTX460
You can also set iptables to do adaptive firewalling against port scans, fake TCP/IP packets (eg where the TCP packet has been rewritten with localhost as the originating IP to circumvent the firewall) and all sorts. I'm quite a n00b at configuring it though, but there's plenty of guides online (all I ever do is google it myself)
I'd also recommend installing fail2ban to prevent brute force attacks against your password controlled daemons.
Cheers guys
I think I've set IPTables up now, I'll post the rules I've got tomorrow
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GB
make sure if you post the rules, you remove references to where the server is, just in caseCheers guys
I think I've set IPTables up now, I'll post the rules I've got tomorrow
Oh too late - you've posted your wordpress install!!! I'll be good, I promise
Oh, good pointMaybe I won't post the rules then!
Thanks for the help all
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GB
You can post the rules, just hide any references to your own IP.Oh, good point
Thanks for the help all
Though, to be frank, it would only take 5 minute Google for anyone to find your IP (217.xxx.xxx.xxx) given your choice of domain name and personal content you've put on both Aria and your site.
Which also just goes to re-enforce a point I always make: security through obscurity is no security at all. ie lock your box down because if people really care, they can and will find your IP easily enough.
[edit]
I've just noticed you've posted your domain name on here anyway. So that's as good as publishing your IP
Last edited by Plan9; 11-06-12 at 10:14.
You say that as if I should be hiding everything
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GB
You don't work for Google, do you?
Corsair 600T | Asus Sabertooth Z77 ATX | Intel i5-3570k @ 4200MHz | Corsair H100i | Corsair Vengeance LP Black 16GB @ 1600MHz 9-9-9-24 | EVGA GTX670 2GB @ 980MHz | Mushkin Chronos 240GB
Sorry, what I meant is that you should put server security above secrecy as your data can always be found.You say that as if I should be hiding everything
eg, I can tell you're running SSH on a non-standard port and I know exactly what that port it. So by changing it, you've not slowed me down in the slightest (well, you did, but literally only by 5 minutes as that's the time it took nmap to run). So make sure you have some decent security against SSH (eg disable password log ins and only use SSH keys, or install fail2ban and auto ban brute force attacks).
Incidentally, that 5 minute nmap scan also highlighted a number of other services such as FTP (disable that and make people use SFTP - just be sure you chroot user accounts). I can also tell what server management portal you're running, the webserver (though you have turned off server signatures in your Apache config - which was a smart move) and even what mail daemon you're running.
And if I can dig all that out in 5 minutes running a standard pre-set on a common tool, then just imagine what a determined hacker might achieve.
I know this might sound like tin-hat paranoid speak, but VPS's like yours are a popular target for cyber criminals wanting to set up a spam server. So a couple of hours of pain now could potentially save you days of headache further down the line. Setting up iptables is a great move, but just make sure you have something like fail2ban installed as well as it can monitor the logs for all your daemons and automatically blacklist repeated failed logins (ie the hallmarks of a brute force attack). It can also monitor for some other known hacks such as PHP's injection attacks.
Sorry if you've already done all of the above and if I'm coming across preachy. This is just a subject of personal interest.
Posting Permissions
Reply With Quote