Ubuntu Servers :: Accessing Lan Via SSH In A Restricted Firewall?
May 5, 2010
I have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses.I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
I'm in the situation where I'm trying to create 2 private networks using ESX server, all behind a NAT router (static ips are used). I used an openSuse11 vm as a router and was able to configure it so that a machine on one private network was able to access the public network. The problem I have now it that I need to be able to access a machine on the private network from the public network using a different set of IP's.
So if a machine in the private network has an IP of 10.1.0.222 I should be able to ping it using 10.99.0.222 or some other IP. I have never done this before and after reading up on iptables and linux routing I feel more confused than before. Is it possible to add IPs to eth0 (public) and have them mapped to machines on a private network eth1 or eth
I am trying to give some one on internet access to one specific IP on my machine which is on LAN behind a Bastion host and the authentication should not be twice only one time. So I am trying to have some thing that runs on my bastion host or you can call it as a gateway and it redirects the incoming SSH to a machine on LAN but it should not be a two times authentication only once. The user should not know that they first logged in to bastion host and then they are redirected to some other IP on LAN.This using a web interface so that if they are behind some proxy or firewall they do not need to bother at least they always have http access.My gateway has public IP but only port 22 is opened by ISP .Is there any software or mechanism to do so I came across one [URL]..
I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.
I have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example IP :192.168.0.2 gateway:192.168.0.1 dns:202.56.230.5 dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1 255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
I have a LAMP server set up (under Ubuntu 10.04 64-bit), and have a PHP application running on the Apache2 server. I copied the "default" website setup, and created a new one with the root at "/home/kota/WebRoot/".
When running my PHP application though, I come across a major issue: The script doesn't seem to be able to modify any files that are currently on the system, or create new ones.
However, this limitation is restricted to when running through Apache2. In other words, if i run it by typing "php5 myapplication.php" from the terminal, it works without a flaw. This leads me to believe that there is a permissions issue, disallowing Apache2 to create and modify files anywhere on my system.
Although it shouldn't make much of a difference, here is the basic information that I feel I should provide:
I want to configure a remote internet facing server as git server. I would like to restrict access to the server to a few systems (access is restricted to select computers, not users). I first thought of using ssh key, but the key can be copied to another system hence that alone is not sufficient. I am having a dynamic IP, so simple IP based firewall blocking is also not possible. I was thinking about the possibility of using both SSH Key and IP based access. Is it possible to update the firewall rule whenever my ip gets changed?
I am noticing problems accessing the firewall gui and mounting the second hard drive in my PC running Fedora 13. This is only when I am accessing the machine with VNC. If I am sitting in front of the physical machine, I have no problems at all. I would like VNC to behave more like I am sitting in front of the computer. Is there a way to do this? Thank you in advance for your feedback.
So i run a ubuntu 8.10 server setup for webhosting. I have my router portforwarding to my servers LAN IP, and i have DNS setup and pointing to my WAN IP.
My host entries are all setup on ubuntu also.
The problem : I can access my server from typing WAN IP address or any of the URLS with webpages hosted on the server, all seems to be working. BUT, i can only access these from OUTSIDE my network. If i try access them within my LAN, i get sent to my routers login page.
I really cant find anything that could be causing this..
I posted this question a while ago but haven't had any luck getting it answered so I reworded everything to make it more clear. I started an Ubuntu web server on an old work laptop. The purpose of this server is to host a small file-sharing site, a forum, and a wiki. I have no prior experience with command line Ubuntu but am trying to figure this all out.
So far Ive setup the LAMP server, so apache, mysql, and php are installed. Ive also installed phpBB3 and Mediawiki. Both phpBB3 and Mediawiki are able to open from inside my LAN. I also have SSH setup and am able to use putty to manage the server from inside my LAN. Mediawiki runs slow internally but this is a secondary concern.
Externally to the LAN I can access the webserver using SSH(but sometimes it is too slow for anything that opens up such as nano or the SQL password prompt to display and the connection drops). I can also browse to the site and see the default apache welcome message. But I cannot open the mediawiki or phpbb site. Both will sit indefinitely and not open. The access log on the server shows that the request is being passed through though.
I am on Ubuntu 10.04.2 on Amazon EC2.I want to use the Cherokee web server and have it (and php) running under www-data then have the files also owned by www-data. I am only able to ssh and scp into my server using the user ubuntu. This means that I am unable to edit the files.I want to be able to edit the files owned by www-data through ssh/scp.Could you assist me in setting my server to allow me to edit the web files through scp?
I am a complete newbie at web servers, so I installed Ubuntu Server and have a LAMP set up. I have gotten dynamic DNS to link to my domain, and that seems to be working. My domain is 6py7.com. If I try to access my domain from within my home network it links me to my router's main page (192.168.2.1). I have my server set up with a static ip at 192.168.2.100 and have port forwarding set up.
Is there something I missed with the setup of this? I can only access my domain if I use a network outside of my home network, but if I am within my home network the domain name links to the router.
I need to Install MySql Server somewhere that I can access. Instead on installing it in a Windows box like I have for years, I'm thinking of putting it on a Ubuntu Server box (or virtual machine) instead. Should I do it on a Ubuntu Server or a Ubunto desktop box? I have never installed Ubuntu as a server, is it more or less the same as installing the desktop version? Lastly, is there multiple versions of Ubuntu where one might be more appropriate than another? All I want is a machine that I can access MySql via an IP address. Don't need DHCP, dns, Mail server or anything.
i try to access my webmin but it give me "This webpage is not available." now, webmin is useless for me if i want to uninstall webmin, is some other application will affected (like apache, mysql, etc) ?
I have downloaded the Mediawiki demo appliance from UEC store. I have installed it and also it is running. I would like to know how to access the mediawiki demo appliance. I tried accessing it as [URL] but is not accessible.
provide support for a small business that uses Windows machines to access files stored on an Ubuntu server which has just been upgraded from 8.04 to 10.04 (32 bit version). Before the upgrade the users accessed their share by this batch file:
Code:
net use x: \servernamesharename /user:username
This would then prompt the user for his or her password which they would enter to allow them access to the share.Since upgrading to 10.04, the user gets a "system error 58" stating "The specified server cannot perform the requested operation"If the batch file command is changed to:
Code:
net use x: \servernamesharename
The same error message is given. The only work around I have found is to modify the file to read:
Code:
net use x: \servernamesharename /user:username password
This is not ideal at all as it makes the password protection useless.When I performed the upgrade I left the smb.conf unchanged. The smb.conf file is:
Code:
# # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the
I'm running Apache2 and PHP5, hosting multiple virtual domains on my server. The directories of the domains (/var/www/<domain>) aren't publicly readable, so the websites can't access each others content as the scripts are run using different user accounts. They can, however, access other folders on the system that have public access for any user. I tried using the following PHP code, which listed the filesystem root:
How do I get my firewall up and running to secure the ubuntu servers.. I have 2x network cards & 1x pppoe connection atm. eth0 192.168.1.200 / eth1 192.168.0.200 and the ppp0 connection iptables looks like this so far.
# Generated by iptables-save v1.4.4 on Thu Dec 9 11:12:04 2010 *nat PREROUTING ACCEPT [108:8763] :OUTPUT ACCEPT [52:3594] POSTROUTING ACCEPT [111:10071] COMMIT ..... A far as I can see my ppp0 connection is open atm & I would like to close off any traffic except ports 80 10000 5900 21 & 22.
I currently have samba setup and connecting. What I am trying to do is have multiple users with access to different directories. For example , let's say there are folders A B C on my Linux machine. I want one guy to see A and C and another guy to see B and C and a third guy to see them all. But I want each user to have access to change delete or execute the files within these directories that they have access to
i have php5 and mysql on ubuntu server which is hosting a WordPress blog. i activated it remotely over the internet and it works fine still over the internet. now im home and using my local network again and now when i try to go into it with its local IP, it just shows some text (blog title, posts and so on) with NO pictures.
I would like to read and write to a folder in an Ubuntu VPS remotely via a Windows Explorer (Windows 7 Ultimate). Considering that my VPS has very little resources (128MB RAM), what program should I use?
I'm trying to delete directories (long story, Mac temp files there, Windows not cooperating) on a sever connected to a HP 20 Modular Smart Array set up as RAID5. System currently running Windows. I've booted from a 9.10 LiveCD but can't see the external drives. Is it correct that I need to install mdadm to "see" those drives from LiveCD? From a different machine (linux) I can mount the drive using samba like so:
I have admin privileges on the Windows OS. In linux (or Windows beforehand), is it possible to take ownership of the directories so that I can do a rm -f -r <dir> ?
I am having a little trouble setting up a NAT firewall using iptables. I have 1 PC dedicated to being the firewall running Ubuntu 10.04 LTS. There are 2 NICs in this PC. One NIC is connected to the modem & the other is hooked into my router, sharing the connection through to the other PC on my LAN. Thing is that I am having troubles setting this up using iptables. I have it sharing the connection, but can't seem to make it forward 2 ports through to my webserver on the LAN. I am also wanting to setup init.d to control iptables. I have been trying to google this, but haven't found anything useful to get this accomplished. I put the following into rc.local to make the forwarding work:
/sbin/iptables -F /sbin/iptables -N block /sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT /sbin/iptables -A block -j LOG /sbin/iptables -A block -j DROP /sbin/iptables -A INPUT -j block /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
I've set up a FTP server, but now I would also give the ability to users to access file through a web interface, like the ones you can find in many NAS.I there anyone that knows a software that do this? I can't find nothing useful.
I have a home network set up that includes windows xp and a local server. DNS resolution allows both machines to access the internet. I know this because firefox works on the xp machine, and yum works on the fedora machine.I can see the server index page through firefox by ip. I can't see it by url.
I am runnung ubuntu 9.10 desktop edition as a server. I am using a FTP client program to upload some files(index.html, background.png, etc) and everything is fine with that. And currently all my files are in /home/myname/ folder. What I want is whenever I log in with my ubuntu account in the FTP client program, I can actually see the list or contents of the very root directory.
In other word, I can see every folder like /bin, /boot, /etc, /root, so on in the FTP software and I can download it. I don't want to allow to access the parent(or root) directory. Is there any possible way to set up the sutff?
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
I am having trouble getting ports to open, on the router that the server is connected to it is set to DMZ, so everything passing through the router should go to the server right? but when I use a port checker none of the ports that I need to be open are. so my question is does ubuntu have a built in firewall that no one told me about? or something that would block me from having the ports open?
