Iptable and Access
Moderators: enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, s0lid
4 posts
• Page 1 of 1
Iptable and Access
by gmcust3 » Mon Aug 29, 2011 10:40 pm
What addition or change needs to be done on IPTable if I want to give server access to Lan and 89.XXX.XXX.XXX IP Only ?
GoAutoDial CE
VERSION: 2.4-309a
BUILD: 110430-1642
No other software installed on the box.
I've read the manager manual.
VERSION: 2.4-309a
BUILD: 110430-1642
No other software installed on the box.
I've read the manager manual.
- gmcust3
- Posts: 1148
- Joined: Sat Oct 24, 2009 1:15 pm
by williamconley » Mon Aug 29, 2011 11:08 pm
in yast firewall allowed services, delete them all. this includes the "advanced" section of allowed services (bottom right corner): remove all open port entries (will all be blank when you are done).
if you are NOT in the building, leave ssh in the allowed services until you confirm that you have not locked yourself out of the other ports, but you HAVE locked everyone else out. LOL
next go to "custom" in yast firewall and add 89.0.0.0/8 with both tcp and udp (two entries)
not a bad idea to add yourself as well (but with /32 for a single ip address). for 89.115.xxx.xxx it would be 89.115.0.0/16 and for 89.115.222.xxx it would be 89.115.222.0/24. but always remember you'll need BOTH TCP and UDP for web and phone registration to work.
this is not total lockdown, however, you also need to remove "ping" from the yast config file (otherwise your server will respond to ping, which is a serious security risk, it's a flag saying "hey! attack me! I'm here!" LOL)
if you are NOT in the building, leave ssh in the allowed services until you confirm that you have not locked yourself out of the other ports, but you HAVE locked everyone else out. LOL
next go to "custom" in yast firewall and add 89.0.0.0/8 with both tcp and udp (two entries)
not a bad idea to add yourself as well (but with /32 for a single ip address). for 89.115.xxx.xxx it would be 89.115.0.0/16 and for 89.115.222.xxx it would be 89.115.222.0/24. but always remember you'll need BOTH TCP and UDP for web and phone registration to work.
this is not total lockdown, however, you also need to remove "ping" from the yast config file (otherwise your server will respond to ping, which is a serious security risk, it's a flag saying "hey! attack me! I'm here!" LOL)
- Code: Select all
nano +730 /etc/sysconfig/SuSEfirewall2
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20258
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
by williamconley » Mon Aug 29, 2011 11:19 pm
that portion/method actually is very easy. there's only one bit that's done in a "conf" file (it may be able to be turned off in a menu somewhere, I just haven't found it! LOL)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20258
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
4 posts
• Page 1 of 1
Return to ViciDialNow - GoAutoDial
Who is online
Users browsing this forum: Google [Bot] and 68 guests