Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th September 2007, 02:46
satimis satimis is offline
Senior Member
 
Join Date: Oct 2006
Posts: 533
Thanks: 4
Thanked 2 Times in 2 Posts
 
Default Problem on Internet disconnection

Hi folks,


Ubuntu 7.04 server amd64
VMware
router IP address - 192.168.0.10


I'm building a virtual machine with Ubuntu as Host OS and playing round on following packages;
- denyhosts
- sshd
- iptables

with following files edited;

1)
/etc/hosts.allow
Code:
sshd: 127.0.0.1

# Domain
sshd: .mydomain.com

# myISP from home
sshd: *.myISP
/etc/hosts.deny
Code:
sshd:ALL EXCEPT localhost \
: spawn /bin/echo `/bin/date` access denied for %a %h>>/var/log/sshd.log

ALL: ALL
$ sudo /etc/init.d/denyhosts start


2)
/etc/ssh/sshd_config
uncomment following line and change "no" to "yes"
# PasswordAuthentication yes

uncomment following line and change "0.0.0.0" to "192.168.0.10"
# ListenAddress 0.0.0.0

…where 192.168.0.10 is the IP of the management network interface (server's router IP address) so that ssh daemon will not listen on the NICs dedicated to the VMs.

Then run;
$ sudo /etc/init.d/ssh restart


3)
Copy following file on /etc/rc.local
Code:
#
# INPUT
#

# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state RELATED,ESTABLISHED

# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22

# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222

# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333

# allow all VMware Authorization Daemon traffic to the management interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902

# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with icmp-port-unreachable


#
# OUTPUT
#

# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state RELATED,ESTABLISHED

# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53

# reject all other traffic from localhost
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable

# reject all other traffic from the management interface NIC
iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with icmp-port-unreachable
and change "MGMT_NIC_IP" to "192.168.0.10"

Then run;
$ sudo /etc/init.d/rc.local start


Afterwards I can't browse Internet.

Then I run;

$ sudo /etc/init.d/denyhosts stop
$ sudo /etc/init.d/rc.local stop

and revert all files to their original states. Still I can't browse Internet.


Reboot PC. Internet connection works again.


My questions are;

a)
Whether I have to run;
Code:
sudo iptables -F
just run;
Code:
sudo /etc/rc.local stop
is not sufficient.


b)
Is changing "MGMT_NIC_IP" to "192.168.0.10" CORRECT ?


c)
If I have only ONE NIC, I don't need to uncomment following line and changeing "0.0.0.0" to "192.168.0.10"
# ListenAddress 0.0.0.0

???


d)
Whether I need adding follow to bottom of /etc/hosts.allow
Code:
ALL:CLIENT_HOSTNAME_1, CLIENT_HOSTNAME_2, CLIENT_IP_ADDRESS_1,
*.CLIENT.DOMAIN.COM
If for local network, whether adding IP addresses of the workstation as "CLIENT_HOSTNAME_1"

???


e)
Any advice on above files? What makes Internet connection not working?


TIA


B.R.
satimis
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Server problem accessing the internet aarty General 2 14th November 2006 12:13
Problem in connecting internet from console faiqmahmoodch Installation/Configuration 1 20th September 2006 17:30
problem with internet connection Jonathan Installation/Configuration 2 4th September 2006 15:29
Internet Mail Problem deezone Installation/Configuration 9 22nd February 2006 21:09


All times are GMT +2. The time now is 07:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.