#1  
Old 13th September 2005, 16:57
tom@ttucker.com tom@ttucker.com is offline
Junior Member
 
Join Date: Sep 2005
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Robust firewall rules

Absolutely one of the BEST tools I have found!!

Thanks for all the great work.

Is there a way to set more robust firewall rules with ISPConfig?

For instance, I want to limit access to mysql to only a specific subnet say 198.168.1.224/28 Or allow all traffic from a subnet.

Tom
Reply With Quote
Sponsored Links
  #2  
Old 13th September 2005, 17:07
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,814
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

Quote:
Originally Posted by tom@ttucker.com
Absolutely one of the BEST tools I have found!!

Thanks for all the great work.

Is there a way to set more robust firewall rules with ISPConfig?

For instance, I want to limit access to mysql to only a specific subnet say 198.168.1.224/28 Or allow all traffic from a subnet.

Tom
You can edit the bastille-firewall config in /etc/Bastille/bastille-firewall.cfg and the master template that ISPConfig uses to generate the config file: /root/ispconfig/isp/conf/bastille-firewall.cfg.master amnually.

If this solution is not flexible enough for you, disable the firewall in ISPConfig and setup another firewall software that is more advanced.
Reply With Quote
  #3  
Old 13th September 2005, 17:14
tom@ttucker.com tom@ttucker.com is offline
Junior Member
 
Join Date: Sep 2005
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the instantaneous response! WOW!

Will edits to /etc/Bastille/bastille-firewall.cfg be overwritten with an upgrade to ISPConfig?
Reply With Quote
  #4  
Old 13th September 2005, 17:39
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,814
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

Quote:
Originally Posted by tom@ttucker.com
Thanks for the instantaneous response! WOW!

Will edits to /etc/Bastille/bastille-firewall.cfg be overwritten with an upgrade to ISPConfig?
If you update the firewall in the web-interface, /etc/Bastille/bastille-firewall.cfg will be overwritten with /root/ispconfig/isp/conf/bastille-firewall.cfg.master
If you upgrade ISPConfig, both files will be overwritten.
Reply With Quote
  #5  
Old 14th September 2005, 02:59
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by till
If you update the firewall in the web-interface, /etc/Bastille/bastille-firewall.cfg will be overwritten with /root/ispconfig/isp/conf/bastille-firewall.cfg.master
Therefore you should edit /root/ispconfig/isp/conf/bastille-firewall.cfg.master.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 10th December 2006, 04:04
rdmandel rdmandel is offline
Junior Member
 
Join Date: Dec 2006
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default More on ISPConfig Firewall rules

I have just started with ISPConfig and it seems to run VERY nicely out of the box, but I am having trouble with passive mode ftp.

Behind a router with ports 49152-65534 opened, uncommented the line in ProFTP conf "PassivePorts 49152 65534", but can not find a way to make the firewall accept a port range. Whatever I try I get a message in German saying the port number must be between 0 and 65000.

To make it work, I have to turn the firewall OFF for ftp, but that worries me, even if I am behind the router with NAT.

Any ideas?
Reply With Quote
  #7  
Old 10th December 2006, 15:24
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,814
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

You can not open port ranges in the ISPConfig firewall. When your server is behoind a router, you can switch of the ISPConfig firewall.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 10th December 2006, 18:35
rdmandel rdmandel is offline
Junior Member
 
Join Date: Dec 2006
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default port ranges not allowed in ISP Config firewall

that's was I figured, but it might be something for future versions. If I were not behind a router, this would be a real problem for ftp passive mode.

thanks for your attention to these forums. You and Falko are really great.

richard
Reply With Quote
  #9  
Old 28th December 2006, 14:01
Craig Craig is offline
Member
 
Join Date: Dec 2006
Posts: 56
Thanks: 1
Thanked 3 Times in 1 Post
Default A better way, , ,

Totally firewall MySQL and then set up a secure tunnel using Putty.

I use this to great effect using putty and MySQL Administrator.

Normally, from a remote connection, MySQL Administrator can not access various functions, like setting user/passwords and permissions as well as setting startup settings but with a putty tunnel, MySQL Administrator is seen as connecting locally, localhost, so not only are all MySQL Administrator functions and features are enabled but you end up with the most secure MySQL server possible.

If anyone wants it, I could add a mini-howto or maybe it should be called a micro-mini-howto as it is only 2 steps.
Reply With Quote
  #10  
Old 29th December 2006, 16:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by Craig
If anyone wants it, I could add a mini-howto or maybe it should be called a micro-mini-howto as it is only 2 steps.
That would be great. Maybe you can make it up a little bit, e.g. write a short introduction and something about your motivation so that other people understand easily what this is about.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Drupal and Apache Rewrite Rules andre Server Operation 10 4th May 2006 21:04
ISPConfig Firewall and no sense MyLinux General 7 9th September 2005 17:35
Firewall rules missing after Upgrade. jernis Installation/Configuration 2 17th August 2005 12:46
Firewall problem davidg Installation/Configuration 4 14th August 2005 13:15
Problem opening firewall port weedguy General 15 12th August 2005 01:05


All times are GMT +2. The time now is 21:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.