Close port for WAN but open for LAN

Discussion in 'ISPConfig 3 Priority Support' started by chico11mbit, Jun 10, 2015.

  1. chico11mbit

    chico11mbit Member HowtoForge Supporter

    Hello,
    we have a server with two network adapters eth0 and bond0.
    Some services are working there like ISPConfig with postfix, Apache, ftp etc. and some others which should only be accessed in LAN. I want to allow that all ports in the server are open for LAN (bond0, 192.168.1.x) and only some ports are open for WAN (eth0). In ISPConfig with bastille i can only open ports for both networks at the same time and not network specific.

    How can i deal with this problem?
     
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    You could try using "arno-iptables-firewall" on console.
     
  3. chico11mbit

    chico11mbit Member HowtoForge Supporter

    should i deactivate bastille in the ispconfig frontend then?
     
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    I'd do this, just to be safe.
     
  5. chico11mbit

    chico11mbit Member HowtoForge Supporter

    Nice shiny and pretty. It is working like a charm. May be Arno firewall is the better/newer choice for ISPConfig. I think server have often WAN and LAN on the same installation.

    But now there are so many entries in iptables that the whole listing is not shown in ispconfig :eek:
    I thought my fail2ban installation would be cancelled, but the entries are at the end of "iptables -s" and not shown in ispconfig. is there a chance in the future to fix this in the template?

    Again, you safe my admin day :)
    edit: could be a cache problem. after 5 minutes the list in ispconfig is ok. Very nice, forget my insisting above :)
     
    Last edited: Jun 11, 2015
  6. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    :) The monitor is not real-time, so depending on the lists the delay is a few minutes to an hour.
     

Share This Page