iptables and dynamic IP addresses

Discussion in 'Installation/Configuration' started by valerian, Oct 8, 2007.

  1. valerian

    valerian New Member

    Hi all,

    New user here. I'm running Ubuntu server 6.06 as a server on a remote VPS, and have configured iptables using the 'Linux firewall' feature of Webmin. It seems to do what I want, allowing public access to ports 80,81 and 443, and restricting port 22 access to my home and work ip addresses.

    Unfortunately my home ip address recently switched from static to dynamic, and although I've registered a DynDNS domain name for my home ip address, I can't get iptables to accept a hostname rather than an ip address (a security feature I imagine).

    Is it feasible (and safe) to configure iptables to allow all addresses to access port 22, but also specify my hostname in a /etc/hosts.allow file:

    sshd : <my.hostname> : allow

    Or is there a better way, perhaps exploiting ping? Thanks.
  2. falko

    falko Super Moderator ISPConfig Developer

    I think you must use the hostname that is bound to your IP address as the PTR record, not your dyndns.org hostname. For example, do a
    dig -x your.ip.add.ress
    and it should show you the hostname. Unfortunately, you still have the problem with the dynamic IP addresses...
  3. valerian

    valerian New Member

    Not too helpful I'm afraid - is the OpenDNS server address and there is no apparent hostname:

    [email protected]:~$ dig -x 89.242.166.xxx

    ; <<>> DiG 9.3.2 <<>> -x 89.242.166.xxx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1047
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;xxx.166.242.89.in-addr.arpa. IN PTR

    ;; Query time: 61 msec
    ;; SERVER:
    ;; WHEN: Tue Oct 9 17:04:51 2007
    ;; MSG SIZE rcvd: 45

Share This Page