LinuxQuestions.org - Protecting Iperf server over internet

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Protecting Iperf server over internet (https://www.linuxquestions.org/questions/linux-networking-3/protecting-iperf-server-over-internet-4175525514/)

mlewis

11-15-2014 05:49 PM

Protecting Iperf server over internet

I have a number of logging devices which connect home over the internet. Each device calls home using curl, authenticating part htpasswd then onto a php app.

I wanted to add iperf as a test to know where there are bandwidth issues but I need to protect iperf to allow only my own devices to use the server and iperf running as a daemon/service.

Was wondering if anyone in this list might have to thoughts on how this could be done, so that I could retain my htpasswd/php authentication since I already have it in place.

Might there be a way of having php allow the iperf connection perhaps?
And if not iperf, perhaps another variation of it which I've not found on the net yet?

Thanks kindly.

MikeDeltaBrown

11-26-2014 07:15 PM

How about starting iperf during boot-up, adding an iptables chain based on the destination port:

Code:

iptables -N IPerfIn

iptables -I INPUT -p tcp --dport 5201 -j IPerfIn

iptables -A IPerfIn -j DROP

...then when your clients "check in" to your PHP app, insert a rule allowing access:

Code:

<?PHP

...

$extCommand='iptables -I IPerfIn -p tcp -s ' . $_SERVER['REMOTE_ADDR'] . ' -j ACCEPT';

$last_line = system($extCommand, $retval);

...

?>

Guess you'd want to remove those rules after a while.....

mlewis

11-26-2014 09:18 PM

It isn't safe to let php have access to iptables but thanks.
The way I did it was basically to build a script which regularly processes the allowed IPs then updates the iptables.

This is working fine.

All times are GMT -5. The time now is 02:41 AM.