LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-03-2011, 02:02 PM   #1
veeruk101
Member
 
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Rep: Reputation: 16
Allow access to server from only 1 IP address using iptables


I have a server located remotely that I'd like to protect by allowing access to only my IP address (on any port). Currently anyone can access the server using ssh, http, and any other services that my server is running. (The reason I need to protect it for now is that it's a test/development server and really only needs to be accessed by me.)

The downside of doing this is every time my desktop IP address changes (from where I access the remote server), I would need to update the iptables configuration. (This could be a hassle, but based on my limited knowledge it seems to be the best way to allow access from only myself.)

Could anyone share how to allow access to my server using iptables from only my IP address and on any port? Also, if there are any pitfalls of doing it this way, I'd appreciate hearing about it too.
 
Old 08-03-2011, 04:21 PM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Hello,

Portknocking could be a possible option in this case. As far as your dynamic IP address goes, check out dyndns - http://dyn.com/dns/dyndns-free/

Hope this helps a bit!

Cheers,

Josh
 
Old 08-03-2011, 04:40 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,384

Rep: Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199
I'd make a self signed certificate and use it to authenticate.
 
Old 08-03-2011, 07:14 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Try ssh+auth keys+Match/AllowUsers http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5.
Restricting the src IP would be a problem if your desktop IP changes before you get to update the server with the new addr ...
 
Old 08-04-2011, 07:01 AM   #5
salemeni
Member
 
Registered: Aug 2011
Posts: 64

Rep: Reputation: Disabled
Hi
You can use
iptables -A INPUT -i eth0 -p tcp --dport 22 -s myIP -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -s myIP -j ACCEPT


iptables -A INPUT -i eth0 -p tcp --dport 22 -j DROP_LOG
iptables -A INPUT -i eth0 -p tcp --dport 80 -j DROP_LOG

Or you can use
/etc/hosts.deny

add line
ALL:ALL EXCEPT myIP

generics array

Last edited by salemeni; 12-06-2011 at 03:53 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to access ip address of server amritpalpathak Linux - Software 4 01-11-2011 09:16 AM
[SOLVED] IPTABLES: Restrict Internet access based on time of day and MAC address ScottSmith Linux - Security 7 02-09-2010 03:25 AM
by using iptables block mac address to restric user to access internet Farrukh Fida Linux - Networking 3 10-09-2006 08:59 AM
restrict server access by mac address? stinkpot Linux - Software 4 11-22-2005 08:05 AM
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 06:11 PM


All times are GMT -5. The time now is 10:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration