LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-10-2013, 03:28 PM   #1
jddancks
LQ Newbie
 
Registered: Jan 2013
Location: Central NY
Distribution: Mac, debian
Posts: 29

Rep: Reputation: Disabled
Debian: Why can't I get knockd to work?


I did apt-get install knockd.

I use these 2 scripts to open and close ports. The default on startup is to have the ports closed.

open-ports:
Quote:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
close-ports:
Quote:
iptables -F
iptables -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

/etc/knockd.conf:
Quote:
[options]
UseSyslog

[openSSH]
sequence = 1,2,3,4
seq_timeout = 5
command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn,ack

[closeSSH]
sequence = 1,2,3,4
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn,ack
can't remember what the other file is. I know when I sit in front of the computer I see "starting knockd" in the startup dialog so I know something is happening. But it doesn't matter I can't knock. I don't know what I'm doing wrong.
 
Old 03-11-2013, 08:04 AM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,948

Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
The point of a firewall and port knocking is to only open a desired ports so the open-ports script is not necessary. There are several knockd howtos but look at the following. You can also start knockd in debug mode (-D) to help you find problems and also check the logs.

http://go2linux.garron.me/how-to-con...ewall-iptables
 
Old 03-11-2013, 01:16 PM   #3
jddancks
LQ Newbie
 
Registered: Jan 2013
Location: Central NY
Distribution: Mac, debian
Posts: 29

Original Poster
Rep: Reputation: Disabled
I know. The reason I posted it was to show what scripts I use to open and close the firewall. I figured the problem was that knockd was not even seeing the packet. Perhaps the firewall rules meant any and all packets were being dropped at the NIC, so no programs, not even knockd could see the packets, which is what I was really asking. When I use block-ports, the policy for input becomes DROP. A debugger I guess would let me know whether or not that was happening, but that doesn't tell me why. I don't really understand how iptables works, I just assume that's the problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
knockd questions amboxer21 Linux - Security 1 11-03-2012 10:31 AM
problem in knockd configuration in ubuntu 10.04 jsaravana87 Linux - Server 2 07-01-2012 05:53 PM
installing knockd lulatsch Linux - Newbie 1 08-12-2009 01:47 AM
Knockd ryanoa Linux - Security 3 10-10-2006 07:03 PM
knockd gong Linux - Security 1 07-03-2005 07:49 AM


All times are GMT -5. The time now is 02:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration