Changing IP Address For Ethernet Computer on Router Network

OtagoHarbour · 11-10-2011, 12:27 PM

Quote:

Originally Posted by theNbomr

Nevertheless, you can add a rule on the application server INPUT chain, something like (untested)

Code:

/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -s 192.168.X.X -j ACCEPT

That does exactly what I want it to do. Thanks very much. Unfortunately I did something really stupid. I applied it before installing some software that I had planned to install on Ubuntu. Is there a way I can roll that back or find out the IP address of the location from which I need to install the software?

Thanks very much,
Peter.

theNbomr · 11-10-2011, 03:15 PM

You can flush all of the rules in a chain:

Code:

/sbin/iptables -F INPUT

The better way would be to make more usable rules, such as allowing traffic from connections initiated by the protected host. I can't give you a recipe for that without doing some research, but it involves the use of the --state parameter, and uses the connection tracking aspect of iptables to identify connections that are established.

If someone else doesn't chime in with the solution soon, I'll dig it up and post it.

You're going to want this for a lot of reasons, like getting DNS, time-server, DHCP, and other input.

--- rod.

OtagoHarbour · 11-10-2011, 06:08 PM

Quote:

Originally Posted by theNbomr

You can flush all of the rules in a chain:

Code:

/sbin/iptables -F INPUT

The better way would be to make more usable rules, such as allowing traffic from connections initiated by the protected host. I can't give you a recipe for that without doing some research, but it involves the use of the --state parameter, and uses the connection tracking aspect of iptables to identify connections that are established.

If someone else doesn't chime in with the solution soon, I'll dig it up and post it.

You're going to want this for a lot of reasons, like getting DNS, time-server, DHCP, and other input.

--- rod.

Thank again, Rod.

I downloaded and unpacked homeLANsecurity but could not find documentation about how to set it up. There is a file filter.function but I found that

Code:

$bash filter.function

made no difference to my iptables. Also is there a way to set up default setting for the iptables?

Thanks again,
Peter.

theNbomr · 11-10-2011, 06:19 PM

I unpack the tarball in /etc/hls:

Code:

root@theNbomr:/etc/hls# ls -lash
total 164K
4.0K drwx------   2 root root 4.0K Nov  2 11:56 .
 12K drwxr-xr-x 146 root root  12K Nov 10 15:59 ..
8.0K -rw-------   1 root root 7.1K Mar  4  2011 ban.conf
 32K -r--------   1 root root  32K Mar  4  2011 COPYING
8.0K -rw-------   1 root root 5.2K Nov  2 11:56 custom.conf
 16K -r--------   1 root root  15K Mar  4  2011 filter.function
 12K -rw-------   1 root root  11K May  8  2011 hls.conf
 16K -rwx------   1 root root  15K Mar  4  2011 homeLANsecurity
 16K -rw-------   1 root root  14K Mar  4  2011 proc.conf
 16K -r--------   1 root root  13K Mar  4  2011 README
 24K -r--------   1 root root  21K Mar  4  2011 service.function
root@theNbomr:/etc/hls# ./homeLANsecurity 

 -------------------------------------------------------------- 
 |                    homeLANsecurity 2.0                     | 
 -------------------------------------------------------------- 

COMMAND:              RESULT:

hls load              Loads and activates the firewall rules
hls clear             Clears the firewall rules currently active
hls save              Saves the currently active firewall rules
hls restore           Restores previously saved firewall rules
hls test              Loads rules & will restore unless aborted
hls con               Shows the currently tracked connections
hls listen            Shows all listening network processes
hls show server       Shows tables traversed by server traffic
hls show network      Shows tables traversed by network traffic
hls show blacklist    Shows blacklisted IPs (adaptive option)
hls show [table]      Shows designated table if currently active

The standard table choices are filter, nat, mangle, and raw.

I just noticed the 'help' screen is wrong. The 'hls' part is not part of the command. To use the standard configuration, just run

Code:

homeLANsecurity load

It should give a message about what it is doing. You should first look in hls.conf, and edit to suite your site.

--- rod.

OtagoHarbour · 11-10-2011, 07:24 PM

Quote:

I just noticed the 'help' screen is wrong. The 'hls' part is not part of the command. To use the standard configuration, just run

Code:

homeLANsecurity load

It should give a message about what it is doing. You should first look in hls.conf, and edit to suite your site.

--- rod.

Thanks for the info. That certainly worked in setting up the iptable. I ran the script on the application computer. I don't know what else happened because I was subsequently unable to run php files, on the application server from the web server. I could ping both ways and run php on both machines. Even after I flushed the iptable on the application server and rebooted that server, I was still unable to access php files on the application server from the web server. The code to do so is in a php file on the web server. It was working earlier but not now. Also, after I rebooted the application server the screen resolution had changed so there are a lot more pixels in the screen and everything is tiny. Could something in the homeLANsecurity script have changed other than the firewall?

Thanks,
Peter.

OtagoHarbour · 11-10-2011, 08:06 PM

To Rod

Quote:

Originally Posted by OtagoHarbour

Thanks for the info. That certainly worked in setting up the iptable. I ran the script on the application computer. I don't know what else happened because I was subsequently unable to run php files, on the application server from the web server. I could ping both ways and run php on both machines. Even after I flushed the iptable on the application server and rebooted that server, I was still unable to access php files on the application server from the web server. The code to do so is in a php file on the web server. It was working earlier but not now. Also, after I rebooted the application server the screen resolution had changed so there are a lot more pixels in the screen and everything is tiny. Could something in the homeLANsecurity script have changed other than the firewall?

Thanks,
Peter.

I have the connection between the web and application server back again. For some reason Firefox on the web server was putting localhost/ before the IP address of the application server. I removed it for the first instance and now it's working fine again. But I would still like to figure out why homeLANsecurity caused problem.

I guess, like you say, I would need to change some of the setting in hls.conf. I have noticed that it already has NAT enabled. I though NAT was what was used for the local network. I tried changing everything in hls.conf to =ON but I still lost connectivity between the two servers when I called

Code:

homeLANsecurity load

I saved the default iptable from the web server (only slightly older version of Ubuntu - 11.04 versus 11.10) and restored it to the application server. Could not longer connect to the php files on the app. server from the web server although I could ping both ways. I entered

Code:

/sbin/iptables -A INPUT -s 192.168.X.X -j ACCEPT

but still couldn't connect until I shut the app. server down and restarted it. Tomorrow I might try doing that with the homeLANsecurity stuff.

Thanks,
Peter.