Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-02-2005, 03:12 PM   #1
Registered: Feb 2004
Posts: 44

Rep: Reputation: 15
Problem remotly changing firewall rules through a webpage


I'm currently working on a script that would allow me change firewall rules on a box from a laptop. First of all, i'll describe the system.

|Laptop |--------| Linux Box |-----------SERVER
|______| |__________|

The linux box is a multimedia device wich as 2 network cards. One allows to connect a laptop to the Linux Box and the other one allow the Linux Box to connect to the server.

Right now, I can navigate on my linux box and use a web page to communicate with the server and activate my script that change my firewall rules and allow the laptop to connect to the internet.

Now, when I connect the laptop and the firewall rules are not changed, it pops me a webpages asking to active the connection. However, I need the server to register that transaction. So the Linux Box gets the information via a php script, and push me a webpages containing the information.

I'm now trying to active the firewall rules from the LAPTOP. I use a PHP script wich calls a script on the server. In a perfect world, the server connects to the box via ssh and activate the script.

Now, i've made a small SH script :

#This script is used to enable firewall rules on the STB
#to allow a laptop connection over the internet.


if [ "$#" -eq "0" ]; then
echo "Need at least 1 argument"

if [ "$#" -ge "1" ]; then

if [ "$#" -ge "2" ]; then

echo "UNIT is set to : $UNIT"
echo "CMD is set to : $CMD"

ssh -l root $UNIT /opt/irg/api/os/ $CMD

echo "Firewall is open"


If i'm on the server, and execute the script with the command line, NO problem. The ports open, joy follow, i'm happy, my dog too, alleuia... However, if it's the webpage from the LinuxBox that does it, it's not working. The script executes, because the echo appears on my webpages that's constructed via php but it's look likes it just jumps the ssh line ....

Here are the permission on my script : -rwxr-xr-x 1 root root 425 Sep 2 13:44

I'm pretty sure it's a permission issue but I cant really figure how to fix it. I would qualify myself as an advanced and learning linux on a daily basis now. Any help would be appreciated.



Last edited by vesperatus; 09-02-2005 at 03:36 PM.
Old 09-04-2005, 05:56 AM   #2
LQ Newbie
Registered: Aug 2005
Posts: 10

Rep: Reputation: 0
Are you sure the user which runs the web server (usually www-data, www, nobody or something else like that) has the right to run shell commands and to connect to the server without password (thus, using a key) ?

When you run the script manually on your linux box, do you run it with your actual user or with the "web user" (ie, the one which is used by your http daemon) ?
Old 09-06-2005, 07:32 AM   #3
Registered: Feb 2004
Posts: 44

Original Poster
Rep: Reputation: 15
When you run the script manually on your linux box, do you run it with your actual user or with the "web user" (ie, the one which is used by your http daemon) ?
I run it with the acutal user ( root ).
I am actually looking into a few "SUDO" tutorials.
First of all, i'll verify that my "web user" has those permission as suggested (thx for pointing that out "rmic")
Then, i'll try to get around that using SUDO if I dont have the permission.

Does someone has any other suggestion regarding an alternative to the permission problems or SUDO should work fine ?
Old 09-08-2005, 02:13 PM   #4
Registered: Feb 2004
Posts: 44

Original Poster
Rep: Reputation: 15
Ok, after a few hours of work on that I managed to make it work.

rmic, thx for the help, you pointed out the right direction.

I was told at job that our ColdFusionMX server was running as the apache user.
That was not the case after further investigation.

that allowed me to learn how to use sudo.

I allowed user nobody to exectue a script that would allow the firewall to be opened.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem Iptables, Firewall rules. Can anybody help ? ZliTroX Linux - Networking 9 09-06-2004 04:48 PM
Firewall Rules studpenguin Linux - Security 0 07-01-2004 03:14 AM
help with firewall rules please deuce868 Linux - Security 1 06-14-2004 03:18 PM
help building my firewall rules rhawi Linux - Security 19 05-16-2004 09:29 PM
Firewall Rules Problem with Iptables JereBear Linux - Networking 1 06-16-2002 04:28 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration