Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-11-2010, 05:50 PM   #1
Registered: Jan 2008
Location: San Diego, CA USA
Distribution: Debian / Ubuntu
Posts: 51

Rep: Reputation: 17
allowing dyndns client - update iptables frequently?

I am using dyndns to keep track of my smartphone's ip address. The idea is to be able to ssh into my home network, protected by an iptables firewall. If I use the command:
# iptables -I INPUT 9 -s -p tcp -m tcp --dport 22 -j ACCEPT
it updates using the current ip address, but the next time I get an ip address update to my phone and update dyndns to properly provide nslookups, this is not being updated in iptables unless I restart my firewall. Is there a better way to do this?
Old 09-11-2010, 11:00 PM   #2
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
while not a really good solution you could add a cronjob that updates that rule every so often
Old 09-12-2010, 05:42 PM   #3
Registered: Jan 2008
Location: San Diego, CA USA
Distribution: Debian / Ubuntu
Posts: 51

Original Poster
Rep: Reputation: 17
Thanks for the cron idea, that got me to thinking.
I think what I'll do is have my phone knock on some port. Whenever that port gets a hit on the firewall, I can have specter update the rule. That way, it doesn't get updated much more often than necessary.
Old 09-12-2010, 06:50 PM   #4
Registered: Jan 2008
Location: San Diego, CA USA
Distribution: Debian / Ubuntu
Posts: 51

Original Poster
Rep: Reputation: 17
OK, that worked. For anyone out there that might be interested:
install a package called 'specter'. Add the following to the end of specter.conf:
# nlgroup 24, update ipaddress for - rule 9 in INPUT rule. Update when port 33333 is hit from outside
24 {
command "/sbin/iptables -R INPUT 9 -s -p tcp -m tcp --dport 22 -j ACCEPT"

and be sure to restart the specter service. The above assumes that you have an iptables rule on line 9 like so:
iptables -I INPUT 9 -s -p tcp -m tcp --dport 22 -j ACCEPT

Then, you need to add the following iptables rule:
iptables -I INPUT 10 -p tcp -m tcp --dport 33333 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 2 --hashlimit-mode dstport --hashlimit-name n33333 -j ULOG --ulog-prefix "update dyndns" --ulog-nlgroup 24

Using the above, when you want to ssh in to/thru your firewall from your smartphone, you run the dyndns app on your phone to update your dyndns ip address, then you hit port 33333 however you want (you can telnet in to yourfirewall:33333). That triggers your firewall to update its rule for your actual ip address, and then you can ssh in from your phone, because your firewall is ready to allow it.

Don't know if anyone will ever care about this, but there it is...

Last edited by jeff_k; 09-12-2010 at 06:53 PM. Reason: correct a mistake and make it more understandable
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables dyndns etc.. satrix Linux - Newbie 1 04-26-2009 04:00 PM
starting a service for dyndns update client momotaro Linux - Networking 4 05-07-2008 07:37 PM
Update dyndns help . . . . snapper64 Linux - Networking 5 04-23-2005 06:22 PM
Dial -up client frequently disconnecting cvbuty Linux - Networking 0 01-27-2004 07:00 AM
good dyndns client b_usa Linux - Networking 6 12-12-2003 07:06 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:11 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration