full of … these

OpenWrt, limit the access to the internet

Posted: September 3rd, 2009 | Author: paul | Filed under: howto, linux | Tags: , , , , , , | No Comments »

I just tried a Linksys WRT54GL. It’s nice, but what if you have to add hotspot services on it.
I have installed Coova for fun.
A common scenario is to have anonymous clients accessing it with all kind of systems, all kind of software and, of-course, viruses trojans.
So, just to be prepared you want to allow access only to a few ports: 80 (http), 443 (https), 5222 (jabber), 5050 (yahoo messenger), 1863 (MSN), etc.

All you have to do is to add the following two lines in /etc/firewall.user below “Allow SSH on the WAN interface” section:
iptables -A forwarding_rule -i br0 -m multiport --dports 80,443,5222,5050,1863 -j ACCEPT
iptables -A forwarding_rule -i br0 -j DROP

Now restart the firewall:
/etc/init.d/S35firewall restart
Test.

That’s all.

Get rid of ssh brute force attacks

Posted: April 10th, 2008 | Author: paul | Filed under: howto | Tags: , , , , | No Comments »

I was looking for a solution to ban those ip that abuses my sshd processes using dictionary attack (some of them using romanian user accounts, just take a look at this link, from a slashdot article, and search for romania).

Having a look on google i have found this two methods:

For me the easyest was by using denyhosts because it has rpms build already made for opensuse (link from opensuse’s wiki).

Port forwarding for tomcat with iptables

Posted: June 14th, 2007 | Author: paul | Filed under: howto, linux | Tags: , , , , , , | No Comments »

Givens: one linux machine with one NIC but with two IPs on it, apache running on 80, tomcat on 8080

Needs: apache on port 80 using first IP, tomcat on second IP using port 80.

Easyest way: use iptables to forward all requests to second IP port 80 to first ip port 8080

iptables -t nat -A PREROUTING -p tcp -d second_ip --dport 80 -j REDIRECT --to-port 8080

Please note that the -i ethx was removed to bind to the default network adapter/first IP.

LATER EDIT:
You may want to consider using apache in front of tomcat by using mod_jk, mod_proxy_ajp or ProxyPass.