Results 1 to 6 of 6
  1. #1
    Master Untangler myk.robinson's Avatar
    Join Date
    Mar 2008
    Posts
    116

    Default How to stealth port 80, 443, and 22?

    Hey-

    I have port a port forwarded so I can access my webserver remotely. I run Sql-ledger for my business and need to access it remotely so i can bill my client on site. 443 is of course going to the UT box, and i dont know why port 22 is open for ssh. I need to ssh from the internal network so i can shut down the untangle box when we have storms. I dont have a monitor, keyboard, or mouse hooked up to it, so i just ssh to issue the halt command..

    My question is, what is the proper method to secure these ports but still allow me to access it remotely?

    Thanks,
    -myk

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,079

    Default

    You could open those ports (which it sounds like you've already done) and then limit access to them to a handful of IPs using the packet filter.

    Personally, I'd just keep ssh open with a secure password.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler myk.robinson's Avatar
    Join Date
    Mar 2008
    Posts
    116

    Default

    Can you explain what you mean? also, is there any other way? For example, if I am at a client's location, i will most likely be using their computer and their network, so there's no telling what IP i will be coming from...

    How do most web servers do it? I ran the shields up test, and it just shows these three ports as wide open... Is there a way to leave them open but stealthed?

    Thanks,
    -myk

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,685

    Default

    Stealth means nothing on the other side responded. If you are running public services you have to have them open.

    That said, I wouldn't allow SSH in to my UT from the Internet blind... oh man the hacking.. THE HACKING!! Of course if you disable the SSH rule that comes with UT it will report "closed" instead of stealth which bugs me.. if you connect and I don't want you to be there why am I bothering to even tell you to piss off right? Packet filter rules are your friend and Silver has posted a nice tip of the day for this very issue.

    All that said I just turn on OpenVPN connect to that and ssh to my UT servers from inside the VPN. IT works wonders and I get an extra authentication mechanism to make me feel better. Strong passwords don't have anything on an X.500 certificate...
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  5. #5
    Master Untangler myk.robinson's Avatar
    Join Date
    Mar 2008
    Posts
    116

    Default

    little help... I enabled a new rule in the firewall to block any traffic hitting the external address, port 22.. Shields up test still shows it as wide open... I'll look up that tip of the day in the meantime..

    Thanks,
    -myk

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,685

    Default

    That is because the rule has to be applied in the packet filter. Packet Filter rules override the firewall module. Technically speaking they are the same thing but the packet filter rules come first in the IPTables logic.. first match wins.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2