Today I've needed to set up a server using ssh with NO ftp and NO web servers. First of all, I've configured the ftp server for upload my files. More problems... my pc is on a secure network and I cannot use ssh so... I've used a ssh connection under a vpn.
I've decided to set up a pure-ftpd server on a JEOS linux distribution:
#apt-get install pure-ftpd
To give access to my server I've opened the 21 port using IPTABLEs
iptables -I INPUT 2 -p tcp --dport 21 -j ACCEPTT
iptables -I INPUT 2 -p udp --dport 21 -j ACCEP
If you want to set it forever you can create a firewall script in your /etc/init.d folder, for example something like
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin
IPTABLES=/sbin/iptables
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
# Delete old rules
$IPTABLES -F
echo -n "Setting firewall rules... "
test $# -eq 1 && test $1 = "stop" && echo "stopped." && exit 0
###### ICMP
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
$IPTABLES -A INPUT -p icmp -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -p icmp -m state --state INVALID -j DROP
$IPTABLES -A INPUT -p icmp -j DROP
$IPTABLES -A OUTPUT -p icmp -j DROP
######
$IPTABLES -A INPUT -s localhost -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Web and FTP
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p udp -m state --state NEW --dport 21 -j ACCEPT
... more rules ...
# Deny the rest
$IPTABLES -P INPUT DROP
echo " [done]"
We can use nmap for checking if the port is open from another computer
#nmap -p 21 SERVER_IP
and the rules from our server
#iptables -L -n -v
or see our net status
#netstat -putan
Next step is to configure the users, so I've created a new system user
adduser NEW_USER
and I add this user to the pure-ftp list of users
pure-pw user add NEW_USER -u NEW_USER -d /home/NEW_USER
That's all. Everything is working now.
Hope help
No comments:
Post a Comment