Tony's ramblings on Open Source Software, Life and Photography

firewall

IPTables Trickery

Published August 22, 2009, 2:46 pm | by tony

I've had a bit of a strange situation on my network - Googling never did come up with anything for me.

I have a private network. All my servers sit behind the firewall on the private LAN. A few of those servers provide services to the Internet on specific ports.

Sharing those ports to the outside using iptables is trivial. The problem arises when you are trying to access the internal server using the external DNS / IP from inside the network. What would happen is that iptables would redirect your packets to the correct server, but the return address would be your local internal IP, so the packets return to you as if coming from the private address instead of the public address, and your local computer won't know what to do with them.

There's actually a very simple solution, assuming you have static IP's on the Internet and on the internal server. Using a combination of source and destination masquerading, you can rewrite those IP addresses to match. The downside is you double the traffic on your internal network, but it enables you to provide services that are harder to NAT such as SIP traffic.

Read more for an example fix:


Using BlockHosts To Stop Brute Force Attacks

Published March 11, 2009, 10:00 am | by tony

Yesterday I posted about implementing rate limiting on new connections. Today I'm going to cover how to take it a step further and watch failed login attempts and automatically block an IP address for a day.

First, you'll want to download BlockHosts from A C Zoom. It's a python script that can be run every time someone attempts to connect that will watch your log files and dynamically create your /etc/hosts.allow file to keep out the nasties.

So, in a traditional step by step method, here's what to do:

sudo su -
wget http://www.aczoom.com/tools/blockhosts/BlockHosts-2.4.0.tar.gz
tar -zxvf BlockHosts*
cd BlockHosts*
python setup.py install

Now you'll want to configure the /etc/blockhosts.cfg file, so open it with your favorite editor and make the following changes:

Look for "WHITELIST = ". You might want to add your own local network to this just in case.

Look for "LOGFILES" and uncomment the one that says:

LOGFILES = [ "/var/log/auth.log", ]

Look for "[mail]" and plug in your setup if you want it to send you an email periodically telling you what action has been taken.

Save and close that.