Thread: Howto start usermin remotely to change password
View Single Post

  #5 (permalink)  
Old 12-01-2007, 01:56 PM
satimis satimis is offline
Member
User
  
Join Date: Sep 2007
My distro: Debian
Posts: 90
Rep Power: 2
satimis is on a distinguished road
Default
Hi monk,


Thanks for you advice.


Problem solved. Nothing wrong. Only ISP block ports 10000 and 20000. After their uplift "https://domain.com:20000" connects the server with the screen "Webmin, Account Information" displayed. On the screen user can change password.


Quote:
First save firewall, so that you can restore the same
Code:
sudo iptables-save > current.firewall.rules
To stop firewall you need to type all following commands:
Code:
sudo iptables -X
sudo iptables -t nat -F
sudo  iptables -t nat -X
sudo  iptables -t mangle -F
sudo  iptables -t mangle -X
sudo  iptables -P INPUT ACCEPT
sudo  iptables -P FORWARD ACCEPT
sudo  iptables -P OUTPUT ACCEPT
Noted.

Whether running;
$ sudo /etc/init.d/rc.local
to start iptables again
???

I usually do follows to restart iptables
$ sudo /etc/init.d/rc.local stop
$ sudo /etc/init.d/rc.local start


On /etc/init.d/rc.local
only 2 options available "start/stop" w/o restart/reload


Quote:
I recommend opeing up tcp port 20000 and reloading firewall again.
Iptables rules are on /etc/rc.local

Whether adding;
Code:
iptables -I INPUT 7 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 10000:20000
on the file ?

$ cat /etc/rc.local
Code:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

#exit 0

#
# INPUT
#

# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d 220.232.213.178 -m state --state RELATED,ESTABLISHED

# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 22

# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 8222

# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 8333

# allow all VMware Authorization Daemon traffic to the management interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d 220.232.213.178 --destination-port 902

# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d 220.232.213.178 --reject-with icmp-port-unreachable


#
# OUTPUT
#

# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s 220.232.213.178 -m state --state RELATED,ESTABLISHED

# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s 220.232.213.178 -p UDP --destination-port 53

# reject all other traffic from localhost
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable

# reject all other traffic from the management interface NIC
iptables -I OUTPUT 4 -j REJECT -s 220.232.213.178 --reject-with icmp-port-unreachable
TIA


B.R.
satimiis
Reply With Quote