First, did this so enabling the firewall wouldn't cut off my ssh connection(s):
sudo ufw allow proto tcp from any to any port 22Then:
sudo ufw enableThen (ports 3306-3309 are the mysql database servers, the ip number is Mårten's):
sudo ufw allow httpUsed "netstat -lp" to see what programs were listening on what ports on the new server. Noticed that I had an e-mail program called dovecot listening on imap and pop ports, so I did:
sudo ufw allow smtp
sudo ufw allow domain
sudo ufw allow proto tcp from 81.26.246.2 to any port 3306
sudo ufw allow proto tcp from 81.26.246.2 to any port 3307
sudo ufw allow proto tcp from 81.26.246.2 to any port 3308
sudo ufw allow proto tcp from 81.26.246.2 to any port 3309
sudo apt-get remove dovecot-imapd dovecot-pop3d dovecot-common
sudo ufw allow proto tcp from 172.16.0.0/0 to any port 9090
Strangely, after the last rule above, ufw status says:
erl@cumulus:/etc/apache2$ sudo ufw statusAs though the 'from' restriction didn't work for port 9090.
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
25/tcp ALLOW Anywhere
53 ALLOW Anywhere
3306/tcp ALLOW 81.26.246.2
3307/tcp ALLOW 81.26.246.2
3308/tcp ALLOW 81.26.246.2
3309/tcp ALLOW 81.26.246.2
9090/tcp ALLOW Anywhere
Also did:
sudo ufw allow proto tcp from 127.0.0.1 to 127.0.0.1 port 9092Port 9000 is the SlimBoxServer's web interface. I will try to set up a proxy to forward web accesses from the regular web server to the SlimServer. Couldn't get it to work, will try more later.
sudo ufw allow proto tcp from 127.0.0.1 to 127.0.0.1 port 9000
sudo ufw allow https
sudo ufw allow from 172.16.0.0/16 to 172.16.0.0/16 port 3483
sudo ufw allow from 172.16.0.0/16 to any app Samba
sudo ufw allow from any to any proto udp port afs3-callback
Won't open ipp (print server) yet, havn't set it up.
Maybe we are ready to switch cables now? Perhaps I'll update the firewall rules to go by interface later.
No comments:
Post a Comment