Wednesday, August 27, 2008

What I Learned About iptables

I've got a good web host. OCS Solutions by name. Small, but with a good reputation. Quiet. Out of the way. Not flashy, but solid.

I found them through a web site called "Rails Hosting Info". People fill out a form and rate their hosts. Mine, of my old host, has been up for the better part of a year. I gave them the lowest possible rating, which is a "1". Zero was not an option.

They were good to start but sold out to some big company. The hosting service became erratic, and customer service was turned over to monkeys. I bailed with $90 left on my account. And glad I did.

I've bugged OCS a little too much, and they've been tolerant, going out of their way to give me hints about things they didn't need to. The service has been rock solid. Everything was fine.

Until lately. Not their fault. I did it. I switched to Linux.

Again, not Linux's fault, but I've had a few issues. One thing I wanted to be sure of, coming from Windows (XP, gratefully, not having had to go through Vista), was that I had adequate firewall and anti-virus protection. In fact, I had a scare recently, when I clicked on a link after a Google search and came face to face with the "XP Antivirus 2008" malware. It completely took over Firefox and would not allow me to do anything.

Being sort of sure that nothing could happen because I was on Linux and had a firewall set up wasn't enough. It spooked the snot out of me. I panicked. The only way I could think of to get things back under control was to close all applications (except Firefox, which was not responding to me at all) and shut down.

Later in the day I re-enabled NoScript (which I had gotten tired of) and went back to that squirrelly link. Bang. It killed Firefox entirely except for its bogus dialog, which I could not shut. NoScript did not intervene. It got blown out of the water somehow. But this time I reopened a main Firefox window and disabled JavaScript, Java, and "Load images automatically". Then the dialog quit refreshing itself and I was able to close it and then close Firefox normally.

I think I still rebooted the computer to be sure, and then did a search on "*.exe" in case I'd gotten some malware placed on the computer (even though it would not run on Linux -- except that I have Wine installed -- not sure about that). Anyway, it seems like I got through it OK.

So back to OCS.

I have two web sites there, and I need access to cPanel, the standard administration software, and to WHM (Web Host Manager). Couldn't get there under Linux.

When I had a small issue with my server stopping, making my web sites unavailable, OCS was kind enough to remind me of a line in their FAQ that told how to resolve this, and they told me without telling me. They just gave me the info and let me go. I stumbled on the FAQ a few days later. And then of course felt like an idiot for not checking there (though I did review their forums)

Then I followed up with a question about accessing cPanel, and got a response to run "iptables -L" in a console window. I did, and got lots of gibberish. Lots of it. Informative, I'm sure, but meaningless to me.

So I searched and searched and couldn't find anything relevant except how to use iptables to set up a server correctly. I was just trying to connect to my host so I could maintain my web sites. The URL is something like https://foo.ocssolutions:1234/. My browser just went around in circles until it timed out.

Finally I posted a question on the OCS forum, and got a reply from the owner, who had originally suggested the "iptables -L" option. This time he said to try "iptables -F". Some research indicated that this would flush the settings -- I think that means that it would wipe out my firewall settings altogether. Not exactly sure, but I at least wanted to have a clue before running commands at random.

I did find a couple of articles, one of them immensely long.

But I'm too short on experience. Detailed information is great if you already know enough so that it is another step up, and you aren't trying to make a single leap to the stars.

Anyway, I decided to play with Guarddog in a trial and error approach, and under Network I found that leaving "DNS" checked and adding "NIS" did the trick. Finally, eh?

I ran "iptables -L" again and found four new lines. I have no idea what they say, but I can identify them, and can access cPanel at OCS.

Now I have to go back and add to my forum post there so I can share the sources I found.

Just in case. You never know. Someone else may need this info.


References

Anatomy of a malware scam: The evil genius of XP Antivirus 2008
cPanel and WHM
Guarddog
Iptables Tutorial 1.2.2
NoScript
OCS Solutions
Rails Hosting Info
Wine HQ

0 comments :

Post a Comment