UNIX/LINUX IP & Firewall Configuration

:: COMPANY
:: CAREERS
:: CONTACT INFO
:: TERMS & PRIVACY

System Shut Down

Shuting Down

shutdown -h now shutdown -h +15	Shut Down -> Halt now or in 15 minutes.
shutdown -r now shutdown -r +15	Shut Down ->Restart now or in 15 minutes.

IP Configuration

ifconfig -a	View all of the IP configuration
ifconfig eth0	View the Configuration for eth0

Edit the ifcfg-eth0 file:

cat /etc/sysconfig/network-scripts/ifcfg-eth0	View the Config File
pico /etc/sysconfig/network-scripts/ifcfg-eth0	Edit and Save the Config File
DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.1.255 HWADDR=00:13:72:3E:55:72 IPADDR=192.168.1.10 NETMASK=255.255.255.0 NETWORK=192.168.1.0 ONBOOT=yes TYPE=Ethernet	Type in the new IP information. and save the file.

ifdown eth0	Restart the eth0 - the new configuration will take effect
ifup eth0

IP Configuration
(Temporary)

ifconfig lo0 localhost up
ifconfig eth0 inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255

Temporarily uses the new IP untill the next reboot.

Default Gateway

Edit the network file:

cat /etc/sysconfig/network	View the Network File
pico /etc/sysconfig/network	Edit and Save the Network File
NETWORKING=yes HOSTNAME=server20.comentum.com GATEWAY=192.168.1.1	Type in the new gateway and host information. and save the file.

service network restart

Restart the network services

Default Gateway
(Temporary)

route add default gw 192.168.1.1 eth0

Temporarily uses the new gateway IP

Domain Name Servers

Edit the /etc/resolv.conf file:

cat /etc/resolv.conf	View the resolv.conf File
pico /etc/resolv.conf	Edit and Save the resolv.conf File
search comentum.com nameserver 66.28.0.45 nameserver 206.13.28.11 nameserver 67.17.215.132	Type in the new gateway and host information. and save the file.

hostname

Print the name of the host machine.

Firewall

Firewall with Editing iptables

iptables -L	View the current firewall configuration
cat /etc/sysconfig/iptables	View/read the real firewall file

Edit the iptables file:

pico /etc/sysconfig/iptables

Edit and Save the firewall iptables file

.# This firewall is an example of a Linux web, ftp, pop3 & smtp server
.# It also limits ssh access to a block of IP - you need to customize the IPs to match your allowed IPs for ssh access
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [131962:7397220]
:inputf - [0:0]
-A INPUT -j inputf
-A FORWARD -j inputf
-A inputf -i lo -j ACCEPT
-A inputf -m state --state RELATED,ESTABLISHED -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A inputf -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A inputf -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A inputf -p ipv6-crypt -j ACCEPT
-A inputf -p ipv6-auth -j ACCEPT
-A inputf -j REJECT --reject-with icmp-host-prohibited
COMMIT

shutdown -r now

Restart the server

Modifying the Current Firewall Setting

iptables -I inputf 6 -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT

Will insert this rule to the line 6 of inputf chain

/sbin/service iptables save

Will SAVE the iptables with the new rule.

Firewall with iptables command
Another Version

iptables -L	View the current firewall configuration
cat /etc/sysconfig/iptables	View/read the real firewall file

Copy IP Table for Backup:
##################
cp /etc/sysconfig/iptables iptablesbackup

# Clear all Tables
##################
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

#Set Default Policy
# Be Carefull : This will drop your ssh connection.
# This setting needs to be implemented from the machine's command line.
###################
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Loopback setup
################
iptables -A INPUT -i lo -j ACCEPT

# Inbound connections
# Customize the below based on your needs for example to add POP3/Port 110 services add:
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
# add the above statement after Port 80 statement.
#####################
iptables -A INPUT -m state --state ESTABLICHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP

# Save the new setting
/sbin/service iptables save

Firewall with iptables command
Another Version

# Loopback setup
################
iptables -A INPUT -i lo -j ACCEPT

# Inbound connections
# Customize the below based on your needs for example to add POP3/Port 110 services add:
# iptables -A INPUT -p tcp --dport 110 -j ACCEPT
# add the above statement after Port 80 statement.
#####################
iptables -A INPUT -m state --state ESTABLICHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.1/24 -j ACCEPT
iptables -A INPUT -j DROP

# Save the new setting
/sbin/service iptables save

Call for more details

858-410-1500

Bernard Kohan © 2007 - 2008
Website Design and Development - San Diego, Chicago, Austin, Irvine, Los Angeles, Ft Lauderdale, Jacksonville
Website Database Development - San Diego, Chicago, Austin, Irvine, Los Angeles, Ft Lauderdale, Jacksonville
Website Design and Flash Animation - San Diego, Chicago, Austin, Irvine, Los Angeles, Ft Lauderdale, Jacksonville Web Database Developers: PHP & MySQL Programmers
Custom Database Programmers: PHP & MySQL Developers
Database Design
PHP Programmers

San Diego • Los Angeles • Chicago • 800-387-1920