That did the trick, thanks!
I would be very grateful for any recommendations for the firewall. I've
currently got AstLinux sitting behind my router with ports 5060-5061 and
10000-10128 forwarded to it. I enabled the firewall; enabled adaptive-ban and
ids-protection plugins and configured the following rules:
Pass EXT->Local TCP/UDP 0/0 5060-5061
Pass EXT->Local TCP 192.168.2.0/24 22
Pass EXT->Local TCP 192.168.2.0/24 443
Pass EXT->Local TCP 192.168.2.0/24 80
Pass EXT->Local UDP 0/0 10000-10128
Am I missing anything obvious?
cheers,
Shamus
>
> Message: 3
> Date: Sun, 10 Feb 2013 13:07:26 -0600
> From: Lists <li...@lonnie.abelbeck.com (mailto:li...@lonnie.abelbeck.com)>
> Subject: Re: [Astlinux-users] Firewall
> To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net
> (mailto:astlinux-users@lists.sourceforge.net)>
> Message-ID: <a40acf32-a2dd-4ee4-bd0e-a0ce64d0d...@lonnie.abelbeck.com
> (mailto:a40acf32-a2dd-4ee4-bd0e-a0ce64d0d...@lonnie.abelbeck.com)>
> Content-Type: text/plain; charset="us-ascii"
>
> Almost... it is...
>
> $ service iptables stop
>
> Access via the web interface again, add Pass EXT->Local rules for TCP
> 80,443,22 . Restart Firewall and you are back in business.
>
> Lonnie
>
> On Feb 10, 2013, at 12:22 PM, "Fernando F." <digitaldis...@gmail.com
> (mailto:digitaldis...@gmail.com)> wrote:
>
> > Shamus,
> >
> > service stop iptables
> > to start
> > service start iptables
> >
> > Thank You,
> >
> > Fernando Fuentes
> > DIGITALVOIPNET.COM
> >
> >
> >
> > On Sun, Feb 10, 2013 at 11:15 AM, Shamus Rask <sha...@srask.ca
> > (mailto:sha...@srask.ca)> wrote:
> > > I'm running the latest version of AstLinux. A friend of mine recently got
> > > hacked and I've read about the hacking attempts on this list. Based on
> > > this, I decided it was time to enable the firewall.
> > >
> > > > From the network tab; I enabled the firewall with all default settings.
> > > > I am no longer able to access my PBX through either the web page nor
> > > > ssh (fortunately all of my SIP extensions are still working).
> > >
> > > How do I disable the firewall fro m the CLI? I will have to connect a
> > > keyboard and monitor to access the console.
> > >
> > > Many thanks,
> > > Shamus
> > >
> > > ------------------------------------------------------------------------------
> > > Free Next-Gen Firewall Hardware Offer
> > > Buy your Sophos next-gen firewall before the end March 2013
> > > and get the hardware for free! Learn more.
> > > http://p.sf.net/sfu/sophos-d2d-feb
> > > _______________________________________________
> > > Astlinux-users mailing list
> > > Astlinux-users@lists.sourceforge.net
> > > (mailto:Astlinux-users@lists.sourceforge.net)
> > > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> > >
> > > Donations to support AstLinux are graciously accepted via PayPal to
> > > pay...@krisk.org (mailto:pay...@krisk.org).
> >
> > ------------------------------------------------------------------------------
> > Free Next-Gen Firewall Hardware Offer
> > Buy your Sophos next-gen firewall before the end March 2013
> > and get the hardware for free! Learn more.
> > http://p.sf.net/sfu/sophos-d2d-feb
> > _______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > (mailto:Astlinux-users@lists.sourceforge.net)
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> > pay...@krisk.org (mailto:pay...@krisk.org).
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.