Caleb's picture
Caleb - Wed, 2015/11/11 - 22:01

Hi I recently installed tkl LAMP on AWS. Webmin and phpmyadmin were working well until I installed and uninstalled the iredmail mail server. I think it reset the default tkl iptables configuration. Could someone please post the default tkl iptables or show me how to correct it? Here's what I have now.

root@lamp ~# iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:12322
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:12321

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Forum: 
Support
Tags: 
lamp
phpmyadmin
webmin
firewall
iptables
iredmail
Jeremy Davis's picture

Jeremy Davis - Wed, 2015/11/11 - 23:17
So changing shouldn't make any difference (unless you've enabled them). However AWS have their own firewall that they call a "security group".

Having said that though I would not expect installation of any software (software like that anyway) to mess with IPTables and AFAIK it shoud not be able to adjust your Amazon security group settings. I would investigate consider other changes that may have been made. Also check that all services are running (webmin, apache).

My first guess on phpMyAdmin is that something in Apache config was altered; although that wouldn't/shouldn't affect Webmin...

Caleb's picture

Caleb - Wed, 2015/11/11 - 23:19

Ok, I found a generic iptables configuration online and made small modifications for webmin and phpmyadmin. I am posting it here for futre reference :-D

root@lamp ~# cat /root/iptables.new
*filter

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allows all outbound traffic
#  You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# allow webmin and phpmyadmin
-A INPUT -p tcp --dport 12321 -j ACCEPT
-A INPUT -p tcp --dport 12322 -j ACCEPT

#  Allows SSH connections (only 4 attempts by an IP every 3 minutes, drop the rest)
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

 

Add new comment