I have installed the Virtualmin GPL on Ubuntu 8.04 and CentOS 5.4. CentOS 5.4 had IPTABLES enabled by default, and I have disabled it.
I don’t think either Ubuntu 8.04 or CentOS 5.4 have any IPTABLES rules defined at the moment.
Should I be worried about enabling IPTABLES for additional security? If so, can someone please give me a quick HOW-TO on configuring either via command line or via the Virtualmin or Webmin GUI?
Off the bat I think I need:
- ports 80 and 443 for web pages serving via HTTP and HTTPS
- port 21 and a series of tcp ports for FTP (passive mode) so that I can upload stuff to the server with my favorite FTP client
- port 22 for SSH access which can be modified for more security.
- port 3306 for MySQL database server - I don’t think I will ever need this though…
- NO IDEA WHAT I NEED - for DNS. I have configured Ubuntu 8.04 as the Master and CentOS 5.4 as the Slave, and it is working at the moment quite nicely.
- Ports 10000 - 10010 so Fast RPC calls can be made between the two servers.
I know I can list my existing IPTABLES with this command:
iptables -L
And that these below will accomplish # 1 through # 4 above.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 8001,8002,8003,8004,8005,8006,8007,8008,8009,8010 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
How do I apply these rules the “right way” using Virtualmin or in the CLI (command line), and what do I need to append to these rules to allow Virtualmin (10000 to 10010) and DNS (ports??) to work…