Linux: Iptables # 21 Allow MS-SQL server incoming request ?

Posted on in Categories News last updated July 29, 2005

MSSQL database server and by default it listen on TCP port 1433 . Following iptable rules allows incoming client request (open port 1433) for server IP address 202.54.1.20 :
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 1433 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 1433 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Linux: Iptables # 20 Allow ORACLE server incoming request?

Posted on in Categories News last updated July 29, 2005

Oracle is powerful enterprise class database server and by default it listen on TCP port 1521. Following iptable rules allows incoming client request (open port 1521) for server IP address 202.54.1.20 :
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 1521 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 1521 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Restrict access to Oracle database server from web server only. Following example allows Oracle database server access (202.54.1.20) from web server (202.54.1.50) only:
iptables -A INPUT -p tcp -s 202.54.1.50 –sport 1024:65535 -d 202.54.1.20 –dport 1521 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 1521 -d 202.54.1.50 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Allow outgoing Oracle client request from firewall host 202.54.1.20:
iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 1024:65535 -d 0/0 –dport 1521 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 –sport 1521 -d 202.54.1.20 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Linux: Forcing Apache to correct misspellings of URL

Posted on in Categories News last updated July 28, 2005

Apache has mod_speling for automatic URL spell-correction. For example when on this site you can request the page using following format:

http://cyberciti.biz/news is same as use URL http://cyberciti.biz/news.php.

This module help visitor to get correct content instead of error 404 – document not found and you can also omit file extension such as .pl, .php, .html etc in urls references. It attempts to correct misspellings of URLs that users might have entered, by ignoring capitalization and by allowing up to one misspelling. This must be configured on massive web hosting server by ISP and web hosting service providers so the hosting customer can take advantage of this module.

Following steps demonstrates how to activate this module under Debian GNU/Linux:

A) Open your Apache modules configuration file:
# vi /etc/apache-perl/modules.conf

B) Append following line to this file:
LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so

C) Save the file.

D) This module need to be configured via httpd.conf via CheckSpelling directive. You can configure it for entire site, particular virtual host or even via .htaccess file. Open your /etc/apache-perl/httpd.conf and add followint line in server config context:

CheckSpelling on

E) Restart the apache:
# /etc/init.d/apache-perl restart

Please note that above steps are same under FreeBSD/Solaris for Apache web server except for file location i.e. httpd.conf and modules.conf. Please refer man page for more info.

Linux: Iptables Allow PostgreSQL server incoming request

Posted on in Categories Howto, Iptables, Linux, Postgresql last updated October 1, 2007

PostgreSQL is an object relational database system that has the features of traditional commercial database systems with enhancements to be found in next-generation DBMS systems. PostgreSQL is free and the complete source code is available.

Open port 5432

By default PostgreSQLt listen on TCP port 5432. Use the following iptables rules allows incoming client request (open port 5432) for server IP address 202.54.1.20 :

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

As posted earlier, you do not wish give access to everyone. For example in web hosting company or in your own development center, you need to gives access to POSTGRES database server from web server only. Following example allows POSTGRES database server access (202.54.1.20) from Apache web server (202.54.1.50) only:

iptables -A INPUT -p tcp -s 202.54.1.50 --sport 1024:65535 -d 202.54.1.20 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 5432 -d 202.54.1.50 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Allow outgoing POSTGRES client request (made via postgresql command line client or perl/php script), from firewall host 202.54.1.20:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d 202.54.1.20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Linux: Iptables Allow MYSQL server incoming request on port 3306

Posted on in Categories Howto, Iptables, Linux, MySQL, Security, Tips last updated November 20, 2015

MySQL database is a popular for web applications and acts as the database component of the LAMP, MAMP, and WAMP platforms. Its popularity as a web application is closely tied to the popularity of PHP, which is often combined with MySQL. MySQL is open source database server and by default it listen on TCP port 3306. In this tutorial you will learn how to open TCP port # 3306 using iptables command line tool on Linux operating system.

Linux: Iptables # 17 Allow secure POP3S incoming request?

Posted on in Categories News last updated July 25, 2005

Secure POP3S uses the tcp port 995 by default. Following iptable rules will allow server POP3S incoming client request (open port 995) for server ip address 202.54.1.20:
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 995 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 995 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Following rules allows POP3S outgoing client request from firewall host 202.54.1.21 (open port 995):
iptables -A OUTPUT -p tcp -s 202.54.1.21 –sport 1024:65535 -d 0/0 –dport 995 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 –sport 995 -d 202.54.1.21 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Linux: Iptables # 16 How to allow secure mail SMTPS?

Posted on in Categories News last updated July 25, 2005

Secure SMTPS uses the tcp port 465 by default. Following iptable rules will allow server SMTPS incoming client request (open port 465) for server ip address 202.54.1.20:
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 465 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 465 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Following rules allows SMTPS outgoing client request from firewall host 202.54.1.21 (open port 465):
iptables -A OUTPUT -p tcp -s 202.54.1.21 –sport 1024:65535 -d 0/0 –dport 465 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 –sport 465 -d 202.54.1.21 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT