in

I have my PBX configured, so I can only access my FreePBX web interface and my webmin from within my network, or from ON the machine itself… however, I occasionally need to access it when I am not in my office, and here is a GREAT way to do it:

((The following example is assuming you are using a windows desktop, and using Putty to connect to your server via SSH, and that you currently have iptables configured for firewall blocking (why wouldn’t you), and you are know what ports your services are running on. If you have a linux desktop, try: ssh -L 80:localhost:80 user@remotemachine))

IF YOU ARE NOT SURE WHAT YOU ARE DOING WITH YOUR FIREWALL - READ THE MANUAL OR YOU MAY LOCK YOURSELF OUT OF THE SERVER!!!

On your server, connect via SSH and nano /etc/sysconfig/iptables Modify your iptables firewall as follows:

-A INPUT -p tcp -m tcp --dport 80 -j DROP    
#(If this same line exists with an ACCEPT, put a # in front of the line) - Web Interface Port

-A INPUT -p tcp -m tcp --dport 9001 -j DROP    
#(If this same line exists with an ACCEPT, put a # in front of the line) - Webmin Port

(change the port numbers as appropriate)

You should also make sure you have a line similar to one of the following

-A INPUT ! -i eth0 -j ACCEPT
or
-A INPUT -i lo -j ACCEPT

Then do a service iptables restart

Now, if you try to connect to webmin or your web interface, your browser will just timeout or disconnect.

Now, open your putty configuration, and set it up as follows:
LinuxPuttyTunnelConfiguration: Picture to show how to configure Putty for SSH TunnelingLinuxPuttyTunnelConfiguration: Picture to show how to configure Putty for SSH Tunneling

This will map the ports on your machine (80 and 9001) to the same port on "localhost" on the remote machine when you make an ssh connection.

Now, here's the cool part:
Just connect and login to your remote server via SSH.

Then open a browser on your local machine and browse to http://localhost:9001 and your webmin interface on the remote machine will answer and allow you to login. Because we setup "Putty Tunneling", your local machine port 9001 is passed down the SSH connection to your remote server on port 9001, allowing you to do exactly what you need to do, only do it without the threat of having a hacker keep trying to login to your webmin and gaining control of your server by leaving your webmin open in the firewall.
In addition, you can just browse to http://localhost and connect to your FreePBX configuration.

Obviously, this can be used for any service/port on your server, but webmin is a good example to show you how to set this up.

Editor Note: Additional security related items you **should** configure in your iptables is to block EVERY port not necessary. Then setup SSH on an alternative port by editing /etc/ssh/sshd_config and restarting sshd (configure the firewall to accept this alternate port first), as well as ensuring you are using STRONG passwords. THIS IS NOT EVERYTHING YOU SHOULD DO TO SECURE YOUR LINUX SYSTEM, BUT HOPEFULLY THIS WILL HELP GET YOU STARTED!

-Richard Teachout
RHCE, MCSA, MCTS:Hosting

Notes: This assumes you have AllowTcpForwarding yes (or have #AllowTcpForwarding commented out which is default) in your /etc/ssh/sshd_config, or tcp forwarding won't work.


Related Content


‹ How to add Hamachi Moderated VPN for remote administration/softphone accessupSetting Network Card Duplex Settings ›