Solved

Protecting iperf server on internet

Posted on 2014-11-14
8
222 Views
Last Modified: 2014-11-18
I need to set up iperf clients connecting to a server on the internet.
This needs to be secured so that only the clients can connect and run the test.

However, I have not found many examples of how to set this up on a public server.
The clients all connect to the server which is using htpasswd along with php authentication.

Could this be done using htpasswd or perhaps in php?
0
Comment
Question by:projects
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40444829
iperf has no access controls. adding firewall will cripple the results.
Only way I see is that you start it when you measure performance and stop after.
0
 

Author Comment

by:projects
ID: 40444983
It doesn't have any access controls but I was wondering if I would wrap it with something else, like php?
0
 

Author Comment

by:projects
ID: 40445147
I wonder if php could be used to block/allow a port? That way, I could leave the port on, but use a function in php to allow or deny a remote to use the iperf port.

Of course, that implies that php would also control that port.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 500 total points
ID: 40445649
It has to run on pure network stack. any wrapper will cut the results to interaction between wrapper and iperf and will not be representative of network link you have.
0
 

Author Comment

by:projects
ID: 40448301
I don't mean a wrapper, I mean where php controls the port based on remote IP.
If the remote device authenticates, php could look up it's IP and allow it access to iperf.

Is if possible to run two firewalls on the same system? For example, iptables is already running on the server. Would it be possible to not have iptables block the iperf port but have another firewall which is controlled by php for that port alone?
0
 

Author Closing Comment

by:projects
ID: 40448695
These are good points being made. My solution will be to maintain a list of allowed IPs to the service using another application.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40451020
If your firewall supportes any kind of port knocking it might save you from maintaining the list.
Say ping, then connect to port 28 and 155, then it opens connections to iperf - if you think your firewall can do it - just make it do its job
0
 

Author Comment

by:projects
ID: 40451028
In this case no, there is no firewall in front of the server, only iptables.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question