We help IT Professionals succeed at work.

Protecting iperf server on internet

290 Views
Last Modified: 2014-11-18
I need to set up iperf clients connecting to a server on the internet.
This needs to be secured so that only the clients can connect and run the test.

However, I have not found many examples of how to set this up on a public server.
The clients all connect to the server which is using htpasswd along with php authentication.

Could this be done using htpasswd or perhaps in php?
Comment
Watch Question

Top Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
It doesn't have any access controls but I was wondering if I would wrap it with something else, like php?

Author

Commented:
I wonder if php could be used to block/allow a port? That way, I could leave the port on, but use a function in php to allow or deny a remote to use the iperf port.

Of course, that implies that php would also control that port.
Top Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I don't mean a wrapper, I mean where php controls the port based on remote IP.
If the remote device authenticates, php could look up it's IP and allow it access to iperf.

Is if possible to run two firewalls on the same system? For example, iptables is already running on the server. Would it be possible to not have iptables block the iperf port but have another firewall which is controlled by php for that port alone?

Author

Commented:
These are good points being made. My solution will be to maintain a list of allowed IPs to the service using another application.
Top Expert 2015

Commented:
If your firewall supportes any kind of port knocking it might save you from maintaining the list.
Say ping, then connect to port 28 and 155, then it opens connections to iperf - if you think your firewall can do it - just make it do its job

Author

Commented:
In this case no, there is no firewall in front of the server, only iptables.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.