projects
asked on
Protecting iperf server on internet
I need to set up iperf clients connecting to a server on the internet.
This needs to be secured so that only the clients can connect and run the test.
However, I have not found many examples of how to set this up on a public server.
The clients all connect to the server which is using htpasswd along with php authentication.
Could this be done using htpasswd or perhaps in php?
This needs to be secured so that only the clients can connect and run the test.
However, I have not found many examples of how to set this up on a public server.
The clients all connect to the server which is using htpasswd along with php authentication.
Could this be done using htpasswd or perhaps in php?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I wonder if php could be used to block/allow a port? That way, I could leave the port on, but use a function in php to allow or deny a remote to use the iperf port.
Of course, that implies that php would also control that port.
Of course, that implies that php would also control that port.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I don't mean a wrapper, I mean where php controls the port based on remote IP.
If the remote device authenticates, php could look up it's IP and allow it access to iperf.
Is if possible to run two firewalls on the same system? For example, iptables is already running on the server. Would it be possible to not have iptables block the iperf port but have another firewall which is controlled by php for that port alone?
If the remote device authenticates, php could look up it's IP and allow it access to iperf.
Is if possible to run two firewalls on the same system? For example, iptables is already running on the server. Would it be possible to not have iptables block the iperf port but have another firewall which is controlled by php for that port alone?
ASKER
These are good points being made. My solution will be to maintain a list of allowed IPs to the service using another application.
If your firewall supportes any kind of port knocking it might save you from maintaining the list.
Say ping, then connect to port 28 and 155, then it opens connections to iperf - if you think your firewall can do it - just make it do its job
Say ping, then connect to port 28 and 155, then it opens connections to iperf - if you think your firewall can do it - just make it do its job
ASKER
In this case no, there is no firewall in front of the server, only iptables.
ASKER