SUNScholar/Firewall

Back to Internet Security

Introduction
Ubuntu uses "iptables" to setup internet firewalls, however "iptables" is very complex and hard to setup.

To solve this problem the "Uncomplicated FireWall" (UFW) was created by the Ubuntu community.

Below are instructions to setup the "Uncomplicated FireWall".

Install UFW (Uncomplicated FireWall)
Login to the server: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Prepare_Ubuntu/S01 From a terminal type the following: sudo apt-get install ufw

UFW Config
First check the status: sudo ufw status The config folder for UFW is here: /etc/ufw To read more about UFW, type the following: man ufw or ufw -h The "user.rules" file is in the following folder: /var/lib/ufw

For Internet Access
Ask your campus firewall administrator to open up the following ports on the firewall for internet access to your DSpace server.

Make sure TCP and UDP protocols are also opened on the campus firewall for the handle server.

SSH - For remote admin sudo ufw allow 22 HTTP - For web access sudo ufw allow 80 HTTPS - For secure web access sudo ufw allow 443 HANDLE SERVER - For the handle server sudo ufw allow 2641 VIRUS SCANNER - For the clamav server sudo ufw allow 3310 HANDLE SERVER - For the handle server sudo ufw allow 8000 Enable the firewall sudo ufw enable

For Internal Access
Open up the following ports to allow other campus hosts and servers to access your DSpace server

SMTP sudo ufw allow 25 LDAP sudo ufw allow 389 LDAPS sudo ufw allow 636 RSYNC sudo ufw allow from %backup-server-ip-address% to any port 873 ORACLE (Only if you used the Oracle DB) sudo ufw allow 1521 PROXY SERVER sudo ufw allow 3128 NAGIOS sudo ufw allow from %nagios-server-address% to any port 4426 MUNIN sudo ufw allow 4949 POSTGRESQL (Only if you used the PostgreSQL DB) sudo ufw allow 5432 TOMCAT sudo ufw allow 8443 ELASTIC STATISTICS sudo ufw allow 9200

sudo ufw allow 9300

YouTube Video
https://www.youtube.com/watch?v=x-Ac12FjfOs