Difference between revisions of "SUNScholar/Firewall"
m (Text replacement - "{{SUNScholar}}" to "") |
|||
| Line 1: | Line 1: | ||
| − | + | {{WARNING}} | |
==Introduction== | ==Introduction== | ||
| − | |||
| − | |||
Ubuntu uses "iptables" to setup internet firewalls, however "iptables" is very complex and hard to setup. | Ubuntu uses "iptables" to setup internet firewalls, however "iptables" is very complex and hard to setup. | ||
Revision as of 23:06, 29 December 2013
This wiki help page assumes that you have used the three system setup procedures to install an Ubuntu server with DSpace software.
Contents
Introduction
Ubuntu uses "iptables" to setup internet firewalls, however "iptables" is very complex and hard to setup.
To solve this problem the "Uncomplicated FireWall" (UFW) was created by the Ubuntu community.
Below are instructions to setup the "Uncomplicated FireWall".
Install UFW (Uncomplicated FireWall)
Login to the server:
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Prepare_Ubuntu/S01
From a terminal type the following:
sudo apt-get install ufw
UFW Config
First check the status:
sudo ufw status
The config folder for UFW is here:
/etc/ufw
To read more about UFW, type the following:
man ufw
or
ufw -h
The "user.rules" file is in the following folder:
/var/lib/ufw
Setup UFW
For Internet Access
Ask your campus firewall administrator to open up the following ports on the firewall for internet access to your DSpace server.
Make sure TCP and UDP protocols are also opened on the campus firewall.
SSH - For remote admin
sudo ufw allow 22
HTTP - For web access
sudo ufw allow 80
HTTPS - For secure web access
sudo ufw allow 443
HANDLE SERVER - For the handle server
sudo ufw allow 2641
VIRUS SCANNER - For the clamav server
sudo ufw allow 3310
HANDLE SERVER - For the handle server
sudo ufw allow 8000
Enable the firewall
sudo ufw enable
For Internal Access
Open up the following ports to allow other campus hosts and servers to access your DSpace server
SMTP
sudo ufw allow 25
LDAP
sudo ufw allow 389
LDAPS
sudo ufw allow 636
RSYNC
sudo ufw allow from backup-server-ip-address to any port 873
ORACLE (Only if you used the Oracle DB)
sudo ufw allow 1521
PROXY SERVER
sudo ufw allow 3128
NAGIOS
sudo ufw allow from 146.232.128.186 to any port 4426
MUNIN
sudo ufw allow 4949
POSTGRESQL (Only if you used the PostgreSQL DB)
sudo ufw allow 5432
TOMCAT
sudo ufw allow 8443
References
Back to Internet Security
