×

WARRNING

VIEWING PAY TV WITHOUT A VALID SUBSCRIPTION IS ILLEGAL!! ALL FILES AVAILABLE HERE ARE FOR EXPERIMENTAL AND EDUCATIONAL PURPOSE ONLY
Results 1 to 2 of 2
  1. #1
    Status
    Offline

    Users Flag!
    Geosharing™'s Avatar
    GS Administrator
    Join Date
    May 2014
    Location
    -=UAE=-
    Interests
    CardSharing
    Receiver
    VU+HD
    Receiver
    DM900UHD 4K
    Posts
    1,852
    Thanks
    6
    Thanked 10 Times in 5 Posts

    MultiCS Tips and Tricks

    Guide to install a firewall on your VPS with MultiCS

    Further to my fool-proof guide to installing MultiCs, today I would like to share some useful tips on how to install a firewall on your VPS server, so as to secure the data.

    First of all, you may wonder: why do I need to install a firewall on my VPS with MultiCS if everything is working fine?

    Well, for a simple reason: having a VPS running without a firewall is very much like leaving the front door of your house open, hoping that no thieves passing by will enter and steal your valuables. A firewall simply tells your system who and where can get into your VPS, sealing all other doors, rather than leaving them all open.

    So, in order to install a firewall, we need a little bit of practice on working from Linux shell, but I guess if you have installed MultiCS and it's up and running then that would not be an issue at all. So, are you ready? Let's proceed.

    1) First of all, you need to know EXACTLY ALL THE PORTS your server is using. Open a text file in your PC and ensure that you list all the ports you are using. YEs, I said "THE SERVER", not just MultiCS! If the server is also running other services such as MySQL, Mail, and anything else, then you need to know the ports and add them too, otherwise those services will stop working!!!

    In this guide, I will assume, for simplicity, that our VPS server, instead, is running JUST MultiCS, on the following standard ports (you need, of course, to adapt this to your particular case).

    SSH PORT: 22 (TCP)
    HTTP SERVER: port 5500 (TCP)
    CACHE: port 4444 (UDP)
    CCCAM SERVER 1: port 18000 (TCP)
    CCCAM SERVER 2: port 19000 (TCP)
    MGCAMD SERVER: port 23000 (TCP)
    PROFILES: port range 10000-10049 (TCP) >> we assume we use 50 profiles, use more or less ports as you deem appropriate.

    2) Now, it's time to download and install the firewall. I strongly recommend APF, from R-XF Networks, a free product. So, let's start. Enter this commands in shell one after the other:

    cd /root
    mkdir tempinstall
    this creates a temporary directory that we are going to use for installing scripts and packages.
    cd tempinstall
    we move inside the newly created dir and work from in there.
    wget
    this will download the firewall install package.
    tar xzvf apf-current.tar.gz
    this will extract the files in a subfolder of tempinstall
    cd apf-9.7-2/
    lets move into the newly extracted subfolder
    sh install.sh
    This command installs the firewall, ignore any errors you see, they are not applicable to us.

    3) Now we need to know what name the ethernet adapter of your VPS server has been given (usually it is "venet0" as in "virtual ethernet"). To find out, we launch this command:

    ifconfig
    In my case, the server responds as follows:

    [email protected]:/tempinstall/apf-9.7-2# ifconfig

    lo Link encap:Local Loopback

    inet addr:127.0.0.1 Mask:255.0.0.0

    inet6 addr: ::1/128 Scope:Host

    UP LOOPBACK RUNNING MTU:16436 Metric:1

    RX packets:10563 errors:0 dropped:0 overruns:0 frame:0

    TX packets:10563 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:834216 (834.2 KB) TX bytes:834216 (834.2 KB)



    venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

    inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255

    UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

    RX packets:69474385 errors:0 dropped:0 overruns:0 frame:0

    TX packets:57196192 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:4462380474 (4.4 GB) TX bytes:3554140007 (3.5 GB)



    venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

    inet addr:37.59.199.214 P-t-P:37.59.199.214 Bcast:37.59.199.214 Mask:255.255.255.255

    UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

    As you can see, the server's LAN Ethernet port is indeed called "venet0" by the system. We will need this bit of information for our configuration.


    4) Now, it's time to configure the firewall and include our ports. We do everything by editing with nano editor the following file:

    nano /etc/apf/conf.apf
    We need to now add our ports, so we scroll down until we see this line:

    # Common inbound (ingress) TCP ports

    IG_TCP_CPORTS="22"

    We need to change it, in our case, as follows:

    IG_TCP_CPORTS="22,5500,10000_10049,18000,19000,23000"

    Then, we need to scroll down to this line here:


    # Common inbound (ingress) UDP ports

    IG_UDP_CPORTS=""

    We need to change it and add our cache port like this:

    IG_UDP_CPORTS="4444"

    Now we add the virtual ethernet port we saw at point 3), by also editing the line below:

    IFACE_IN="venet0"
    IFACE_OUT="venet0"

    As our Ubuntu server is a VPS server, we also need to edit this line here:

    SET_MONOKERN="1"

    If you are happy with all the configuration details you entered, it's time to disable the firewall test mode, as it's going to be switched on. We do that by editing this line:

    DEVEL_MODE="0"

    Let's save the document by using the nano key combination CTRL + X. Say "Yes" to save the changes.

    Now, let's clean up the temporary folder by entering these two commands:

    cd ../
    rm -Rf apf*
    5) Finally, it's time to launch our firewall:

    apf -r
    You will see that the rules we entered will be executed and the firewall will be operational.

    Test your MUltiCS for proper working order.

    OPTIONAL:

    If you want to learn how to whitelist or blacklist IP addresses, as well as learning the syntax of other useful APF commands, we can type "apf" for a list of accepted commands.

    Enyoy your security-conscious MultiCS sharing!!!

  2. #2
    Status
    Offline
    Users Flag!
    carding343's Avatar
    GS Registered
    Join Date
    Aug 2014
    Posts
    74
    Thanks
    0
    Thanked 0 Times in 0 Posts
    great work from one great man thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. PC tips and tricks
    By kaykayvashisht in forum COMPUTER WORLD
    Replies: 0
    Last Post: 02-22-2017, 03:00 PM
  2. Best funny Googles tricks
    By kaykayvashisht in forum COMPUTER WORLD
    Replies: 0
    Last Post: 02-22-2017, 02:44 PM
  3. Replies: 1
    Last Post: 11-10-2014, 04:21 PM
  4. Multics config tips
    By Geosharing™ in forum Multics
    Replies: 0
    Last Post: 08-16-2014, 04:26 PM
  5. Multics config tips
    By Geosharing™ in forum Multics
    Replies: 2
    Last Post: 08-10-2014, 12:49 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

All posts written express the point of view of its owner, does not imply in any way the point of view of management forum.