The era of local development has gone down in history. The development of the Internet has led to the objective need for distributed information processing. Virtualization has led to the fact that one computer no longer has a meaningful perspective. The developer must have a complete set of virtual machines from any physical device. Configuring the virtuality and technical ability to work through iptables has become a popular and important factor in the creation of modern information systems.
Modern development of information systems
High technologies for all their achievements are based on rigid syntactic constructions. The syntax of a programming language or configuration file is less evil than the rigidity of the concept of the development of computer business as a whole.
An attempt to derive syntax and semantics through hypertext did not lead to a qualitative leap, but made it necessary to transfer development to a "distributed" status, to clouds and virtuality.
Work on one computer and / or server is a limitation. The developer must have an arsenal of operating systems, a development and testing environment. A developer is a distributed team of specialists of various qualifications.
The idea of iptables has come a long way in a short time. Today it provides a fairly convenient toolkit for organizing technological processes of software development and its use.
Using iptables, opening a port for a specific project is not a problem. Limit (close) access - simple and convenient. Firewall firewall is CentOS and iptables. You can open the port here with a special tool (utility). This is convenient, but not as practical as in Debian via the command line.
Choosing an operating system from the Linux family in the context of solving the problem of port allocation is important for the system administrator in the context of configuration, but understanding the essence of the question is more essential: how to open the port through iptables and provide the ability to work.
Switch and server
Before you start working with a Linux server, you need to pay serious attention to configuring a switch that provides Internet access and an internal local area network.
This is a LAN switch for a small company or home use. A large business uses more advanced equipment, but in any case: an Internet access device and a local network organization must pass all packets and have all the ports that are needed open.
Linux server is iptables. How to open certain ports are shown by the rules of entry, exit and transit (INPUT, OUTPUT and FORWARD). There are not many rules, they have a little more parameters, but they provide a sufficient number of combinations and possibilities. Via iptables: opening the port is not a problem, working at the input (PREROUTING) or at the output (POSTROUTING) does the same.
All Linux server rules are equivalent: condition (criterion), description, action and counter. The content of the rule depends on its application.
Physical virtual machine server
There is no difference between a working computer and a server, but it is always preferable not to load the server with private tasks and make it the working computer of a specific developer.
Ideally, the server should have a graphical shell and “lead” its own workflow, outside the administrative (file storage, hosting, web resource, ...). In particular, to solve the problem: self-learning parsing and information search, file storage and several virtual machines, a computer with the installed Debian & Proxmox VE system will be a good solution.
This will require iptables. Opening a port for each virtual machine is half the battle. You need to configure bridges, routes and organize the operation of the server itself, as an independent computer that controls Apache, MySQL, PHP and the browser. You also need to configure Proxmox VE as a system of virtual machines available inside and outside the local network.
This is a practical (working) example for iptables Debian. How to open a port is shown in many examples. This is not an optimal set of rules, but it really works. Some rules duplicate each other, but their comparison allows us to understand how and what needs to be applied in a specific situation.
Note. The positions enp0s31f6, 192.168.100.0, 192.168.100.18 and 192.168.100.1 must be replaced with the real network interface, real network, real server IP address and gateway IP address.
The procedure and rules for working with iptables
If you need to make changes to an existing system, you must save all existing rules and network settings. In a working system, under any circumstances, nothing can be done. The best option is to work on the new server, and upon completion, change the machine.
Better to start from scratch. Using the -F and -X iptables switches, you won’t be able to open the port, but the rules table will be cleared and you can perform high-quality administrative work. It is better to disable the firewall (ufw) immediately. You can clean the nat table - this will not be superfluous either.
This is followed by the mandatory opening of access via ssh (through iptables open port 22). The server must be managed remotely. Allow pings and check them also required. The server administrator must be sure that physically (technically) the equipment is working properly. And if an error occurs, then it will lie in the iptables rules. You can open the ports pop, ftp, http, https and others by the general rule (multiport) or by individual ones.
It is important to consider that the rules matter not only in content, but also in the sequence of instructions. In the context of using Proxmox VE, it is imperative to comply with its requirements (in particular, open port 8006 through iptables).
Ports 80 (8080) and 443 should be given special attention. For example, iptables (open http & https ports) provides web resource traffic. Mail and FTP access are not critical if they are not included in the range of server functionality.
The iptables rules apply immediately. The “-A” key adds the rule, and the “-D” key deletes it. Save the set of created rules:
- iptables-save> /etc/iptables.rules.
Restore previously created rule set:
- iptables-restore </etc/iptables.rules.
To enable iptables and open ports at system startup, just write about it when raising the main interface in the / etc / network / intefaces file:
The iptables rules are not only the order of work on the server and its security. This is an optimization in practice. The iptables rules define the specific range of packages that the server will process, specify its functionality and manage visitors. Using iptables, you can configure the optimal mode of administration and use of the machine.