GetAFreelancer.com
 
Find projectsSearch
Sign Up | Log in | Top Rated Users | Browse projects | Post Project | RSS feeds | Articles
 

iptables instructions and script for dedicated Linux server at GoDaddy

   Click here to post similar project

iptables instructions and script for dedicated Linux server at GoDaddy is project number 253739 posted at GetAFreelancer.com. Click here to post your own project.

Closed
(Selected Service Provider shakoush2001)
Status: Closed
Budget: $30-250
Created: 04/23/2008 at 14:21 EDT
Bidding Ends: 04/30/2008 at 14:21 EDT
Project Creator: LiquidMark View PM Post PM
Buyer Rating: 10.00/1010.00/1010.00/1010.00/1010.00/1010.00/1010.00/1010.00/1010.00/1010.00/10
(2 reviews)
Description: I have a dedicated LINUX server at GoDaddy. It will be used to host web services implementing our product.

I need the software firewall (iptables) set up. This must be done as a script, which will be checked into our archive and reused for various testing and staging servers as well as for the production server. The script will be run using ssh (PuTTY) under the root user id.

The script will have a customization region at the top, where several variables and lists will be modified prior to being run.

Variables:
-- the port numbers associated with various services, e.g. MySQL, ping, "Simple Control Panel (9999)" etc..
Lists:
-- WS-client services list: what ports/services (see variables above) need to be available to a web services client. (These clients are our customers.)
-- MySQL client services list: what ports/services need to be available to a system that is accessing a MySQL database on the server.
-- Developer services list: what ports/services need to be available to a system developer (e.g. ssh, ftp, http, MySQL...) For our internal developers, perhaps ALL access is OK from the specified IP addresses, assuming that can't be spoofed. Please advise.
-- Tester services list: what ports/services need to be available to a system tester (e.g. ssh, ftp, http, MySQL...)
-- WS-client list: the domain names / IP addresses of client web servers that should be allowed WS-client services access.
-- MySQL client list: The IP addresses / domain names of other systems allowed to connect to the MySQL database to issue queries.
-- Developer list: the IP addresses of developer workstations which should be allowed developer services access, per developer access service list above.
-- Tester list: the IP addresses of workstations which should be allowed tester access, per tester services list above.

I know that the server will need to be able to do the following things. So, the script should be set up to enable them to work through the firewall:
-- Java software on the system will send out mail to individuals registered on the site.
-- A MySQL database will be running on the site, used programmatically by the server program (written in Java), by .NET code running on machines in the "MySQL client list", and interactively by MySQL browser. MySQL browser access should be limited to developers, testers, and systems in the "MySQL client list".
-- ftp will be used to automatically move incremental backups to remote systems.
-- developers will use ssh to access the system through PuTTY, and also to initiate scripts that are to run on the system. (An example of the latter will be a script, initiated from a developer's workstation, to deploy a new version of the web services code.)
-- I need "Simple Control Panel" access to the system through GoDaddy, which is port 9999, from anywhere.

Other than explicitly allowed access, the system should be cut off from the world.

The script should be "idempotent", i.e. I should be able to run it again and end up with the same valid software firewall on the same system. So, things like creation of needed directories etc should be done carefully, so they work even if the directory already exists.

I should be able to modify the variables/lists at the top of the script, and rerun the script at will. So, for example, if access is currently allowed for a developer's IP address, and I remove that IP address from the ALLOWED_DEVELOPERS list and re-run the script, that IP address should no longer be allowed.

There should be as little manual effort as possible to run/rerun the script. Instructions for running the script must be documented as a comment at the top of the script.

Please make the script correct, readable, and maintainable!

Operating System: Red Hat Fedora Core 7
Control Panel Type: Simple Control Panel
Report violation
Job Type:
  • Engineering
  • Linux
  • Script Installation
  • System Admin.
  • Website Security
Database: MySQL
Operating system: Linux
Bid count: 4
Average bid: $ 125

 

Related project
 
iPhone pizza.net project Featured
posted by pizza
Budget: $250-750
 

FREE Trial project for new buyers!
 

View Project Message Board     Post Message on Project Message Board
Messages Posted: 0

If you are the project creator or one of the bidders Log in as project creator or bidder for more options

Bid on This Project

Service Providers PMB Bid Delivery Within Time of Bid Provider Rating
nknk
View PM Post PM 		$ 90 1 day 04-24-2008 09:35 9.92/109.92/109.92/109.92/109.92/109.92/109.92/109.92/109.92/109.92/10
(62 reviews)
Hi. That's my specialty. Please check PM.
meral
View PM Post PM 		$ 200 2 days 04-23-2008 16:44 9.95/109.95/109.95/109.95/109.95/109.95/109.95/109.95/109.95/109.95/10
(22 reviews)
has done such work before. script will be from 3 part 1) options section(where u will add ips, ports range) 2) init script - must be started only once. if u start it next time all current conection to server can be closed. usualy this part is started only once in boot seqwence 3) maintain part. will change only needed part of iptable. so all connection will be working(if access list for it not changed), u can execute it upto 10 times per minute(i have such system), with no perfomance impact to system.
shakoush2001
View PM Post PM 		$ 80 1 day 04-24-2008 09:27 9.65/109.65/109.65/109.65/109.65/109.65/109.65/109.65/109.65/109.65/10
(17 reviews)
I am a Linux admin for 15 servers. Linux firewall scripts are de facto. I can provide everything you asked for.
filin77
View PM Post PM 		$ 130 3 days 04-24-2008 01:05 (No Feedback Yet)
Ready to write a script for you + additional things to prevent illegal connection attempts on dedicated ports.
Bid on This Project

 

[ Website Design ] [ Freelance ] [ Post Project Free ]

What is GetAFreelancer.com? ( Read about the company )

Our site is global and we have freelancers from India, Romania, Russia, Ukraine, United States, UK and many other parts of the world. Find freelance programmers, web designers, copywriters and translators. GetAFreelancer.com helps webmasters, web designers, programmers, software developers and business owners to develop their projects. Outsourcing is the process of subcontracting network operations and support to an organization outside your own company. Try it free today! We have thousands of satisfied clients around the world. Web Development doesn't have to be expensive. Outsourcing will cut your expenses by more than 50%.

A freelancer is an independent worker, not on salary, hired instead on a project basis. Buy services with help from our secure escrow system. Deposit money and don't purchase until your project is completed. Would you like to outsource your next project? Would you like to make money as a freelancer? Click Sign Up to start!

Find Webmaster Resources and Webmaster Forum. Take a look at Search Engine Submission.

Innovate it Innovate it © 2004-2008   PRIVACY POLICY  -   TERMS  -   AFFILIATES  -   CONTACT  -   FAQ   New projects feed by RSS 2.0