vladk2k
18-03-2010, 10:01
Hi
I have an WL-500gP V1 with Oleg's firmware (1.9.2.7-10) on which I have installed several tools: transmission, python, rtorrent (I'm not using it, only downloaded) screen, vsftpd and thttpd. (maybe screen and vsftpd were already installed, i don't remember)
Right now, my setup is pretty basic, as in i have allowed external connections on the following ports:
8080 for thttpd
9091 for transmission web interface
22 for dropbear
21 for vsftpd
I'd like to change this a bit for security reasons, since I'm constantly getting ssh and ftp connections from some IPs (mostly bruteforce, but also some DoS attempts - disconnect before auth). On the linux server I used to have I would have just installed fail2ban, but I don't know how to configure it or even if it works on WL-500gP (I have python installed, so it should, but maybe it needs some modules for iptables to monitor connections).
The easiest step would be modifying the ssh and ftp ports, perhaps forwarding them (i.e. externalip:8022 -> internalip:22), I guess that would solve maybe 60% of the attacks. Then, maybe some of you can direct me on how to modify fail2ban to read from /opt/var/log/syslog.log in order to ban the remaining 40%
Also, I'd like to have port 80 from outside redirected to 8080 so that when I access my router from outside, I'd get the thttpd homepage.
I'm quite a noob when it comes to modifying config files or iptables, so please give me the exact commands / lines to modify. I will post anything you might need (iptables list, config files etc.).
Thank you
I have an WL-500gP V1 with Oleg's firmware (1.9.2.7-10) on which I have installed several tools: transmission, python, rtorrent (I'm not using it, only downloaded) screen, vsftpd and thttpd. (maybe screen and vsftpd were already installed, i don't remember)
Right now, my setup is pretty basic, as in i have allowed external connections on the following ports:
8080 for thttpd
9091 for transmission web interface
22 for dropbear
21 for vsftpd
I'd like to change this a bit for security reasons, since I'm constantly getting ssh and ftp connections from some IPs (mostly bruteforce, but also some DoS attempts - disconnect before auth). On the linux server I used to have I would have just installed fail2ban, but I don't know how to configure it or even if it works on WL-500gP (I have python installed, so it should, but maybe it needs some modules for iptables to monitor connections).
The easiest step would be modifying the ssh and ftp ports, perhaps forwarding them (i.e. externalip:8022 -> internalip:22), I guess that would solve maybe 60% of the attacks. Then, maybe some of you can direct me on how to modify fail2ban to read from /opt/var/log/syslog.log in order to ban the remaining 40%
Also, I'd like to have port 80 from outside redirected to 8080 so that when I access my router from outside, I'd get the thttpd homepage.
I'm quite a noob when it comes to modifying config files or iptables, so please give me the exact commands / lines to modify. I will post anything you might need (iptables list, config files etc.).
Thank you