Open Ports through Web Interface and iptables
If you have protected your ports, such as Port 22 of SSH, via
iptables and allow only access to few static IPs, then it generally is difficult to connect to it when you are on the move.
openport.php allows you to have a password protected web interface available, that will open the SSH port dynamically for your IP Address via iptables.
How it works
- You need to allow access to
iptablesvia the web server user (such as
www-dataon Ubuntu), without a password.
- You need to publish the
openport.phpscript on a secure
https://interface on the web server
- Whenever you need access, just visit the webpage, enter your password, and open access.
At the end of the file, add the following
www-data ALL=NOPASSWD: /sbin/iptables
The line above allows www-data access to the command iptables, without a password.
sudo is indeed working for
Run the following command to verify.
sudo -H -u www-data bash -c 'sudo iptables -L'
Note: It should not ask any password for
www-data and show the data related to
Put the contents of
openport.php on a secure location on your web server.
Change the password as per your preference, along with the Port number if required.
Access the web page whenever you need to grant access to the port from a different IP.
- The ports that you open via the script tend to remain open like forever. You should ideally setup a firewall script via iptables and reset the rules at a pre-defined interval.
- For RDP and other ports that are not on the same machine, but are within the same network, you can setup Port Forwarding based on iptables and do the relevant NAT based redirection.