www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Accidentally created rule on 443.

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Firewall, Traffic Shaping and Net Balancer
View previous topic :: View next topic  
Author Message
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 21
PostPosted: Mon Apr 19, 2010 6:18 pm    Post subject: Accidentally created rule on 443. Reply with quote
Hello All:

I was accessing my ZS via HTTPS, when I had I accidentally created a "Virtual Server" using port 443.

It has now locked my out. I cannot SSH or Telnet in.

Is there any other way to access it. The ZS is across the country, so it would be hard for me to console in.

Thanks in advance,

Kou
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212
PostPosted: Mon Apr 19, 2010 7:06 pm    Post subject: Reply with quote
Do you have a VPN setup? If so then depending on how you have things configured you might be able to SSH or HTTPS in from within the LAN.

I have both a SSH and HTTPS "virtual server" setup on my system but the mappings for that only work from the Internet. If you SSH or HTTPS the ZeroShell box from within the LAN or VPN you have full access.
Back to top
View user's profile Send private message
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 21
PostPosted: Mon Apr 19, 2010 7:13 pm    Post subject: Thanks, but no cigar Reply with quote
Hello Atheling,

I created a rule as "Any interface/Any IP" so I assume when I tried using a Putty to SSH and telnet it failed to both the internal IP address of the LAN and the IP address of the VPN tunnel on that side.

Should I try something else?

Kou
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
PostPosted: Mon Apr 19, 2010 7:45 pm    Post subject: Reply with quote
If you have forwarded port 443 and locked out SSH(telnet is not running) I am afraid you'll have to use the console to revert the changes.
The command to see the rules for port forward on the console is
Code:
iptables -t nat -L -v

after you find the line number you can remove it by
Code:
iptables -t nat -D PREROUTING XY

where XY is the line number.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
ksrimoungchanh



Joined: 12 Mar 2009
Posts: 21
PostPosted: Tue Apr 20, 2010 5:45 pm    Post subject: Fixed Reply with quote
Hello All:

As ppalias recommended, I was able to walk a remote user through connecting a monitor and keyboard on the ZS out there. I then walked the user through the instructions from ppalias and it works.

I then went into ZS and removed it from the HTTPS part to make sure it would not come back after a reboot.

Thanks all for the suggestions and help.

Kou
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Firewall, Traffic Shaping and Net Balancer All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group