GO HERE Some success with adapting Travelin Man script for Debian Jessie

stuck

Member
Joined
Nov 8, 2007
Messages
238
Reaction score
1
Hoping someone much more versed in Linux can help me adapt the travelin man script for Ubuntu to Debian Jessie.

When I locate iptables files on my Debian Jessie system, these are the location and files with iptables name in it...
Code:
# locate iptables
/etc/fail2ban/action.d/iptables-allports.conf
/etc/fail2ban/action.d/iptables-blocktype.conf
/etc/fail2ban/action.d/iptables.conf
/etc/fail2ban/action.d/iptables-ipset-proto4.conf
/etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf
/etc/fail2ban/action.d/iptables-ipset-proto6.conf
/etc/fail2ban/action.d/iptables-multiport.conf
/etc/fail2ban/action.d/iptables-multiport-log.conf
/etc/fail2ban/action.d/iptables-new.conf
/etc/fail2ban/action.d/iptables-xt_recent-echo.conf
/sbin/iptables
/sbin/iptables-restore
/sbin/iptables-save
/usr/bin/iptables-xml
/usr/sbin/iptables-apply
/usr/share/doc/iptables
/usr/share/doc/iptables/changelog.Debian.amd64.gz
/usr/share/doc/iptables/changelog.Debian.gz
/usr/share/doc/iptables/changelog.gz
/usr/share/doc/iptables/copyright
/usr/share/doc/iptables/INCOMPATIBILITIES
/usr/share/doc/iptables/README.Debian
/usr/share/iptables
/usr/share/iptables/iptables.xslt
/usr/share/lintian/overrides/iptables

I was hoping to run these parts of the Ubuntu script:
Code:
# Configuring IPtables
# Rules are saved in /etc/iptables#
# /etc/init.d/iptables-persistent restart
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
# add TM3 rules here
sed -i 's|INPUT ACCEPT|INPUT DROP|' /etc/iptables/rules.v6
sed -i '/OUTPUT ACCEPT/a -A INPUT -s ::1 -j ACCEPT' /etc/iptables/rules.v6
#/-server IP address is?
serverip=`ifconfig | grep "inet addr" | head -1 | cut -f 2 -d ":" | cut -f 1 -d " "`
# user IP address while logged into SSH is?
userip=`echo $SSH_CONNECTION | cut -f 1 -d " "`
# public IP address in case we're on private LAN
publicip=`curl -s -S --user-agent "Mozilla/4.0" http://myip.pbxinaflash.com | awk 'NR==2'`
# WhiteList all of them by replacing 8.8.4.4 and 8.8.8.8 and 74.86.213.25 entries
cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.orig
cd /etc/iptables
wget http://pbxinaflash.com/iptables4-ubuntu14.tar.gz
tar zxvf iptables4-ubuntu14.tar.gz
rm iptables4-ubuntu14.tar.gz
cp rules.v4.ubuntu14 rules.v4
sed -i 's|8.8.4.4|'$serverip'|' /etc/iptables/rules.v4
sed -i 's|8.8.8.8|'$userip'|' /etc/iptables/rules.v4
sed -i 's|74.86.213.25|'$publicip'|' /etc/iptables/rules.v4
badline=`grep -n "\-s  \-p" /etc/iptables/rules.v4 | cut -f1 -d: | tail -1`
while [[ "$badline" != "" ]]; do
sed -i "${badline}d" /etc/iptables/rules.v4
badline=`grep -n "\-s  \-p" /etc/iptables/rules.v4 | cut -f1 -d: | tail -1`
done
/etc/init.d/iptables-persistent restart
ln -s /etc/init.d/iptables-persistent /etc/init.d/iptables
and
Code:
# updating TM3 pieces for Ubuntu and IPtables
cd /root
wget http://incrediblepbx.com/iptables-ubuntu.tar.gz
tar zxvf iptables-ubuntu.tar.gz
rm -f iptables-ubuntu.tar.gz
mv iptables-restart /usr/local/sbin
sed -i 's|exit 0|/usr/local/sbin/iptables-restart\nexit 0|' /etc/rc.local
sed -i 's|exit 0"|#exit 0"|' /etc/rc.local
echo "*/10 5-22 * * * root /root/ipchecker > /dev/null 2>&1" >> /etc/crontab
 

stuck

Member
Joined
Nov 8, 2007
Messages
238
Reaction score
1
Thank you for directing me to that script.
Somehow my Jessie is setup differently... I started with a fresh install of Jessie x64. Without installing anything, these are where my iptables files are:
Code:
/sbin/iptables
/sbin/iptables-restore
/sbin/iptables-save
/usr/bin/iptables-xml
/usr/sbin/iptables-apply
/usr/share/doc/iptables
/usr/share/doc/iptables/changelog.Debian.amd64.gz
/usr/share/doc/iptables/changelog.Debian.gz
/usr/share/doc/iptables/changelog.gz
/usr/share/doc/iptables/copyright
/usr/share/doc/iptables/INCOMPATIBILITIES
/usr/share/doc/iptables/README.Debian
/usr/share/iptables
/usr/share/iptables/iptables.xslt
/usr/share/lintian/overrides/iptables
/usr/share/man/man1/iptables-xml.1.gz
/usr/share/man/man8/iptables.8.gz
/usr/share/man/man8/iptables-apply.8.gz
/usr/share/man/man8/iptables-extensions.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/var/lib/dpkg/info/iptables.list
/var/lib/dpkg/info/iptables.md5sums
/var/lib/dpkg/info/iptables.postinst
/var/lib/dpkg/info/iptables.postrm
/var/lib/dpkg/info/iptables.shlibs
 

stuck

Member
Joined
Nov 8, 2007
Messages
238
Reaction score
1
Then I run this code: (modified from the Raspian script)
Code:
#!/bin/bash

apt-get update
apt-get dist-upgrade -y

# Installing packages needed to work with Asterisk (note libmpg123-0 and mpg123 are built from source below because of buggy packages)
echo "---> Install packages needed to work with Asterisk"
apt-get install -y build-essential iptables-persistent unzip
apt-get -y autoremove
wait

# Configuring IPtables
# Rules are saved in /etc/iptables
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
/etc/init.d/iptables-persistent restart 
# add TM3 rules here
sed -i 's|INPUT ACCEPT|INPUT DROP|' /etc/iptables/rules.v6
sed -i '/OUTPUT ACCEPT/a -A INPUT -s ::1 -j ACCEPT' /etc/iptables/rules.v6
# server IP address is?
serverip=`ifconfig | grep "inet addr" | head -1 | cut -f 2 -d ":" | cut -f 1 -d " "`
# user IP address while logged into SSH is?
userip=`echo $SSH_CONNECTION | cut -f 1 -d " "`
# public IP address in case we're on private LAN
publicip=`curl -s -S --user-agent "Mozilla/4.0" http://myip.incrediblepbx.com | awk 'NR==2'`
# WhiteList all of them by replacing 8.8.4.4 and 8.8.8.8 and 74.86.213.25 entries
cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.orig
cd /etc/iptables
wget http://incrediblepbx.com/iptables4-ubuntu14.tar.gz
tar zxvf iptables4-ubuntu14.tar.gz
rm iptables4-ubuntu14.tar.gz
cp rules.v4.ubuntu14 rules.v4
sed -i 's|8.8.4.4|'$serverip'|' /etc/iptables/rules.v4
sed -i 's|8.8.8.8|'$userip'|' /etc/iptables/rules.v4
sed -i 's|74.86.213.25|'$publicip'|' /etc/iptables/rules.v4
badline=`grep -n "\-s  \-p" /etc/iptables/rules.v4 | cut -f1 -d: | tail -1`
while [[ "$badline" != "" ]]; do
sed -i "${badline}d" /etc/iptables/rules.v4
badline=`grep -n "\-s  \-p" /etc/iptables/rules.v4 | cut -f1 -d: | tail -1`
done
sed -i 's|-A INPUT -s  -j|#-A INPUT -s  -j|g' /etc/iptables/rules.v4
/etc/init.d/iptables-persistent restart
ln -s /etc/init.d/iptables-persistent /etc/init.d/iptables

# Installing WebMin from /root rpm
echo "Installing WebMin but not enabling..."
echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/sarge.list
cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
apt-get update
apt-get --force-yes install webmin -y
sed -i 's|10000|9001|g' /etc/webmin/miniserv.conf
service webmin restart

cd /root
wget http://incrediblepbx.com/morestuff.tar.gz
tar zxvf morestuff.tar.gz
rm morestuff.tar.gz
rm -r neorouter
echo " "

echo "Installing NeoRouter client..."
cd /root
wget http://download.neorouter.com/Downloads/NRMesh/Update_2.2.1.4328/inabox/Raspbian/nrclient-2.2.1.4328-mesh-raspbian-armhf.deb
dpkg -i nrclient-2.2.1.4328-mesh-raspbian-armhf.deb
rm *.deb

# this needs some more work
# adjusting DNS entries for PPTP access to Google DNS servers
sed -i 's|#ms-dns 10.0.0.1|ms-dns 8.8.8.8|' /etc/ppp/pptpd-options
sed -i 's|#ms-dns 10.0.0.2|ms-dns 8.8.4.4|' /etc/ppp/pptpd-options
# Administrator still must do the following to bring PPTP on line
# 1. edit /etc/pptpd.conf and add localip and remoteip address ranges
# 2. edit /etc/ppp/chap-secrets and add credentials for PPTP access:
#  mybox pptpd 1234 * (would give everyone access to mybox using 1234 pw)
# 3. restart PPTPD: service pptpd restart

# updating TM3 pieces for Ubuntu and IPtables
cd /root
wget http://incrediblepbx.com/iptables-ubuntu.tar.gz
tar zxvf iptables-ubuntu.tar.gz
rm -f iptables-ubuntu.tar.gz
mv iptables-restart /usr/local/sbin
sed -i 's|exit 0|/usr/local/sbin/iptables-restart\nexit 0|' /etc/rc.local
sed -i 's|exit 0"|#exit 0"|' /etc/rc.local
echo "*/10 5-22 * * * root /root/ipchecker > /dev/null 2>&1" >> /etc/crontab

# add timezone-setup to /root
cd /root
wget http://incrediblepbx.com/timezone-setup-ubuntu.tar.gz
tar zxvf timezone-setup-ubuntu.tar.gz
rm -f timezone-setup-ubuntu.tar.gz

# cleanup /etc/hosts to support SendMail from command line
fqdn1=`grep 127.0.1.1 /etc/hosts | cut -f 2 -d " "`
fqdn="noreply.incrediblepbx.com $fqdn1"
sed -i "s|$fqdn1|$fqdn|" /etc/hosts

# adding Port Knock daemon: knockd
cd /root
apt-get install libpcap* curl mawk -y
wget http://launchpadlibrarian.net/86751084/knockd_0.5-3ubuntu1_armhf.deb
#wget http://ftp.us.debian.org/debian/pool/main/k/knockd/knockd_0.5-3_armhf.deb
dpkg -i knockd*
#rm knockd*.deb
echo "[options]" > /etc/knockd.conf
echo "       logfile = /var/log/knockd.log" >> /etc/knockd.conf
echo "" >> /etc/knockd.conf
echo "[opencloseALL]" >> /etc/knockd.conf
echo "        sequence      = 7:udp,8:udp,9:udp" >> /etc/knockd.conf
echo "        seq_timeout   = 15" >> /etc/knockd.conf
echo "        tcpflags      = syn" >> /etc/knockd.conf
echo "        start_command = /sbin/iptables -A INPUT -s %IP% -j ACCEPT" >> /etc/knockd.conf
echo "        cmd_timeout   = 3600" >> /etc/knockd.conf
echo "        stop_command  = /sbin/iptables -D INPUT -s %IP% -j ACCEPT" >> /etc/knockd.conf
chmod 640 /etc/knockd.conf
sed -i 's|START_KNOCKD=0|START_KNOCKD=1|' /etc/default/knockd
# randomize ports here
lowest=6001
highest=9950
knock1=$[ ( $RANDOM % ( $[ $highest - $lowest ] + 1 ) ) + $lowest ]
knock2=$[ ( $RANDOM % ( $[ $highest - $lowest ] + 1 ) ) + $lowest ]
knock3=$[ ( $RANDOM % ( $[ $highest - $lowest ] + 1 ) ) + $lowest ]
sed -i 's|7:udp|'$knock1':tcp|' /etc/knockd.conf
sed -i 's|8:udp|'$knock2':tcp|' /etc/knockd.conf
sed -i 's|9:udp|'$knock3':tcp|' /etc/knockd.conf
/etc/init.d/knockd start

echo "Knock ports for access to $publicip set to TCP: $knock1 $knock2 $knock3" > /root/knock.FAQ
echo "To enable remote access, issue these commands from any remote server:" >> /root/knock.FAQ
echo "nmap -p $knock1 $publicip && nmap -p $knock2 $publicip && nmap -p $knock3 $publicip" >> /root/knock.FAQ
echo "Or install iOS PortKnock or Android DroidKnocker on remote device." >> /root/knock.FAQ

sed -i 's|1024:65535|9999:65535|' /etc/iptables/rules.v4
sed -i 's|1024:65535|9999:65535|' /etc/iptables/rules.v4.ubuntu14
iptables-restart

#bug fix for missing nslookup
apt-get -y install dnsutils

iptables-restart
echo "Have a great day!     "
Then these are the errors I get:
Code:
iptables-persistent is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
line 18: /etc/init.d/iptables-persistent: No such file or directory

Errors were encountered while processing:
nrclient-2.2.1.4328-mesh-raspbian-armhf.deb
sed: can't read /etc/ppp/pptpd-options: No such file or directory
sed: can't read /etc/ppp/pptpd-options: No such file or directory

line 132: /etc/init.d/knockd: No such file or directory
Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.
Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.
No IPtables problems found.


Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.
Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.
No IPtables problems found.
 

stuck

Member
Joined
Nov 8, 2007
Messages
238
Reaction score
1
And then when I locate file names with iptables, this is what I get.

Code:
/etc/init.d/iptables
/etc/iptables
/etc/iptables/rules.v4
/etc/iptables/rules.v4.orig
/etc/iptables/rules.v4.ubuntu14
/etc/iptables/rules.v6
/etc/iptables/rules.v6.ubuntu14
/root/config-iptables.sh
/sbin/iptables
/sbin/iptables-restore
/sbin/iptables-save
/usr/bin/iptables-xml
/usr/local/sbin/iptables-restart
/usr/sbin/iptables-apply
/usr/share/doc/iptables
/usr/share/doc/iptables/changelog.Debian.amd64.gz
/usr/share/doc/iptables/changelog.Debian.gz
/usr/share/doc/iptables/changelog.gz
/usr/share/doc/iptables/copyright
/usr/share/doc/iptables/INCOMPATIBILITIES
/usr/share/doc/iptables-persistent
/usr/share/doc/iptables-persistent/changelog.gz
/usr/share/doc/iptables-persistent/copyright
/usr/share/doc/iptables-persistent/README
/usr/share/doc/iptables/README.Debian
/usr/share/iptables
/usr/share/iptables/iptables.xslt
/usr/share/lintian/overrides/iptables
/usr/share/man/man1/iptables-xml.1.gz
/usr/share/man/man8/iptables.8.gz
/usr/share/man/man8/iptables-apply.8.gz
/usr/share/man/man8/iptables-extensions.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/webmin/authentic-theme/images/modules/frox/iptables.gif
/usr/share/webmin/authentic-theme/images/modules/iptables
/usr/share/webmin/authentic-theme/images/modules/iptables/chain.forward.gif
/usr/share/webmin/authentic-theme/images/modules/iptables/chain.input.gif
/usr/share/webmin/authentic-theme/images/modules/iptables/chain.other.gif
/usr/share/webmin/authentic-theme/images/modules/iptables/chain.output.gif
/usr/share/webmin/authentic-theme/images/modules/iptables/chain.postrouting.gif
/usr/share/webmin/authentic-theme/images/modules/iptables/chain.prerouting.gif
/usr/share/webmin/authentic-theme/images/modules/iptables/icon.gif
/usr/share/webmin/authentic-theme/images/modules/squid/iptables.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/chain.forward.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/chain.input.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/chain.other.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/chain.output.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/chain.postrouting.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/chain.prerouting.gif
/usr/share/webmin/authentic-theme/images/modules/webmin-iptables/icon.gif
/usr/share/webmin/blue-theme/frox/images/iptables.gif
/usr/share/webmin/blue-theme/iptables
/usr/share/webmin/blue-theme/iptables/images
/usr/share/webmin/blue-theme/iptables/images/chain.forward.gif
/usr/share/webmin/blue-theme/iptables/images/chain.input.gif
/usr/share/webmin/blue-theme/iptables/images/chain.other.gif
/usr/share/webmin/blue-theme/iptables/images/chain.output.gif
/usr/share/webmin/blue-theme/iptables/images/chain.postrouting.gif
/usr/share/webmin/blue-theme/iptables/images/chain.prerouting.gif
/usr/share/webmin/blue-theme/iptables/images/icon.gif
/usr/share/webmin/blue-theme/squid/images/iptables.gif
/usr/share/webmin/gray-theme/frox/images/iptables.gif
/usr/share/webmin/gray-theme/iptables
/usr/share/webmin/gray-theme/iptables/images
/usr/share/webmin/gray-theme/iptables/images/chain.forward.gif
/usr/share/webmin/gray-theme/iptables/images/chain.input.gif
/usr/share/webmin/gray-theme/iptables/images/chain.other.gif
/usr/share/webmin/gray-theme/iptables/images/chain.output.gif
/usr/share/webmin/gray-theme/iptables/images/chain.postrouting.gif
/usr/share/webmin/gray-theme/iptables/images/chain.prerouting.gif
/usr/share/webmin/gray-theme/iptables/images/icon.gif
/usr/share/webmin/gray-theme/squid/images/iptables.gif
/usr/share/webmin/squid/edit_iptables.cgi
/usr/share/webmin/squid/images/iptables.gif
/usr/share/webmin/squid/save_iptables.cgi
/var/cache/apt/archives/iptables-persistent_1.0.3+deb8u1_all.deb
/var/lib/dpkg/info/iptables.list
/var/lib/dpkg/info/iptables.md5sums
/var/lib/dpkg/info/iptables-persistent.config
/var/lib/dpkg/info/iptables-persistent.list
/var/lib/dpkg/info/iptables-persistent.md5sums
/var/lib/dpkg/info/iptables-persistent.postinst
/var/lib/dpkg/info/iptables-persistent.postrm
/var/lib/dpkg/info/iptables-persistent.preinst
/var/lib/dpkg/info/iptables-persistent.prerm
/var/lib/dpkg/info/iptables-persistent.templates
/var/lib/dpkg/info/iptables.postinst
/var/lib/dpkg/info/iptables.postrm
/var/lib/dpkg/info/iptables.shlibs
 

stuck

Member
Joined
Nov 8, 2007
Messages
238
Reaction score
1
I think I have some success.
I moved "/etc/init.d/iptables-persistent" from an Ubuntu 14.04 Incredible machine to the above Debian 8 machine.
Now I'm able to run:
Code:
service iptables reload|flush
But "service iptables start|restart|force-reload" does not work. So in "/usr/local/sbin/iptables-restart"; I had to change the command to "service iptables reload"
Now the the add-fqdn and del-acct seem to work just fine.
Not sure if the start|restart|force-reload error is important, but it seems to be white-listing just fine.
Thank you very much.
 

Members online

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top