1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to access my CP from behind a firewall.

Discussion in 'Plesk for Linux - 8.x and Older' started by nerbonne, Jul 2, 2007.

  1. nerbonne

    nerbonne Guest

    0
     
    How to: Accessing your control panel from behind a firewall.

    Ok, here is the scenario:

    I am behind a work firewall.

    I don't know what outgoing ports are open except that websites on port 80 will work, any sites on a non standard port will not.

    My control panel port is https://url:8443

    I know how to change the port using the iptables method mentioned elsewhere on this forum.

    My problem is that I can't find a port to put it on that will work with the firewall. Obviously, I can't put it on port 80 since apache is already running on that port.

    Or could I put an IPtables rule that maps port 80 traffice for a certain IP or domain to port 8443? Any solution to this would be so awesome.

    Thanks.
     
  2. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    You'll need to find an open port in your company's firewall. If there is none, I guess you're out of luck.
     
  3. nerbonne

    nerbonne Guest

    0
     
    Actually, I got it figured out. If you have more than one IP, you can use one with the following example to make it work for that IP only.

    iptables -t nat -A PREROUTING -p tcp -d ip_here --dport 80 -j DNAT --to ip_here:8443
     
  4. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    Ok, yeah, but you can't use that IP for hosting anymore. Nice workaround though.
     
  5. nerbonne

    nerbonne Guest

    0
     
    One thing that I should add though since it just F'd my server for two days while I figured it out.

    It is ok to use this work around as a temporary fix, but you must remove the rule before you restart httpd or reboot the server. Otherwise, it will conflict with the httpd service and cause excessive disk i/o
     
  6. DCNet_James

    DCNet_James Guest

    0
     
    You could also have used an SSH tunnel to your server to access tcp 8443, thus you'd point your browser to https://localhost:8443/ and your SSH client would forward traffic to your server's IP port 8443. That is of course assuming that they have SSH (tcp 22) opened up through your firewall. Most companies do. SSH Tunneling is only good for TCP traffic but it's gotten me out of a pinch MANY times. The other option is an external web proxy that runs on port 80. The work around you came up with is one I would have thought to use immediately, but of course you burn an IP in the process. Many people with dedicated servers might only have 1 IP on their machine and are virtual hosting off of it, so that would not be a viable option for them.

    Thanks,
    James
     
  7. nerbonne

    nerbonne Guest

    0
     
    I like your idea of the SSH tunnel. I do have SSH access, so this would be a viable option. What software do you recommend for this?
     
  8. DCNet_James

    DCNet_James Guest

    0
     
    I use SecureCRT on Winblows which isn't free, but theres Putty among others. If you're on a *Nix or Mac OSX machine you can just use ssh -L 8443:servernameorip:8443 sshhost

    Leave the session open and you'll have a local tunnel.

    J
     
Loading...