Page 1 of 3
Scheduled opening/closing of ports
Posted: 02 May 2018 16:49
by Douglas
Hi, is there any way of only opening selected web server ports at specific times. For example, only allow FTP server access during office hours?
If nothing inbuilt, can you advise if and how one might setup Windows Scheduled Tasks for this?
Re: Scheduled opening/closing of ports
Posted: 02 May 2018 20:48
by charles
Hi,
Time based firewall rules are not available in the current version of CG (EH-1.3.6 at the time of writing). However you yourself have suggested a smart workaround based on the usage of a scheduler. My recommendation is to use an SSH client on the scheduler side to activate/deactivate required firewall rules at required times.
In order to avoid having to enter CG's admin password whenever your scheduler connects to CG, you can generate a public/private SSH key pair on the client side and import the public key into CG. You can find more information on how to import an SSH public key into CG at
https://www.cacheguard.net/doc/guide/ad ... e.html#ssh.
Therefore if you have previously added a firewall rule named R1, your ssh call under a Linux system would look like this (assuming that your CG has the IP address
10.0.10.254):
Code: Select all
ssh admin@10.0.10.254 "firewall external off R1 ; apply force ; quit"
Under Windows you can replace the
ssh command by your favourite SSH client (putty?) and its appropriate options.
Best Regards,
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 09:52
by Douglas
Hi
I followed the link above. After running
admin ssh key add ftp <file-server-ip> <sshkey-file-name>
I got 100%. Please note I had to change tftp to ftp. Hope that's ok?
Running
ssh admin@10.0.10.254 "firewall external off R1 ; apply force ; quit"
still prompts me for a password.
What have I missed and where can I see my public key in CG?
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 10:33
by david
Hi,
You can use the following command to see all installed public SSH keys:
Did you use the
apply command after having imported your public SSH key?
Best Regards,
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 10:46
by Douglas
Thanks.
"admin ssh key" shows the key but I'm still prompted by CG for admin's password?
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 10:54
by david
Are you using RSA or DSA keys?
BR,
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 11:00
by Douglas
RSA
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 11:07
by david
RSA is fine! When you print the list of imported SSH keys with the command "admin ssh key", do you have a '[NEW]' tag for your SSH key on not?
BR,
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 11:14
by Douglas
No
Re: Scheduled opening/closing of ports
Posted: 10 Aug 2018 11:17
by david
How did you generate your SSH keys? Can you please copy/paste the used command (if under Linux)?
Also please double check that you are trying to connect to your CG from the machine having the SSH private key associated to the imported public key.
BR,