How to Set Up A Firewall Using Iptables on Ubuntu 16.04

Reading Time: 5 minutes

This guide will walk you through the steps for setting up a firewall using iptables in Ubuntu 16.04. We’ll show you some common commands for manipulating the firewall, and teach you how to create your own rules.

 

What are Iptables in Ubuntu?

The utility iptables is a Linux based firewall that comes pre-installed on many Linux distributions. It is a leading solution for software-based firewalls. It’s a critical tool for Linux system administrators to learn and understand. Any publicly facing server on the Internet should have some form of firewall enabled for security reasons. In a typical configuration, you would only open ports for the services that you wish to be accessible via the Internet. All other ports would remain closed and inaccessible via the Internet. For example, in a typical server, you may want to open ports for your web services, but you probably would not want to make your database accessible to the public!

 

Pre-flight

Working with iptables requires root privileges on your Linux box. The rest of this guide assumes you have logged in as root. Please exercise caution, as commands issued to iptables take effect immediately. You will be manipulating how your server is accessible to the outside world, so it’s possible to lock yourself out from your own server!

Note
If you’re a Liquid Web customer, check out our VPN + IPMI remote management solutions. These solutions can help you restore access to your server even if you’ve blocked out the outside world. We have a VPN configuration guide to get you started. Of course, our support staff is also standing by 24×7 in the event you get locked out.

 

How Do Iptables Work?

Iptables works by inspecting predefined firewall rules. Incoming server traffic is compared against these rules, and if iptables finds a match, it takes action. If iptables is unable to find a match, it will apply a default policy action. Typical usage is to set iptables to allow matched rules, and deny all others.

 

How Can I See Firewall Rules in Ubuntu?

Before making any changes to your firewall, it is best practice to view the existing rule set and understand what ports are already open or closed. To list all firewall rules, run the following command.

iptables -L

If this is a brand new Ubuntu 16.04 installation, you may see there are no rules defined! Here is an example “empty” output with no rules set:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If you’re running Ubuntu 16.04 on a Liquid Web VPS, you’ll see we’ve already configured a basic firewall for you. There are usually three essential sections to look at in the iptables ruleset. When dealing with iptables rulesets, they are called “chains”, particularly “Chain INPUT”, “Chain FORWARD”, and “Chain OUTPUT”. The input chain handles traffic coming into your server while the output chain handles the traffic leaving your server. The forwarding chain handles server traffic that is not destined for local delivery. As you can surmise, the traffic is forwarded by our server  to its intended destination.

 

Common Firewall Configurations

The default action is listed in “policy”. If traffic doesn’t match any of the chain rules, iptables will perform this default policy action. You can see that with an empty iptables configuration, the firewall is accepting all connections and not blocking anything! This is not ideal, so let’s change this. Here is an example firewall configuration allowing some common ports, and denying all other traffic.

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -p udp --dport 1194 -j ACCEPT

iptables -A INPUT -s 192.168.0.100 -j ACCEPT

iptables -A INPUT -s 192.168.0.200 -j DROP

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

We will break down these rules one at a time.

iptables -A INPUT -i lo -j ACCEPT

This first command tells the INPUT chain to accept all traffic on your loopback interface. We specify the loopback interface with -i lo. The -j ACCEPT portion is telling iptables to take this action if traffic matches our rule.


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Next, we’ll allow connections that are already established or related. This can be especially helpful for traffic like SSH, where you may initiate an outbound connection and wish to accept incoming traffic of the connection you intentionally established.


iptables -A INPUT -p icmp -j ACCEPT

This command tells your server not to block ICMP (ping) packets. This can be helpful for network troubleshooting and monitoring purposes. Note that the -p icmp portion is telling iptables the protocol for this rule is ICMP.


How Do I Allow a Port in Ubuntu?

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

TCP port 22 is commonly used for SSH. This command allows TCP connections on port 22. Change this if you are running SSH on a different port. Notice since SSH uses TCP, we’ve specified the protocol using -p tcp in this rule.


iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

These two commands allow web traffic. Regular HTTP uses TCP port 80, and encrypted HTTPS traffic uses TCP port 443.


iptables -A INPUT -p udp --dport 1194 -j ACCEPT

This is a less commonly used port, but here is an example of how to open port 1194 utilizing the UDP protocol instead of TCP. Note that in this example we’ve specified UDP by using -p udp.


How Do I Allow an IP Address in Ubuntu?

iptables -A INPUT -s 192.168.0.100 -j ACCEPT

You can configure iptables to always accept connections from an IP address, regardless of what port the connections arrive on. This is commonly referred to as “whitelisting”, and can be helpful in certain circumstances. We’re whitelisting 192.168.0.100 in this example. Typically you would want to be very restrictive with this action and only allow trusted sources.


How Do I Block an IP Address in Ubuntu?

iptables -A INPUT -s 192.168.0.200 -j DROP

You can also use iptables to block all connections from an IP address or IP range, regardless of what port they arrive on. This can be helpful if you need to block specific known malicious IPs. We’re using 192.168.0.200 as our IP to block in this example.


How Do I Block All Other Ports?

iptables -P INPUT DROP

Next, we tell iptables to block all other inputs. We’re only allowing a few specific ports in our example, but if you had other ports needed, be sure to insert them before issuing the DROP command.


How Do I Forward Traffic in Ubuntu?

iptables -P FORWARD DROP

Likewise, we’re going to drop forwarded packets. Iptables is very powerful, and you can use it to configure your server as a network router. Our example server isn’t acting as a router, so we won’t be using the FORWARD chain.


How Do I Allow All Outbound Traffic?

iptables -P OUTPUT ACCEPT

Finally, we want to allow all outgoing traffic originating from our server. We’re mostly worried about outside traffic hitting our server, and not blocking our own box from accessing the outside world.


How Do I Permanently Save IP Rules?

To make your firewall rules persist after a reboot, we need to save them. The following command will save the current ruleset:

/sbin/iptables-save


How Do I Reset My Iptable?

To wipe out all existing firewall rules and return to a blank slate, you can issue the following command. Remember that an empty iptables configuration allows all traffic to your server, so you typically would not want to leave your server unprotected in this state for very long. Nevertheless, this can be very helpful when configuring new firewall rulesets and you need to revert to a blank slate.

iptables -F

 

We’ve covered a lot of ground in this article! Configuring iptables can seem like a daunting process when first looking at an extensive firewall ruleset, but if you break down the rules one at a time, it becomes much easier to understand the process. When used correctly, iptables is an indispensable tool for hardening your server’s security. Liquid Web customers enjoy our highly trained support staff, standing by 24×7, if you have questions on iptables configurations. Have fun configuring your firewall!

How to Install Squid Proxy Server on Ubuntu 16.04

Reading Time: 6 minutes

A Squid Proxy Server is a feature rich web server application that provides both reverse proxy services and caching options for websites. This provides a noticeable speed up of sites and allows for reduced load times when being utilized.

Squids reverse proxy is a service that sits between the Internet and the web server (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access. A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

Squid can be used as a caching service to SSL requests as well as DNS lookups. It can also provide a wide variety of support to multiple other types of caching protocols, such as ICP, HTCP, CARP, as well as WCCP. Squid is an excellent choice for many types of setups as it provides very granular controls by offering numerous system tools, as well as a monitoring framework using SNMP to provide a solid base for your caching needs.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Installing Squid

Let’s start by ensuring our server is up to date:
[root@test ~]# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]Hit:2 http://us.archive.ubuntu.com/ubuntu xenial InReleaseHit:3 http://ppa.launchpad.net/libreoffice/ppa/ubuntu xenial InReleaseGet:4 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]Get:5 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]Fetched 325 kB in 0s (567 kB/s)Reading package lists... Done

Next, at the terminal prompt, enter the following command to install the Squid server:
[root@test ~]# apt install squid
Reading package lists... DoneBuilding dependency treeReading state information... DoneThe following packages were automatically installed and are no longer required:linux-headers-4.4.0-141 linux-headers-4.4.0-141-generic linux-image-4.4.0-141-genericUse 'apt autoremove' to remove them.
The following additional packages will be installed:
libecap3 squid-common squid-langpack ssl-cert
Suggested packages:
squidclient squid-cgi squid-purge smbclient ufw winbindd openssl-blacklist
The following NEW packages will be installed:
libecap3 squid squid-common squid-langpack ssl-cert
0 upgraded, 5 newly installed, 0 to remove and 64 not upgraded.
Need to get 2,672 kB of archives.
After this operation, 10.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Fetched 2,672 kB in 0s (6,004 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libecap3:amd64.
(Reading database ... 160684 files and directories currently installed.)
Preparing to unpack .../libecap3_1.0.1-3ubuntu3_amd64.deb ...
Unpacking libecap3:amd64 (1.0.1-3ubuntu3) ...
Selecting previously unselected package squid-langpack.
Preparing to unpack .../squid-langpack_20150704-1_all.deb ...
Unpacking squid-langpack (20150704-1) ...
Selecting previously unselected package squid-common.
Preparing to unpack .../squid-common_3.5.12-1ubuntu7.6_all.deb ...
Unpacking squid-common (3.5.12-1ubuntu7.6) ...
Selecting previously unselected package ssl-cert.
Preparing to unpack .../ssl-cert_1.0.37_all.deb ...
Unpacking ssl-cert (1.0.37) ...
Selecting previously unselected package squid.
Preparing to unpack .../squid_3.5.12-1ubuntu7.6_amd64.deb ...
Unpacking squid (3.5.12-1ubuntu7.6) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up libecap3:amd64 (1.0.1-3ubuntu3) ...
Setting up squid-langpack (20150704-1) ...
Setting up squid-common (3.5.12-1ubuntu7.6) ...
Setting up ssl-cert (1.0.37) ...
Setting up squid (3.5.12-1ubuntu7.6) ...
Skipping profile in /etc/apparmor.d/disable: usr.sbin.squid
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...

That’s it! The install is complete!

 

Configuring Squid

The default Squid configuration file is located in the ‘/etc/squid/ directory, and the main configuration file is called “squid.conf”. This file contains the bulk of the configuration directives that can be modified to change the behavior of Squid. The lines that begin with a “#”, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

[root@test ~]# cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

 

Change Squid’s Default Listening Port

Next, the Squid proxy servers default port is 3128. You can change or modify this setting to suit your needs should you wish to modify the port for a specific reason or necessity. To change the default Squid port, we will need to edit the Squid configuration file and change the “http_port” value (on line 1599) to a new port number.

[root@test ~]# vim /etc/squid/squid.conf
http_port 2946

(Keep the file open for now…)

 

Change Squid’s Default HTTP Access Port

Next, to allow external access to the HTTP proxy server from all IP addresses, we need to edit the “http_access” directives. By default, the HTTP proxy server will not allow access to anyone at all unless we explicitly allow it!

Caution!:
Multiple settings mention http_access. We want to modify the last entry.

1164 # Deny requests to certain unsafe ports
1165 http_access deny !Safe_ports
...
1167 # Deny CONNECT to other than secure SSL ports
1168 http_access deny CONNECT !SSL_ports
...
1170 # Only allow cachemgr access from localhost
1171 http_access allow localhost manager
1172 http_access deny manager
...
1186 #http_access allow localnet
1187 http_access allow localhost
...
1189 # And finally deny all other access to this proxy
1190 http_access deny all
# > change to “allow all” <

Now, let’s save and close the configuration file using vim’s :wq command.

 

Define the Default NIC Card Squid Listens On

If you would like Squid to listen on a specific NIC (in a server with multiple NIC cards), you can update the configuration file with the NIC’s IP address that Squid will listen on.

For example, we can change it to an internal IP of 10.1.1.5:3128

 

Define Who Can Access the Proxy Server

Next, we’ll setup who is allowed access to our Squid proxy. Locate the http_access section (which should begin around line 1860) and uncomment the following two lines:#acl our_networks src 10.1.1.0/16 10.1.2.0/16
#http_access allow our_networks
-- VVV change to VVV --
acl our_networks src 10.1.1.0/16 10.1.2.0/16
http_access allow our_networks

You will need to modify the IP ranges (10.1.1.0/16 10.1.2.0/16) to your own internal IP’s to match what your network uses unless you have several subnets you can use. (Netmasks are further explained here.)

 

Define the Hours that are Available to Access the Proxy

You can literally control the hours of access to the proxy server! The ACL section starts about line 673:
671 # none
672
673 #  TAG: acl
674 #  Defining an Access List
675 #
To set this up, let’s add this info to the bottom of the ACL section of the /etc/squid/squid.conf file:

acl liquidweb src 10.1.10.0/24
acl liquidweb time M T W T F 9:00-17:00
Granted, this is an example using liquidweb as the business name, but you can use any name.

 

Other ACL options include:

***** ACL TYPES AVAILABLE *****
711 #
712 #       acl aclname src ip-address/mask ...     # clients IP address [fast] 713 #       acl aclname src addr1-addr2/mask ...    # range of addresses [fast] 714 #       acl aclname dst [-n] ip-address/mask ...        # URL host's IP address [slow] 715 #       acl aclname localip ip-address/mask ... # IP address the client connected to [fast] 717 #       acl aclname arp      mac-address ... (xx:xx:xx:xx:xx:xx notation)
...
730 #       acl aclname srcdomain   .foo.com ...
731 #         # reverse lookup, from client IP [slow] 732 #       acl aclname dstdomain [-n] .foo.com ...
733 #         # Destination server from URL [fast] 734 #       acl aclname srcdom_regex [-i] \.foo\.com ...
735 #         # regex matching client name [slow] 736 #       acl aclname dstdom_regex [-n] [-i] \.foo\.com …

… (all the way down to line 989)

968 # Example rule allowing access from your local networks.
969 # Adapt to list your (internal) IP networks from where browsing
970 # should be allowed
971 #acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
972 #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
973 #acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
974 #acl localnet src fc00::/7       # RFC 4193 local private network range
975 #acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
976
977 acl SSL_ports port 443
978 acl Safe_ports port 80          # http
979 acl Safe_ports port 21          # ftp
980 acl Safe_ports port 443         # https
981 acl Safe_ports port 70          # gopher
982 acl Safe_ports port 210         # wais
983 acl Safe_ports port 1025-65535  # unregistered ports
984 acl Safe_ports port 280         # http-mgmt
985 acl Safe_ports port 488         # gss-http
986 acl Safe_ports port 591         # filemaker
987 acl Safe_ports port 777         # multiling http
988 acl CONNECT method CONNECT
989

All Squid Configuration Options

A full accounting of Squid’s available configurations can be found here:

(Make sure you plan to take some time because there is a lot of info there)

Restart Squid

After making those changes, let’s restart the Squid service to reload the configuration file.

[root@test ~]# systemctl restart squid.service

 

Other Important File Locations for Squid

 

Even More Information about Squid

How Can We Help?

Our Most Helpful Humans in Hosting can provide clarity and further information about Squid and how it can be utilized in our specific environments.  Our Support team contains many talented individuals with intimate knowledge of web hosting technologies, especially like those discussed in this article. If you are uncomfortable walking through the steps outlined here, we are just a phone call, chat or ticket away from providing you info to walk you through the process. Let us assist you today!

 

 

How To Set Up Multiple PHP Versions in Webmin

Reading Time: 4 minutes

What is Webmin?

Webmin is a browser-based graphical interface to help you administrate your Linux server.  Much like cPanel or Plesk, Webmin allows you to set up and manage accounts, Apache, DNS zones, users and configurations.  As these configurations can get somewhat complicated Webmin works to simplify this process. The result is fewer issues during server and domain setup.  Which results in a stable server and a pleasant administration experience. Unlike Plesk or cPanel, Webmin is completely free and open to the public. Unfortunately, here at Liquid Web, we do not offer managed support for Webmin, but we are always willing to assist as much as possible when issues arise.   You can download Webmin from their site. Also, you can find some excellent documentation on this interface.

 

Installing Webmin

Before beginning “if you have not already” you will need to install Webmin on your server.  For this article, we will mainly be working with Webmin installed on a Ubuntu server. However, it is very similar to CentOS therefore we have included instructions for both operating systems below.

  • First, you will need to access your server SSH. If you are not sure how to SSH into your server, please visit our link on the subject.  
  • Once you are logged into your server SSH, please run the following commands in order or copy and paste the entire syntax.
Debian/Ubuntu

sudo sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'wget -qO - http://www.webmin.com/jcameron-key.asc | sudo apt-key add -
sudo apt-get updatesudo apt-get install webmin

CentOS/RedHat/Fedora

(echo "[Webmin] name=Webmin Distribution Neutral
baseurl=http://download.webmin.com/download/yum
enabled=1
gpgcheck=1
gpgkey=http://www.webmin.com/jcameron-key.asc" >/etc/yum.repos.d/webmin.repo;
yum -y install webmin)

 

Accessing Webmin

Webmin is a web-based application.  So once Webmin is installed, you can access Webmin by using a browser of your choice.   Be sure to make sure port 10000 is open on your server as Webmin utilizes this port to function.  We have included steps below to ensure the correct port is open for iptables and firewalld.

IPTABLES

iptables-save > /tmp/tabsav
vi /tmp/tabsav
iptables-restore < /tmp/tabsav
You should be able to use the command above to alter you iptables to look something like what we have included below.
# Generated by iptables-save v1.4.7 on Thu Jan 3 00:02:49 2019
*filter
:INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3044:1198306] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Jan 3 00:02:49 2019

FirewallD

firewall-cmd --zone=public --add-port=10000/tcp --permanent
firewall-cmd --reload

Once you have made sure port 10000 is open, you should be able to access the Webmin interface by entering in your servers IP address followed by the port number “10000”

Example:   https://192.168.1.100:10000             <—— 192.168.1.100 should be replaced with your server IP.

Installing PHP Versions in Webmin

There is a lot of situations where we may need to use multiple PHP versions.  For example, you may have multiple domains or applications on your server that require an older version of PHP while at the same time you may have newer domains that are configured for newer versions of PHP.   For this article, we will be installing PHP7 and PHP5.6 on Debian.

Step 1: First, you will want to SSH into your server and run the following command.
apt-get install php7.0-cli php7.0-fpmYou can check the installation after it has completed by running php –v in your terminal.

Step 2: Now here is where things tend to get tricky.  By default, Debian only offers a single PHP version in the official repository. So, we will have to add an additional repository for Debian. While adding this repository, it is good practice to enable HTTPS for APT and register the APT key. You can accomplish this by executing the commands we have included below.

apt-get install apt-transport-https
curl https://packages.sury.org/php/apt.gpg | apt-key add -
echo 'deb https://packages.sury.org/php/ stretch main' > /etc/apt/sources.list.d/deb.sury.org.list
apt-get update

Once the repository is added, we can go ahead and add our second PHP version to the server.

apt-get install php5.6-cli php5.6-fpmWe can now check both PHP versions on the server by running these commands.

php7.0 -V

Output:


php5.6 -V

Output:

Now that we have confirmed both PHP versions are installed you can access their configuration files in the following directories.

  • /etc/php/5.6/cli/php.ini
  • /etc/php/7.0./cli/php.ini

Step 3: To make things easier, later on, we will want to add the location of the configuration files to Webmin.  This can be done from within the Webmin interface.

  1. Log into Webmin
  2. Navigate to Others >> PHP Configuration
  3. Add the PHP configuration file location
  4. Click Save

You can use this tool to add and edit directives for different PHP versions. For example, you’ll be able to edit PHP’s memory limit, timeout length, extensions and more.  This simply helps consolidate configurations within one interface. From here we can just use a .htaccess file to specify what version of PHP a site should use.

Step 4: If you do not have this file already within your document root you can add this file by navigating to /var/www/exampledomain/  and running the following command to indicate which PHP version you are going to use.

echo "AddHandler application/x-httpd-php56 .php" >  .htaccess  | chown exampleuser. .htaccess

echo "AddHandler application/x-httpd-php70.php" >  .htaccess  | chown exampleuser. .htaccess

Step 5: Once you have completed this, you can test to see if your site is running on the desired PHP version.  You can accomplish this by creating a PHP information page. by making a file in your document root, usually in the path of /var/www/html/

You will want to insert the code below and save the file.

<? phpinfo(); ?>   After you have created this file, you can view the page by visiting your domain followed by the name of the file you created.  For example, www.example.com/phpinfo.php.

Congratulations you can now use Webmin to accomplish your daily admin tasks!  Take a look at our Cloud VPS servers for 24/7 support and lightening speed servers!

Improving Security for your Remote Desktop Connection

Reading Time: 4 minutes

Remote Desktop Protocol (RDP) is the easiest and most common method for managing a Windows server. Included in all versions of Windows server and has a built-in client on all Windows desktops. There are also free applications available for Macintosh and Linux based desktops. Unfortunately, because it is so widely used, RDP is also the target of a large number of brute force attacks on the server. Malicious users will use compromised computers to attempt to connect to your server using RDP. Even if the attack is unsuccessful in guessing your administrator password, just the flood of attempted connections can cause instability and other performance issues on your server. Fortunately, there are some approaches you can use to minimize your exposure to these types of attacks. Continue reading “Improving Security for your Remote Desktop Connection”

Install Nginx on Ubuntu 16.04

Reading Time: 2 minutes

Nginx is an open source Linux web server that accelerates content while utilizing low resources. Known for its performance and stability Nginx has many other uses such as load balancing, reverse proxy, mail proxy, and HTTP cache. With all these qualities it makes a definite competitor for Apache. To install Nginx follow our straightforward tutorial. Continue reading “Install Nginx on Ubuntu 16.04”

How To Change the SNMP Port on CentOS

Reading Time: 2 minutes
SNMP 101: The Basics
I. How To Install and Configure SNMP on CentOS
II. How To Change the SNMP Port on CentOS
Introduction

SNMP, or Simple Network Management Protocol, is widely used to communicate with and monitor network devices, servers, and more, all via IP. In the previous article, we installed an SNMP agent on a CentOS 6.5 server. This agent allows for the collection of data from our server and makes the information available to a remote SNMP manager. To add a little security, we’ll now change the port that SNMP listens on.

Pre-Flight Check
  • These instructions are intended for changing the SNMP port.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.
  • SNMP is installed and configured per the tutorial on How To Install and Configure SNMP on CentOS.

Continue reading “How To Change the SNMP Port on CentOS”