firewall settings

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
rsail
Level 1
Level 1
Posts: 16
Joined: Wed Oct 21, 2020 9:50 am

firewall settings

Post by rsail »

I'm running a VM linux-mint with virtualbox and also use winscp. I've set up a firewall rule named SSH that has 22/tcp allow in anywhere and 22/tcp(v6) in anywhere. This works but I'm a little confused. Is there a way to restrict access so only winscp has access?
Welcome
Level 5
Level 5
Posts: 572
Joined: Wed Aug 19, 2020 11:38 am

Re: firewall settings

Post by Welcome »

rsail wrote:
Tue Oct 27, 2020 6:12 pm
I'm running a VM linux-mint with virtualbox and also use winscp. I've set up a firewall rule named SSH that has 22/tcp allow in anywhere and 22/tcp(v6) in anywhere. This works but I'm a little confused. Is there a way to restrict access so only winscp has access?
No, not that I know of. But, you can restrict the IP addresses that can access the system's OpenSSH server, and you can restrict the user name(s). Do you want some help setting up some restrictions?
rickNS
Level 5
Level 5
Posts: 901
Joined: Tue Jan 25, 2011 11:59 pm

Re: firewall settings

Post by rickNS »

Save yourself some headache, and leave it turned off, especially if you use a router. Especially also in a VM.
https://averagelinuxuser.com/linux-firewall/
Mint 19.0 mate on 2 identical Thinkpad T420's
rsail
Level 1
Level 1
Posts: 16
Joined: Wed Oct 21, 2020 9:50 am

Re: firewall settings

Post by rsail »

Welcome wrote:
Wed Oct 28, 2020 2:49 pm
rsail wrote:
Tue Oct 27, 2020 6:12 pm
I'm running a VM linux-mint with virtualbox and also use winscp. I've set up a firewall rule named SSH that has 22/tcp allow in anywhere and 22/tcp(v6) in anywhere. This works but I'm a little confused. Is there a way to restrict access so only winscp has access?
No, not that I know of. But, you can restrict the IP addresses that can access the system's OpenSSH server, and you can restrict the user name(s). Do you want some help setting up some restrictions?
Your help would be awesome. Here's my setup. I have a windows 10 desktop running pro (2004). I'm using virtualbox and have running linux-mint cinnamon 20. I would like to restrict access to the VM so that only I can access it from the desktop. I do want to be able to share my files between guest and host in both directions. Does that make sense?
Welcome
Level 5
Level 5
Posts: 572
Joined: Wed Aug 19, 2020 11:38 am

Re: firewall settings

Post by Welcome »

Makes sense, but I've never tried this in your specific set up, so it'll be a little experiment. Backup is always recommend before trying something new, and please be careful when performing the steps below.

In Linux Mint, I assume you're running OpenSSH. You'll want to just do a few simple steps to limit access based on IP addresses and maybe user name. I'll assume you're using a 192.168.xxx.xxx LAN, and that the comms between Linux Mint and Windows are using this range of IP addresses. If not, we'll need to adjust the IP addresses in my examples below. Nano is fairly easy to use, use arrows to move around, type in stuff, Ctrl-o to save (write out), and Ctrl-x to exit. If at the end of a file, always add an extra blank line at the bottom.

Step 1: Edit /etc/hosts.allow:

Code: Select all

sudo nano /etc/hosts.allow
Step 2: Add the following line at the bottom, save and exit

Code: Select all

sshd: 192.168.
Step 3: Edit /etc/hosts.deny:

Code: Select all

sudo nano /etc/hosts.deny
Step 4: Add the following line at the bottom, save and exit:

Code: Select all

sshd: ALL
Step 5: Edit /etc/ssh/sshd_config:

Code: Select all

sudo nano /etc/ssh/sshd_config
Step 6: Add the following lines, save and exit: (find a good spot, maybe right after # Authentication:)

Code: Select all

AllowUsers your-user-name-goes-here
PermitRootLogin no
Step 7: Restart sshd:

Code: Select all

/etc/init.d/ssh restart
--- OR ---

Code: Select all

sudo systemctl restart ssh
Test it to ensure you can access Linux with winscp. I'll keep my fingers crossed.
Post Reply

Return to “Software & Applications”