dco webmin security

DCIM_Support · ‎2020-07-03

Hi,

As part of a standard security configuration, i have restricted access to the Webmin page of the DCO nodes to a specified IP list/VLAN. We have recently moved buildings and the old VLAN ranges are not available and i have forgotten to update the access list before the move.

How can I gain access to the Webmin interface to update this access list?

Many thanks, Mike

DCIM_Support · ‎2020-07-03

Hi Mike, I think the configuration files for the IP access control would be /etc/hosts.allow and /etc/hosts.deny. I would try "ssh log in" to the server, edit the file /etc/hosts.allow (using vi-editor or nano), and then add the IP for the workstation/host that needs Webmin access, so I can log in to Webmin and update the list. Kind regards

DCIM_Support · ‎2020-07-03

Hi Jef,

Unfortunately this had no effect but I have now managed to resolve the issue after some workarounds.

I had to spin up a temporary virtual machine on the old VLAN to gain access whilst I set the restrictions on all nodes to allow all. However, this wasn't enough to allow me to access from the new site and in the end had to resort to manually editing the iptables via an SSH session to each host. There was an entry remaining in the iptables that was still restricting access despite them being removed from the Webmin interface. by adding a line similar to the below to the iptables and removing the line specifying the old restriction I am now able to access the interfaces again:

iptables -l INPUT 19 -p tcp s IPSUBNET -dport webmin -j ACCEPT

Needless to say this was not an ideal solution but it did work.

Regards, Mike

DCIM_Support · ‎2020-07-03

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.