Hello. I’m new with Hestia and not expert with Ubuntu, but ready to learn.
I have a vps in hostinger, with ubuntu 22 and hestia.
I need to allow certain customers to access mysql remotely. They have a dynamic ip (no-ip) but I don’t know how to config dynamic ips in hestia fairewall. It doesn’t let me write a dymanic ip in ip field.
I have already read documtation and topics in formum but still can’t find the way.
Can anybody help me?
Thanks
As long as your server has an static IP you are fine.
Mmmm… I don’t know if I understand your answer correctly. Perhaps I didn’t explain enaugh.
I have a c# system, that runs with a web mysql database , hosted in Hostinger. So , my client has a dynamic ip (no-ip) because he has not a static ip in his office.
What I need is to let this dynamic ip to access a mysql database.
I tried with static ips and everything is ok. But how to use a dynamic ip?
thankyou again for your help
It is wonderful to see that people spend some time to help others
iptables doesn’t support to work with hostnames, only ips so if you want to do that, you should create a script that checks the current ip of the remote client and if it changed, remove the old ip and add the new one to the iptables rules.
1 Like
If you want to test/use it, I’ve made a script to do the task.
When the script is executed the first time, it will create a new rule for the dyn host. If the dyn host ip changes, the script will add a new rule for the new ip and also will remove the rule for the old ip.
To install the script:
sudo su -
mkdir -p /var/lib/add_fw_rule_dyn/bin/
cd /var/lib/add_fw_rule_dyn/bin/
curl -sSL https://7j.gg/addfwdyn -o add_fw_rule_dyn
chmod +x add_fw_rule_dyn
The script needs 2 arguments the dyn host that you want to resolve and the port you want to open.
Example:
/var/lib/add_fw_rule_dyn/bin/add_fw_rule_dyn dyn.example.com 3306
To create a cron job that runs every 5 minutes, will check the ip of dyn.example.com and will open port 3306 (remember to replace the host and port with the actual data).
sudo su -
(crontab -l 2>/dev/null; echo "*/5 * * * * /var/lib/add_fw_rule_dyn/bin/add_fw_rule_dyn dyn.example.com 3306") | crontab -
Just in case, this is the script:
#!/usr/bin/env bash
set -o pipefail
if [[ $EUID -ne 0 ]]; then
echo "Script must be executed as root user" >&2
exit 1
fi
BIN="/usr/local/hestia/bin"
basedir="/var/lib/add_fw_rule_dyn"
host="$1"
port="$2"
iplist="$basedir/${host}_${port}.iplist"
cur_ip=""
saved_ip=""
if [[ -z $host ]]; then
echo "Usage $0 domainname port"
exit 1
fi
if [[ -z $port ]]; then
echo "Usage $0 domainname port"
exit 1
fi
if [[ ! -d $basedir ]]; then
mkdir -p "$basedir"
fi
if ! cur_ip="$(dig +short "$host" | tail -n1)"; then
echo "Error resolving domain $host"
exit 2
fi
if [[ -z $cur_ip ]]; then
echo "Error, host $host is not resolving"
exit 3
fi
if [[ -f $iplist ]]; then
saved_ip="$(head -n1 "$iplist")"
fi
if [[ "$cur_ip" == "$saved_ip" ]]; then
exit
fi
if [[ -n $saved_ip ]]; then
if rulesavedip="$("$BIN"/v-list-firewall plain | sed -E 's/\s{1,}/ /g' | grep -E "\s$port\s$saved_ip\s")"; then
rule_number="$(cut -d ' ' -f1 <<<"$rulesavedip")"
"$BIN"/v-delete-firewall-rule "$rule_number"
fi
fi
if ! "$BIN"/v-list-firewall plain | sed -E 's/\s{1,}/ /g' | grep -E "\s$port\s$cur_ip\s"; then
"$BIN"/v-add-firewall-rule ACCEPT "$cur_ip" "$port" TCP DYN_IP
fi
echo "$cur_ip" >"$iplist"
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.