[GLLUG] Anyone know how webmin does its dirty work?

John Winters john at sinodun.org.uk
Sat Dec 29 16:38:28 UTC 2012 

Wanting a quick firewall setup on a Thecus N2100 (headless ARM box, 
running Debian Wheezy), I made the mistake of installing webmin.  I 
created an initial firewall configuration with everything set to ACCEPT, 
but didn't activate it.  I then stopped for the day, and the next time I 
booted, neither NIC would respond to any kind of incoming traffic.

I'm now trying to recover the box, but I'm struggling to work out where 
exactly webmin has done the damage.  (I can remove the HDD and mount it 
in another machine, but I have no serial console for the Thecus, nor do 
I have the parts here to make one.)  I'm getting bored moving the HDD 
backwards and forwards.

I've found a file which webmin seems to have created:

/etc/iptables.up.rules

# Generated by iptables-save v1.4.14 on Mon Dec 24 21:08:49 2012
*nat
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Dec 24 21:08:49 2012
# Generated by iptables-save v1.4.14 on Mon Dec 24 21:08:49 2012
*mangle
:PREROUTING ACCEPT [356:23831]
:INPUT ACCEPT [354:23725]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [328:136147]
:POSTROUTING ACCEPT [328:136147]
COMMIT
# Completed on Mon Dec 24 21:08:49 2012
# Generated by iptables-save v1.4.14 on Mon Dec 24 21:08:49 2012
*filter
:INPUT ACCEPT [1429:98896]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1412:498738]
COMMIT
# Completed on Mon Dec 24 21:08:49 2012

but I've yet to find either a) the invocation of iptables-save which 
created this, or b) the invocation of iptables-restore which later loads 
it.  Nor does it seem to me to contain anything which would do the damage.

I've tried putting:

iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

at the end of /etc/rc.local but without making any difference.

The box boots fine, but I can't uninstall webmin until I can find a way 
to communicate with it once it's booted.

Any suggestions?

John

P.S.  Apologies if I'm being very stupid.  I've been laid up for the 
last week and my brain isn't really going again yet.

More information about the GLLUG mailing list