Mass IP addresses change in Plesk Control Panel
Solution: Using the special utility reconfigurator.pl in Plesk
#/usr/local/psa/bin/reconfigurator.pl
Plesk reconfigurator - utility to change IP addresses used by
Plesk Server Administrator
usage:
/usr/local/psa/bin/reconfigurator.pl
If doesn’t exists - template will be created, otherwise it will be used to map IP addresses.
There is the special utility reconfigurator.pl in Plesk that allows you to change IPs in Plesk base and reconfigure domain settings with new IPs.
This utility is available in the /usr/local/psa/bin directory.
The new IP addresses must NOT exist in Server > IP Addresses list in Plesk control panel before replacement, they may be added on system level only. If IP addresses do not exist in the system, the utility will add new IPs to the system as well.
To view the IP addresses you have at your disposal:
Go to Home > IP Addresses (in the Server group).
To add a new IP address to the server:
Go to Home > IP Addresses (in the Server group) and click Add IP Address.
To remove an IP address from the server:
Go to Home > IP Addresses (in the Server group).
Select the respective check box and click Remove, confirm removal and click OK.
To assign an IP address to a user:
Go to Home > IP Addresses (in the Server group) and click the respective number in the Clients column, then click Assign.
Select the user account you need and click OK.
Select the network interface for the new IP from the Interface drop-down box. All network cards installed on your server are shown in this drop-down box.
To change an IP address allocation type (shared, exclusive) or assign another SSL certificate to an IP address:
Go to Home > IP Addresses (in the Server group) and click the IP address you need.
Select the IP address allocation type and SSL certificate you need, and click OK.
When you obtain a new IP address that you would like to use on the server, you should add the address through the control panel, as Parallels Plesk Panel might not recognize manual modifications you make to the network configuration files.
With Parallels Plesk Panel you can mark all your IP addresses as shared or dedicated before you assign them to your customers. This allows the control panel to distinguish between them and not to let you assign a dedicated IP address to several customers at once. A dedicated IP address can be assigned to a single customer, while a shared IP address can be shared among several user accounts.
Disable ICMP Redirect and Enable IP Spoofing Protection
ICMP redirects are used by routers to tell the server that there is a better path to other networks than the one chosen by the server.
However, an intruder could potentially use ICMP redirect packets to alter the hosts’s routing table by causing traffic to use a path you didn’t intend.
To disable ICMP Redirect Acceptance, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.accept_redirects = 0
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
Enable IP Spoofing Protection
IP spoofing is a technique where an intruder sends out packets which claim to be from another host by manipulating the source address. IP spoofing is very often used for denial of service attacks.
To enable IP Spoofing Protection, turn on Source Address Verification.
Edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.rp_filter = 1
Allowing connections to the SSH service from one IP using APF
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.
APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server.
Login to your server as the root user.
cd /etc/apf
vi /etc/apf/allow_hosts.rules
Add the following in:
tcp:in:d=22:s=IP-ADDRESS
out:d=22:d=IP-ADDRESS
The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.
Save the changes.
vi /etc/apf/deny_hosts.rules
Add the following:
tcp:in:d=22:s=0/0
out:d=22:d=0/0
Save the changes.
Restart APF firewall
How can I change Webmin’s list of allowed IP addresses from the shell?
The file you need to modify is
/etc/webmin/miniserv.conf , in particular the allow= or deny= lines.
If the allow= line exists, it contains a list of all addresses and networks that are allowed to connect to Webmin. Similarly, the deny= line contains addresses that are not allowed to connect.
After modifying this file, you need to run
/etc/webmin/stop ; /etc/webmin/start
for the changes to take effect. Naturally, the file can only be edited by the root user.
