Linux Security

June 18th, 2020


When running Mango on linux it is generally desirable to expose Mango on port 80 and 443 which require privileged access. This document describes how to configure linux to run Mango on these ports safely.

  1. Create a user named ‘mango’ and unzip the core into the desired location as the mango user.

  2. configure mango to run on ports 8080 and 8443

  3. setup ip tables to route messages from 80 <->8080 and 443 <-> 8443

Setup ip tables by executing the following commands

    sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

    sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

    sudo iptables -t nat -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

    sudo iptables -t nat -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

    #persist the results across reboots (Doesn't work on Amazon linux 2)
    #Amazon Linux 2: sudo yum install iptables-services
    sudo service iptables save

Setup ip v6 tables

    sudo ip6tables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

    sudo ip6tables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

    sudo ip6tables -t nat -A OUTPUT -d ::1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

    sudo ip6tables -t nat -A OUTPUT -d ::1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

    sudo service ip6tables save

Copyright © 2020 Radix IoT, LLC.