Articles in this section

Service Access Script Template

Rey Lamuri
  • Updated
Follow

Please read the Script Templates section in Lighthouse manual https://ftp.opengear.com/download/documentation/manual/current/lighthouse/ and the following article as it explains Script Templates usage, how to upload and apply to specific nodes.

https://opengear.zendesk.com/hc/en-us/articles/115004747366-Configuration-Templating-on-Lighthouse-5 

Note: Use the freely available Notepad++ which allows you to save the script with Unix (LF) line endings, not DOS (CRLF) line endings.  Ensure any 'single' and "double" quotation marks have not been converted into curly “smart quotes”. Applying scripts with DOS (CRLF) line endings will break node configuration.

From factory default settings, services such as HTTPS, ICMP, SSH listens on specific interface. This can be displayed via the GUI "System -> Services -> Service Access".

To reset all Service Access to factory defaults:

Paste the commands below into the CLI.

config \
-d config.dialin.services \
-d config.dialout.services \
-d config.lan.services \
-d config.vpn.services \
-d config.wan.services \
-d config.wlan.services \
-a

 

Setup Custom Service Access 

Here's an example to permit HTTPS, ICMP and SSH on NET1 (Network Interface).

Service_Access_Network_Interface.png

SSH into the Node and run the following command to generate the configuration.

echo "config \\" ; for val in {dialin,dialout,lan,vpn,wan,wlan}; do echo "-d config.$val.services \\" ; config -g config.$val.services | sed -e 's/ /=\'\''/' -e 's/$/'\'' \\/' -e 's/^/-s /'; done; echo "-a"

 

Here is the output. The lines starting with "-d" deletes existing interface configuration before applying the new settings.

Note:  "modified=true" line is required for custom settings, otherwise the "enabled" services will be ignored and this interface retains it's factory settings.

config \
-d config.dialin.services \
-s config.dialin.services.dns.enabled='on' \
-s config.dialin.services.ftp.enabled='on' \
-s config.dialin.services.https.enabled='on' \
-s config.dialin.services.modified='true' \
-s config.dialin.services.nagios_nrpe.enabled='on' \
-s config.dialin.services.ntp.enabled='on' \
-s config.dialin.services.nut.enabled='on' \
-s config.dialin.services.ping.enabled='on' \
-s config.dialin.services.rfc2217_ports.enabled='on' \
-s config.dialin.services.snmp.enabled='on' \
-s config.dialin.services.ssh.enabled='on' \
-s config.dialin.services.ssh_ports.enabled='on' \
-s config.dialin.services.tcp_ports.enabled='on' \
-s config.dialin.services.telnet_ports.enabled='on' \
-s config.dialin.services.tftp.enabled='on' \
-s config.dialin.services.unauthssh.enabled='on' \
-s config.dialin.services.unauthtel.enabled='on' \
-d config.dialout.services \
-s config.dialout.services.https.enabled='on' \
-s config.dialout.services.modified='true' \
-s config.dialout.services.ping.enabled='on' \
-s config.dialout.services.ssh.enabled='on' \
-s config.dialout.services.ssh_ports.enabled='on' \
-d config.lan.services \
-s config.lan.services.dns.enabled='on' \
-s config.lan.services.ftp.enabled='on' \
-s config.lan.services.https.enabled='on' \
-s config.lan.services.lldp.enabled='on' \
-s config.lan.services.modified='true' \
-s config.lan.services.nagios_nrpe.enabled='on' \
-s config.lan.services.ntp.enabled='on' \
-s config.lan.services.nut.enabled='on' \
-s config.lan.services.ping.enabled='on' \
-s config.lan.services.rfc2217_ports.enabled='on' \
-s config.lan.services.snmp.enabled='on' \
-s config.lan.services.ssh.enabled='on' \
-s config.lan.services.ssh_ports.enabled='on' \
-s config.lan.services.tcp_ports.enabled='on' \
-s config.lan.services.telnet_ports.enabled='on' \
-s config.lan.services.tftp.enabled='on' \
-s config.lan.services.unauthssh.enabled='on' \
-s config.lan.services.unauthtel.enabled='on' \
-d config.vpn.services \
-s config.vpn.services.dns.enabled='on' \
-s config.vpn.services.ftp.enabled='on' \
-s config.vpn.services.https.enabled='on' \
-s config.vpn.services.modified='true' \
-s config.vpn.services.nagios_nrpe.enabled='on' \
-s config.vpn.services.ntp.enabled='on' \
-s config.vpn.services.nut.enabled='on' \
-s config.vpn.services.ping.enabled='on' \
-s config.vpn.services.rfc2217_ports.enabled='on' \
-s config.vpn.services.snmp.enabled='on' \
-s config.vpn.services.ssh.enabled='on' \
-s config.vpn.services.ssh_ports.enabled='on' \
-s config.vpn.services.tcp_ports.enabled='on' \
-s config.vpn.services.telnet_ports.enabled='on' \
-s config.vpn.services.tftp.enabled='on' \
-s config.vpn.services.unauthssh.enabled='on' \
-s config.vpn.services.unauthtel.enabled='on' \
-d config.wan.services \
-s config.wan.services.https.enabled='on' \
-s config.wan.services.modified='true' \
-s config.wan.services.ping.enabled='on' \
-s config.wan.services.ssh.enabled='on' \
-d config.wlan.services \
-a

 

The interface key words.

  • "dialin" for Analog Modem
  • "dialout" for Cellular Modem
  • "lan" for Management LAN
  • "vpn" for OpenVPN or IPSEC tunnel interface
  • "wan" for Network interface
  • "wlan" for Wireless LAN

 The commands can be copied and pasted directly on the Console Server CLI or saved in a file (attached) and deployed via Lighthouse Script Template.

 

 

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk