Knockd installation :

Step 1

[root@localhost ~]# wget http://www.invoca.ch/pub/packages/knock/knock-0.5-4.src.rpm
[root@localhost ~]# rpmbuild --rebuild knock-0.5-4.src.rpm
[root@localhost ~]# mv /usr/src/redhat/RPMS/i386/knock* /root
[root@localhost ~]# rpm -ivh knock*

Download the source file and compile, then install it


Step 2


[root@localhost ~]# vi /etc/knockd.conf


[options]
        #UseSyslog
        LogFile = /var/log/knockd.log
        Interface = eth0

[opencloseSSH]
        sequence      = 2222:tcp,3333:tcp,4444:tcp
        seq_timeout   = 15
        tcpflags      = syn
        start_command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport ssh -j ACCEPT
        cmd_timeout   = 30
        stop_command  = /sbin/iptables -D INPUT -s %IP% -p tcp --dport ssh -j ACCEPT
Modift the config file, we use the sequence port 2222:tcp,3333:tcp,4444:tcp to knock the program, if it is success, it will open port 22 in iptables for 30 seconds, then it close the 22 port.

Step 3

[root@localhost ~]# chkconfig knockd on
[root@localhost ~]# /etc/init.d/knockd start

Start the program and make auto-start for knockd


Step 4

In client side, we can use 'telent' in window or 'knock' program in window/linux to knockd server :

C:\ telnet 192.168.1.2 2222
C:\ telnet 192.168.1.2 3333
C:\ telnet 192.168.1.2 4444

[root@localhost ~]# knock -v 192.168.1.2 2222:tcp 3333:tcp 4444:tcp


We can check knockd.login knockd server for client side 'knock' status
Also can check the port 22 is open or not after client's 'knock' is success :

[root@localhost ~]# tail -n100 /var/log/knockd.log
[root@localhost ~]# iptables -L -n

Or download it via official website:
http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki


Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.