I have a strange problem with IpTables.after a server reboot, the complete rule-list of iptables is empty. After a manually start, all my old rules are there again.I checked chkconfig if autostart of iptables is enabled:chkconfig --list iptablesiptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
View 2 RepliesThis is my first use of Ubuntu, but I have previous decent experience on Centos & Mandriva. I've just installed Natty 11.04 on a box that was running a mandriva 2010 - and the network is acting quite strange. When I define a static IP for eth0 through the gui, along with route & dns, it sort of works: ssh is fine, vnc too. However, I have an asterisk running on the box, and it is wild: some packets get lost in the box.
An ngrep shows the packets reaching the interface, but they dont show in asterisk !!! I've done a ufw disable, iptables is empty (why cant I service iptable restart btw ?). ip route list show decent routes (eth0 default); When I switch to DHCP, it is better, but unstable... If i plug a wifi usb stick, it seems to be better... Is there some known issues that could explain this behaviour ? The nic is a: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller
Im new to fedora 11 and iptables, and i need to set the following set of instruction so VirtuaBox can accept request from lan, to the mailServer in the guest os, but after restart fedora i have to input it all again.How can it become permanent entry in iptables.
View 2 Replies View RelatedI have a CentOS 5.4 box that I am trying to set up as an OpenVPN server. So I modified the firewall by running the following script:
#!/bin/bash
#
# the following rules will flush out any existing chains
[code].....
I recently installed Ubuntu 10.10 on my machine. I logged in and installed a few programs like wine. Everything went fine until I rebooted. Now, after I log in, it gives me 2 error messages: One about how it could not update ICEAuthority or something
Another about how usr/lib/libconf2-4/gconf-sanity-check2 returned status 256. Then, something else pops up about how Nautilus can't find or doesn't have permission to write to home/user/Desktop and ome/user/.nautilus. I tried booting in recovery mode and did a dir on /home, but nothing showed up, which makes me think that they somehow disappeared or they aren't being shown.
Not earth-shattering, I don't suppose, but have noticed that since installing 11.3 (Fresh install, x64, DVD), the "Recently Used" list in the "Start(? Kicker??)" Menu, doesn't save applications through a reboot... ie, if I start Thunderbird, Open Office, whatever while logged in, these will then appear in the "Recently used" section of the menu, but then do a reboot, and the applications area in the recently used menu, will be empty. The "documents" area is fine, and shows stuff after a reboot, but not "applications"....
View 2 Replies View RelatedWhen I try something like, I get:
iptables -A FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
iptables: No chain/target/match by that name.
So I re-compiled the kernel enabling WAN Router, and all the subsections. Downloaded latest iptables, removed the RPM one, installed the iptables from source.. Guess what, same error!
PS: iptables -m u32 -h works, it displays a page of info.
I'm at my wits end at this point.
CentOS 5
iptables 1.4.1.1
APF 9.7
Webmin 1.4.80 (yes i can be a gui noob at times)
I'm currently running a dedicated server that hosts a couple of sites and runs a game server or two. I was using iptables on its own for a while, but recently I'm a target of all sorts of attacks (typically aimed directly at the gameserver on port 7777. UDP flood attacks, etc). I'm also seeing an spike in foreign spam, SSH brutes, and a few people in Turkey thought it would be cute to download files over and over and over I have decided to start banning entire countries, using the subnets listed here [URL]... I'm trying to block Central and South america (189,190,200,201.x.x.x), China, Ukraine, Turkey, Iran, Spain and Italy. I do this because a majority of the traffic from those areas are usually up to no good.
I installed APF so I could easily add these ranges in deny_hosts.rules and be done with it. I added the ranges, which turned out to be too many, and the system tanked. I decreased the amount of ranges to just 4:
189.0.0.0/8
190.0.0.0/8
200.0.0.0/8
201.0.0.0/8
Restarted APF and it loaded fine. Do an apf --list and iptables --list and it shows those 4 ranges as blocked. The only issue...I have people from 190.x and 200.x connecting to the gameserver and PLAYING. Its as if the firewall isnt there. Also, adding those ranges to /etc/hosts.deny (or whatever) doesn't block them either.
I add one of my own ips and I get blocked instantly. WTF?? I look in the iptables for webmin, and it shows an empty firewall. I do iptables --list and it shows the ranges I added in APF. I'm looking at building (or whatever its called) an fresh iptables with the geoip module added in. [URL]...
I've never done anything like this, and I don't want to kill the box. I also don't want to spend the effort if 1) something is wrong with my system to begin with and 2) the geoip module doesn't work. geoip module aside....how exactly should i configure the firewall? Empty iptables completely and then rely on APF for everything? Oh and heres another tidbit: I tried this before 2 years ago and it used to be that anything I put in APF would show when i looked at iptables using the webmin module. Thats no longer the case now. That was also on CentOS 4 when it did that. I don't know if moving to 5 is whats preventing it now.
In a nutshell, I'm new at this and I'm being inundated with terrible people trying to do terrible things and I'm ready to just give up. Can someone just give me a quick rundown on:
1) how to test that my firewall is actually firewalling
2) how I should configure the/a firewall on this CentOS5. Not too specific, I just want to know if I should empty iptables then load apf, should i not bother with APF (i like it when it works), is there a specific order of doing things?
The problem I am having is that iptables won't load the required modules for my firewall rules.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[code]....
I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
I'm trying to redirect the requests from port 80 to ports 8080 and 8081 through iptables because I've got two services which need accept requests from the same port(80):
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080-8081
The problem is that the second port (8081) never gets a request, just the first one.
How I add this " iptables -F " to my Servers boot I already asked this from my Provider, but it seams he forget each time I ask.
View 3 Replies View RelatedLoaded up Centos 5.5 final. Configured iptables to block regions of the world based on networks. An example would be:
-A INPUT -s 139.82.0.0/16 -j DROP
My /etc/sysconfig/iptables file contains about 10k entries like this. If I use this, the machine lags hardcore network wise.
I have the requirement that if our website receives 20 or more requests within 60 seconds, to block the offending IP address for 5 minutes, then allow them access again. My only certain mechanism to do this is iptables. I wrote the following series of commands:
iptables -N RATE_CHECK
iptables -N DOSAttack
iptables -N RemoveBlock
[code]...
I am limited in my testing, but the little I have been able to test seems to be having no effect. will the above commands have the desired effect.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI have CentOS 5.2 just installed and massively updated with yum -update command. Than I tried to configure firewall. After changes via system_config_securitylevel_tui (open ssh, http, ftp, and 3306:TCP ports) iptables service can't start with message
> /sbin/service iptables start
Flushing firewall rules: [OK]
Setting chains to policy ACCEPT: mangle filter nat [OK]
Unloading iptables modules: [OK]
Applying iptables firewall rules: iptables-restore v1.3.5: Couldn't load match `TCP':/lib64/iptables/libipt_TCP.so: cannot open shared object file: No such file or directory
Error occurred at line: 18
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
I erased the iptables service and installed it again with yum. How can I make this service work?
if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?
View 4 Replies View RelatedI'm encountering a known problem with IPtables. I set up rules and apply them, restarting firewall, then I get this message:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw nat mangle filter [ OK ]
Applying iptables firewall rules: [ OK ]
Loading iptables additional modules: ip_conntrack_ftp ip_conntrack_netbios_ns [FAILED]
I am new to iptables. The setup tool on a VPS doesn't work. So, I am learning to insert rules. I have inserted so many and some of them show as duplicates now.
1- I want to know how to remove the duplicates. Is there a file that these rules are store in so I can go in and easily edit it?
2- Is there any other utility that handles firewall in Linux that I am unaware of? or is the iptables the ultimate door guard? This is a plain install of CentOS.
3- Since I believe I opened port 5090 but I think it still might be blocked, could SELINUX be the problem? How can I get my way around setting it to permissive or disable if I don't have access to "setup" command?
4- What is the order of iptables reading? does rule #1 supersede all other rules? or does the last rule supersede all rules prior to it?
5- Do the rules below make a fairly safe system? (except for the duplicates which should be remove) I understand that a safe system is dependent also on the applications that are allowed in this category and I am not talking about those. I am talking about dropping all other inquiries and in general is this how iptables are setup? This is what I currently have:
[root@tel ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
[Code]...
I ran iptables save but on a server reboot it just loads the default firewall config. how I can get it to load and flush my custom iptables script on reboot?
View 1 Replies View RelatedI am using centos 5.3 , and also using webserver in local network
Here is all configuration
1, server
eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1
2, webserver
eth0 10.0.0.2
I want set iptables on server 1 , to acces webserver from other city ,
How to configure iptables
I'm trying to open up some ports to connect via vnc to a server running Centos 5.5. I've edited /etc/sysconfig/iptables everything *looks* fine, but I still can't seem to get access to the port I've opened (I added some newlines for clarity between commands):
[Code]....
I am trying to follow the info on Getting IPTables to survive a reboot. Everything works until I reboot but the script does not run when linux starts. The article says to create a script so ifupdown loads these rules on boot:
Code:
echo "#!/bin/sh" > /etc/network/if-up.d/iptables
echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables it put what I think is a symlink in if-upd but iptables still does not survive reboot.
i am currently trying to install vsFTP onto my new linux server and btw i just started using linux today this is my first time using linux so i got the ftp installed good it got downloaded and everything then i went to open a port for my server for vsFTP i used this comand to open it "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT" then i closed it by pressing ESC then :wq! and it brought me back to my comand line again so now when i try to start the ip table thing with the comand "service iptables start" then when i execute that comand putty respondes with this "Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]"
The install Guide im using: [URL]
I have a server running Fedora 6, which I wish to upgrade to Centos 5.4. This will be a lengthy switch over because of all of the apps I need to convert etc. As a precaution, I would like to keep my old Fedora running as multiboot. I have a boot partition, a fedora partition (root), and an empty partition for Centos.
Can I run the Centos installer and direct it to install onto the empty partition (I don't care if it formats it)BUT only add to the boot partition (not reformat it).? I don't want to lose the kernels/images on the boot partition, and from what I've seen most installers wipe out the boot partition prior to adding their own files.
My X-windows *server* is a Cygwin box. I installed the entire X11 packages. on the centos machine, I installed xterm and emacs.xterm comes up fine and the characters in the window are fine.with emacs, the characters in the windows are empty boxes.Do I need to install some things on the centos end to get the characters to render?
View 1 Replies View RelatedI was checking my server and found a /net directory with nothing visible inside. The mysterious directory is /net and I checked to make sure nothing was mounted to it:
[root@mysql /]# mount
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
CentOS amd64 fresh installed two weeks ago. Turned off nightly per company policy. Turned on this morning, logged in, started firefox, surfed a bit, minimized, and then noticed that the bottom toolbar is empty except for the trashcan in the far right end. No alternate desktops, no minimized firefox screens, nothing.
View 3 Replies View RelatedI am an old days RH release user(from 6.x) and just switching back from Debian/Ubuntu to CentOS on some servers, but I can not understand the kernel update strategy currently enabled in CentOS.There are two boxes, with almost identical installation, but recently there was an auto update of kernel on one box. This auto update also seems to issue an auto reboot on the machine, which is unacceptable on server machines.
View 2 Replies View RelatedI am trying to mount a samba share using an fstab entry
//srv1/Corporate /winfiles cifs user,uid=0,rw,noauto,suid,credentials=/root/wnmount_credentials.txt 0 0
The mount appears to complete cleanly, however when I browse the directory /winfiles it is always empty.The smbclient command works properly using the same credentials.The /root/credentials file looks something like this
username=********
password=********