When I try something like, I get:
iptables -A FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
iptables: No chain/target/match by that name.
So I re-compiled the kernel enabling WAN Router, and all the subsections. Downloaded latest iptables, removed the RPM one, installed the iptables from source.. Guess what, same error!
PS: iptables -m u32 -h works, it displays a page of info.
i'm having a weird issue on 10.04. I have a bash script I wrote to drop incoming connections that are faster than a specified rate (6 per second in the example). I've been using the script successfully on 8.04LTS and CentOS for 2-3 year but it doesnt seem to work on 10.04
Code:
INTERVAL="2"
HITCOUNT="6"
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --set
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --update --seconds $INTERVAL --hitcount $HITCOUNT -j DROP
my problem is following: I'm running a bridged OpenVPN on my Debian. If the service is running, everything works fine: local and Internet, ftp, mailing from in and outside etc. But, when stopping OpenVPN, sending mails from inside (LAN) fails: I cannot reach smtp (postfix) listening on port 465. And even reaching mailboxes using IMAP gets horribly slow eg. in Thunderbird. Here is my firewall.sh script.
Quote:
#!/bin/sh
echo "
IPTABLES FIREWALL inicializalasa - szures"
# Enter the designation for the Internal Interface's
INTIF="eth0"
[Code].....
I am using putty in my windows machine to access my Linux server terminal.
Code:
Putty works fine if I disable my Linux IPTABLES. My Windows machine IP is 192.168.1.249
Linux server IP address is 192.168.1.200 I don't know how to allow it through IPTABLES.The port which putty is using is 22.
I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:
Code:
# Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011
*nat
:PREROUTING ACCEPT [2443:347058]
[Code]...
Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.
I'm trying to build a firewall with IPTables: INTERNET <--------> (eth0) FIREWALL (eth1) <------------->FTP_srvI set all rules DROP by default.My rules for forwarding packet to FTP server:
#iptables -t nat -A PREROUTING -i eth1 -d $FIREWALL_EX_ADDR -p tcp --dport 21 -j DNAT --to-destination $FTP_ADDR:21
#iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]....
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
I have a strange problem with IpTables.after a server reboot, the complete rule-list of iptables is empty. After a manually start, all my old rules are there again.I checked chkconfig if autostart of iptables is enabled:chkconfig --list iptablesiptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
View 2 Replies View RelatedI'm at my wits end at this point.
CentOS 5
iptables 1.4.1.1
APF 9.7
Webmin 1.4.80 (yes i can be a gui noob at times)
I'm currently running a dedicated server that hosts a couple of sites and runs a game server or two. I was using iptables on its own for a while, but recently I'm a target of all sorts of attacks (typically aimed directly at the gameserver on port 7777. UDP flood attacks, etc). I'm also seeing an spike in foreign spam, SSH brutes, and a few people in Turkey thought it would be cute to download files over and over and over I have decided to start banning entire countries, using the subnets listed here [URL]... I'm trying to block Central and South america (189,190,200,201.x.x.x), China, Ukraine, Turkey, Iran, Spain and Italy. I do this because a majority of the traffic from those areas are usually up to no good.
I installed APF so I could easily add these ranges in deny_hosts.rules and be done with it. I added the ranges, which turned out to be too many, and the system tanked. I decreased the amount of ranges to just 4:
189.0.0.0/8
190.0.0.0/8
200.0.0.0/8
201.0.0.0/8
Restarted APF and it loaded fine. Do an apf --list and iptables --list and it shows those 4 ranges as blocked. The only issue...I have people from 190.x and 200.x connecting to the gameserver and PLAYING. Its as if the firewall isnt there. Also, adding those ranges to /etc/hosts.deny (or whatever) doesn't block them either.
I add one of my own ips and I get blocked instantly. WTF?? I look in the iptables for webmin, and it shows an empty firewall. I do iptables --list and it shows the ranges I added in APF. I'm looking at building (or whatever its called) an fresh iptables with the geoip module added in. [URL]...
I've never done anything like this, and I don't want to kill the box. I also don't want to spend the effort if 1) something is wrong with my system to begin with and 2) the geoip module doesn't work. geoip module aside....how exactly should i configure the firewall? Empty iptables completely and then rely on APF for everything? Oh and heres another tidbit: I tried this before 2 years ago and it used to be that anything I put in APF would show when i looked at iptables using the webmin module. Thats no longer the case now. That was also on CentOS 4 when it did that. I don't know if moving to 5 is whats preventing it now.
In a nutshell, I'm new at this and I'm being inundated with terrible people trying to do terrible things and I'm ready to just give up. Can someone just give me a quick rundown on:
1) how to test that my firewall is actually firewalling
2) how I should configure the/a firewall on this CentOS5. Not too specific, I just want to know if I should empty iptables then load apf, should i not bother with APF (i like it when it works), is there a specific order of doing things?
The problem I am having is that iptables won't load the required modules for my firewall rules.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[code]....
I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
I'm trying to redirect the requests from port 80 to ports 8080 and 8081 through iptables because I've got two services which need accept requests from the same port(80):
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080-8081
The problem is that the second port (8081) never gets a request, just the first one.
How I add this " iptables -F " to my Servers boot I already asked this from my Provider, but it seams he forget each time I ask.
View 3 Replies View RelatedLoaded up Centos 5.5 final. Configured iptables to block regions of the world based on networks. An example would be:
-A INPUT -s 139.82.0.0/16 -j DROP
My /etc/sysconfig/iptables file contains about 10k entries like this. If I use this, the machine lags hardcore network wise.
I have the requirement that if our website receives 20 or more requests within 60 seconds, to block the offending IP address for 5 minutes, then allow them access again. My only certain mechanism to do this is iptables. I wrote the following series of commands:
iptables -N RATE_CHECK
iptables -N DOSAttack
iptables -N RemoveBlock
[code]...
I am limited in my testing, but the little I have been able to test seems to be having no effect. will the above commands have the desired effect.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI have CentOS 5.2 just installed and massively updated with yum -update command. Than I tried to configure firewall. After changes via system_config_securitylevel_tui (open ssh, http, ftp, and 3306:TCP ports) iptables service can't start with message
> /sbin/service iptables start
Flushing firewall rules: [OK]
Setting chains to policy ACCEPT: mangle filter nat [OK]
Unloading iptables modules: [OK]
Applying iptables firewall rules: iptables-restore v1.3.5: Couldn't load match `TCP':/lib64/iptables/libipt_TCP.so: cannot open shared object file: No such file or directory
Error occurred at line: 18
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
I erased the iptables service and installed it again with yum. How can I make this service work?
if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?
View 4 Replies View RelatedI'm encountering a known problem with IPtables. I set up rules and apply them, restarting firewall, then I get this message:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw nat mangle filter [ OK ]
Applying iptables firewall rules: [ OK ]
Loading iptables additional modules: ip_conntrack_ftp ip_conntrack_netbios_ns [FAILED]
I am new to iptables. The setup tool on a VPS doesn't work. So, I am learning to insert rules. I have inserted so many and some of them show as duplicates now.
1- I want to know how to remove the duplicates. Is there a file that these rules are store in so I can go in and easily edit it?
2- Is there any other utility that handles firewall in Linux that I am unaware of? or is the iptables the ultimate door guard? This is a plain install of CentOS.
3- Since I believe I opened port 5090 but I think it still might be blocked, could SELINUX be the problem? How can I get my way around setting it to permissive or disable if I don't have access to "setup" command?
4- What is the order of iptables reading? does rule #1 supersede all other rules? or does the last rule supersede all rules prior to it?
5- Do the rules below make a fairly safe system? (except for the duplicates which should be remove) I understand that a safe system is dependent also on the applications that are allowed in this category and I am not talking about those. I am talking about dropping all other inquiries and in general is this how iptables are setup? This is what I currently have:
[root@tel ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
[Code]...
I am using centos 5.3 , and also using webserver in local network
Here is all configuration
1, server
eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1
2, webserver
eth0 10.0.0.2
I want set iptables on server 1 , to acces webserver from other city ,
How to configure iptables
I'm trying to open up some ports to connect via vnc to a server running Centos 5.5. I've edited /etc/sysconfig/iptables everything *looks* fine, but I still can't seem to get access to the port I've opened (I added some newlines for clarity between commands):
[Code]....
I am trying to set up an unused machine as a web server for my students.
I originaly tried with Redhat 9 and had the same problems. I am using an HP Pentium 4 system with 2 network cards.
1) The built in Realtek RTL8139 configured as eth0.
2) An add in Broadcom BCM5782 Gigabit card that was added I presume when the built in card failed (we have a number of machines like this around the school), configured as eth1.
I did not realize the second card was installed when I had Red hat 9 on the system, but I discovered it after installing centos 5.5. I have tried to configure the system to use DHCP with and without getting the DNS from the provider, and both ways the system complains that there is no connection, check the cable, so it will not activate the device.
When I configure the device to use a fixed IP, I can configure the device, but I can't ping anything on the network other than myself. I suppose it is possible that both network cards have failed, but I get green link lights with both cards, when I connect them to my router, so I am at a loss as to why neither board seems to work. I don't have a spare network card to slide in because the computer takes a special mini card. Is there an easy way to test the board to see if the board is a problem?
I have a Centos 5.2 VM running under Windows 2008 Hyper-V. If I add two "legacy Nic's" and bridge them, everything appears to work fine. However, if I remove the legacy nics and replace them with two synthetic nics (linux integration components), the nics seems to function fine UNTIL I add them to a bridge.This VM will eventually be used as a DansGuardian/Squid transparent proxy for a local library. The logical layout is represented by the attached jpg image. I have also included the ifcfg- scripts for the adapters and bridge for both scenarios.It would also be useful if someone else has Hyper-V with the integration components and dual physical nics to see if they can reproduce my symptoms on their box.Legacy Adapters:
ifcfg-br0:
DEVICE=br0
BOOTPROTO=dhcp
[code]....
This will be a little long (having read Phil's 'how to ask questions' FAQ). I'm trying to get OpenVPN working between my CentOS server and some Windoze laptops running XP. There seems to be plenty of sample
config files available, but to date, none of them have worked for me. Pulling out my trusty Wireshark, I've found some clues,
BACKGROUND:
My local subnet (NAT'ed by my gateway router) is 192.168.52.x. My router has been configured with a conduit (port-forward) for port 1194 (the standard OpenVPN port), which points towards my CentOS server.The CentOS server is .52.112, and the supplicant is .52.110. I have tried the lient both inside and outside my local subnet, with no difference in events or outcomes.
[Code]...
i am currently trying to install vsFTP onto my new linux server and btw i just started using linux today this is my first time using linux so i got the ftp installed good it got downloaded and everything then i went to open a port for my server for vsFTP i used this comand to open it "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT" then i closed it by pressing ESC then :wq! and it brought me back to my comand line again so now when i try to start the ip table thing with the comand "service iptables start" then when i execute that comand putty respondes with this "Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]"
The install Guide im using: [URL]
I have just installed CentOS 5, and am new to Linux. So I don't know much about the terminal commands or much of anything else for that matter.
I'm able to get online when I plug an ethernet cable directly to the computer, but cannot get it to recognize my wireless(which I do have the drivers for, and did work previously on Windows).
The card is a Linksys WMP54GS.
I downloaded ndiswrapper-1.54 but still cannot figure out how to get this to run. As I said, I'm new, so I'm not sure what information other than that to provide, and how to access it, so you may have to guide me through that.
I installed CentOS 5.3 Final on a machine today and was having some problems with the NIC. When I installed CentOs the NIC would not work, I looked in the network configuration and saw that neither of my two NICS had IRQ's so I arbitrarily gave them some and they both worked fine. I then ran yum -update, installed updates and rebooted my machine. Again, the NICs stopped working, only this time setting the IRQ did nothing. I did some googling and found this thread: [URL] The output from the first two commands is as follows:
[root@localhost ~]# uname -rmi
2.6.18-128.1.10.el5 i686 i386
[root@localhost ~]# /sbin/lspci | grep ther 05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) 05:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) I followed the steps outlined and my issue still remains.
im new at centos and i can't get my wireless to work. how do i get it to work?
View 7 Replies View RelatedI have been a loving fan of your software for years now and have been trying to move into a new dedicated server, getting away from my VPS I have been anchored to. I had to change static ip's on my main internet line and thus got locked out of my server. I have the box here and I can console into it but I cannot get the new ip address to work. I have tried so many things it would waste more time than asking for the correct answer.
I know you are wise in the ways of the server as you have gotten me out of a jam in the past. I am currently running Centos 5.4 and a trial version of WHM/cPanel (which needs to be re-registered to the new address if I can ever get back online.)