CentOS 5 Server :: Fail2Ban Is Up And Running - IPtables Rules Not Created
Nov 18, 2009
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
View 7 Replies
ADVERTISEMENT
Apr 27, 2011
I'm trying to open up some ports to connect via vnc to a server running Centos 5.5. I've edited /etc/sysconfig/iptables everything *looks* fine, but I still can't seem to get access to the port I've opened (I added some newlines for clarity between commands):
[Code]....
View 4 Replies
View Related
Jun 18, 2010
The following is my setup. wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3) as show above i have target board for that i have a wireless interface and a linux pc is connected to target board.now the ips are like this for linux pc 192.168.36.3 and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.but when i do the same from target board connected linux pc its not pinging from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1 .I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
View 14 Replies
View Related
Jan 20, 2011
I'm curious but recently I was troubleshooting some iptables rules to allow nfs clients access to my nfs server. What was strange was that I setup a tcpdump session on my nfs server so that I can see which ports were being requested. I ran several tcpdump sessions with the following filters in place.
tcpdump -vv src ip_of_client and dst _ip_of_client
tcpdump -vv src hostname_of_client and dst hostname_of_client
However, the only packet I ever saw come over the wire to me was the client host asking for a arp resolution. Anyhow, I finally just ran 'rcpinfo -p' and added those ports to my iptables rules and it worked great. However, I would like to understand how nfs works in case I need to troubleshoot it in the future. I do understand that nfs uses portmappers, would this explain the behavior?
View 1 Replies
View Related
Jun 30, 2009
i have just setup a firewall using iptables on centos 5.3 but there's an issue with ftp
i can connect and i can login when i give command "ls" it says entering passive mode
and afterwards it times out do you know why? i have port 21 open in my firewall but still....
View 4 Replies
View Related
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
View 1 Replies
View Related
Oct 24, 2010
I have set up a master DNS server at 192.168.50.9 and a slave DNS at 192.168.50.6. Both servers are BIND9.Machines are for testing/experimenting, hence the IP addresses. Initially, the zone transfer was blocked by the firewall on the master, as the slave uses randomly selected non-privileged ports for zone-transfer query. So, as far as I understand, there are two possible approaches:
1. Allow connections based on source, which should be
Code:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW,ESTABLISHED -s 192.168.50.6 --sport 1024:65535 --dport 53 -j ACCEPT
(and it works for me fine)
2. Allow ESTABLISHED and RELATED connections, which would be something like
Code:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
which was my initial idea but didn't work, but has inspired me to dig deeper into firewall configuration topics :).
Question: Does zone change notification message count for opening a dialog, or notification from master and slave zone update request are two absolutely separate actions? If the latter is true, that, of course, explains why option #2 didn't work.
View 2 Replies
View Related
Feb 17, 2010
We have setup a Exchange server at remote location and while testing I am facing following issue:
1. While configuring Outlook, it's not able to reach the exchange server which hosted at third party and is reachable from everywhere except my Local Network.
My Local network is as following:
Local Lan On Private subnet - Gate+Firewall(Iptables) with two interfaces(private and pubic)with natting-Internet Connectivity.
Where as Exchange server is setup at a Data Center and accessible from internet.
I need to know that what all rules are required for user's to configure outlook with Exchange 2010.
Rest of the things are working fine (Internet connectivity, Exchange OWA access).
View 4 Replies
View Related
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
View 6 Replies
View Related
Jul 12, 2011
i have hosted a web server on cent os 5.6.i need to write the rules for that server.1. 1st how can i flush the iptables ?
i used this command
iptables -F
iptables -X
[code]...
View 7 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Apr 16, 2011
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
View 2 Replies
View Related
Jan 8, 2010
I am booting centos 5.4 on machine. The system hangs at line "Applying iptables firewall rules".Is there any way to skip starting iptables service during boot or disable it during boot so the system finally reboots.
View 1 Replies
View Related
Feb 5, 2011
I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code:
wolfgang@Culture:/var/log$ fail2ban-client status
ERROR Unable to contact server. Is it running?
[code]....
View 2 Replies
View Related
Jan 3, 2011
After running iptables -F my server goes offline???
Isn't that suppose to flush the iptables, so it will allow all traffic?
View 7 Replies
View Related
Sep 9, 2010
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
View 3 Replies
View Related
May 22, 2011
I added a few rules to my /etc/iptables.rules file and then used sudo iptables-restore < /etc/iptables.rules but i got an error saying "iptables-restore: line 29 failed".But the only word on that line.
View 1 Replies
View Related
Sep 16, 2010
I am trying to program iptable rules for implementing a 1:1 NAT which does the following:
1. Forward all traffic from all ports on a public ip to a private ip
2. Forward traffic from a range of ports (x-->y) on a public ip, to a private ip
I did some google searches for the same, and came up with the following.
iptables -A FORWARD -t filter -o eth0 -m state
state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state
state ESTABLISHED,RELATED -j ACCEPT
View 15 Replies
View Related
Mar 31, 2011
Can someone please let me know strong iptables rules? Below entries are in iptables file.Here Y.Y.Y.Y is another branch public IP.This server acts as gateway+squid server.Further it will serve company's intranet page also using httpd.OS is CentOS 5.0.
View 1 Replies
View Related
Jan 27, 2011
I am setting my firewall rules using the command iptables.My question is i wanna know what command i can use that list rule 2 and 3 for instance in my table?i want to create rule that: The host is administered using SSH, scp and sftp so allow incoming SSH traffic and securing remote file copying and transferring.
View 2 Replies
View Related
May 3, 2009
When I use system-config-firewall, it asks what interfaces to trust. Where does it store that information for iptables (or whatever uses that info)? How iptables knows at what interfaces to use the rules?There is not that kind of information in /etc/sysconf/iptables and iptables-config.
View 2 Replies
View Related
Jul 9, 2011
what do the following two commands do? Do they modify the iptables rules in any way?
sudo /sbin/iptables -L -n
sudo /sbin/ip6tables -L -n
View 5 Replies
View Related
Mar 10, 2011
I need with some iptables rules. I've done all I can, Googling all over, to cover as many exploits as possible and the following script is what I've come up with. The current set up works and I've checked with NMAP. I just need some sort of confirmation that this is pretty much what I can do.
Code:
LAN="eth0 eth1"
RANGE=10.1.0.0/17
WAN=eth2
# Delete all existing rules
[code]....
Also, if I wanted a broadcast to be relayed to all subnets within a defined range, how would such a iptables rule look like? I need this in order to find a networked Canon MP640 printer.
View 1 Replies
View Related
Apr 7, 2010
I just install 1 firewall using Iptables.
Firewall includes 2 NIC:
NIC1 <IP PUBLIC>
NIC2 192.168.10.1
I installed 1 web server IP: 192.168.10.2
I have some PC IP range: 192.168.10.10->20
I set rules NAT on firewall and PC & web server can connect internet good, but I have problems:
When PC access to web server with IP 192.168.10.2 that ok, but PC can't access to web server when using IP Public. But outside internet, I can access to web server using IP Public.
Rules on IPTables
Code:
# Generated by iptables-save v1.3.5 on Sun Mar 7 21:01:16 2010
*nat
:PREROUTING ACCEPT [950:126970]
:POSTROUTING ACCEPT [89:5880]
:OUTPUT ACCEPT [19:1342]
-A PREROUTING -d 209.99.242.124 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.2:80
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT --to-source 209.99.242.124
*filter
:INPUT DROP [1599:157409]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [232:34452]
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d 192.168.10.2 -p tcp --dport 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT
View 2 Replies
View Related
Aug 25, 2010
I put together the following filter set :
Code:
#!/bin/sh
#To understand this script, reference the No Starch Press Linux Firewalls Book.
MODPROBE=/sbin/modprobe
IPT=/sbin/iptables
IPTSV=/sbin/iptables-save
IPT6=/sbin/ip6tables
IPT6SV=/sbin/ip6tables-save
### flush / drop policy sets
echo "[+] Flushing existing rules with DEFAULT of DROP [+]"
echo "[+] IPv4 [+]"
$IPT -F
$IPT -F -t nat
$IPT -X
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
echo "[+] IPv6 [+]"
$IPT6 -F
$IPT6 -F -t nat
$IPT6 -X
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP .....
###OUTPUT rules: LOG rule
$IPT -A OUTPUT -o ! lo -j LOG --log-prefix "DROPED OUTBOUND" --log-ip-options --log-tcp-options
I wanted to know how to allow certain applications through the outbound tables. For example, I wish to be able to use tools such as nmap,tracepath, and traceroute. However, I am not sure where to look to understand the ports to open. I was starting to think that maybe rather than ports to open it would need to be somehthing like tcp flags that would ned to be allowed. Any way, I have tried google and am still haing problems. I started wanting to use these tools due to getting ready for my network+ and security+ certs.
View 2 Replies
View Related
Jul 11, 2010
so the firewall rules I am currently using are displayed below.
Code:
# DROP ALL FORWARDED PACKETS
iptables -P FORWARD DROP # DROP ALL PACKETS
# ALLOW DHCP THROUGH THE FIREWALL
[code]....
View 6 Replies
View Related
Jul 19, 2010
I have been trying to figure out how to makes rules in iptables that expire after a certain amount of time. From what I have found online you want to use the recent module with --rcheck and --seconds. I have found a few examples and have given them a shot but I can't seem to get it right. Would anyone mind posting an example of a rule that will auto expire?
View 3 Replies
View Related
Feb 20, 2010
I've configured squid proxy server in a P4 desktop. I've 50 users in my network. I installed RHEL 4.4 (2.6.9-42 kernel) and the iptables version is 1.2.11-3.1. I've 2 NICs installed in the system. eth0 (192.168.100.99) for local lan and eth1 (192.168.1.2) for outgoing to internet. I've connected DSL broadband modem to eth1 (default ip of DSL modem is 192.168.1.1). All the clients except few has been forced to go through squid by user authentication to access internet. Those clients which were kept away from proxy are 192.168.100.253, 192.168.100.97, 192.168.100.95 and 192.168.100.165. Everything works fine but from last week I observed that one of some notorious user use the direct IPs (192.168.100.97 or 192.168.100.95) in the absense of the owner of these IPs to gain access to internet as we applied download/upload restrictions in squid.
I want to filter the packets of source hosts using MAC address in PREROUTING chain. I read somewhere that IPT_MAC module must be installed to make this happen. So that those notorious users can not change their ips to gain direct access to internet.
Below are the contents of my iptables file (I've ommited few entries for safty purpose).
# Generated by iptables-save v1.2.11 on Wed Nov 25 16:35:57 2009
*filter
:INPUT ACCEPT [14274:3846787]
:FORWARD ACCEPT [4460:1241297]
:OUTPUT ACCEPT [16825:4872475]
code....
View 9 Replies
View Related
Aug 23, 2010
I was wondering if there is a way to find out IP blocks based on a given region. I know there are IP Lookups that will tell you what Country and possibly City a given IP is from. What I want is the following:
- I would like to set up a IPTABLES rule that implements something like:
=> ALLOW VPN connections FROM THIS ISP/IP BLOCKS THAT ARE IN CITY XYZ
Basically, I want to limit my incoming VPN connections FROM my ISP in the surrounding area. So, for example, I can go to my friends house who also has the same ISP. I should be able to connect from his home to mine because we have 1) same ISP 2) IP blocks is confined to a particular local location.
View 1 Replies
View Related
Dec 30, 2010
I'm having some trouble with the configuration of the iptables. I want to setup a network server to serve as Fail Over (for my 2 ISPs), DHCP and DNS. I have 3 network cards, 2 connected to ISP's routers and 1 that serves as UPLINK for my switch.
I want to add some Iptables rules so I can achieve what I want to do. The problem is that the rules I try to use, they have to effect.... they don't load, here are the rules I am trying to add:
#iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j SNAT --to EXTIP
When I try to check to see if it loads, with the command:
#iptables -L
It returns empty
View 2 Replies
View Related