Debian Configuration :: Adding New Rule To Iptabels?
Nov 16, 2010
firewall server which runs on Debian and then theres windows 2003fileserver. On this machine runs as well SQL server. Letssay it listens to port 1000. From other windows machines I want to connect to this Sql server which holds library database for users. But the connection cant be made. Possible error that firewall Debian machine want let the packets through.So how to I add a rule into iptabels (what file to open and edit?) So that all localconnections to the server lets say which is 192.168.0.2 and the firefall machine is 192.168.0.1 go through! So the connections allowed would be 192.168.0.3-255. How is it safe to do and how will it look like? Sql server uses TCP/IP connection. Heres what I found from web, I think this may be the right rule, but how i modify it correctly.iptables -A INPUT -p tcp -s 0/0 --sport 1000 -d 192.168.0.2 --dport .........? -m state --state NEW,ESTABLISHED -j ACCEPT
View 1 Replies
ADVERTISEMENT
Sep 17, 2015
i'm trying to install driver for some PCI device but i have problems with it - when i run it it gives me an error
Code: Select allmake: Entering directory `/lib/modules/2.6.32-5-686/build'
make: *** No rule to make target `modules'. Stop.
make: Leaving directory `/lib/modules/2.6.32-5-686/build'
i've tried to find solution in internets but have no success usually they say that problem is that ppl forget to download kernel-headers and kernel-sources or unpack kernel-sources or make symlink usr/src/linux but i've done it all and the result is the same.i think the root of problem is that `/lib/modules/ 2.6.32-5-686/build' folder is empty but there have to be this RULE, so what i have to do to have it there? my system is Debian 6.0.10 Squeeze, Kernel 2.6.32-5-686.
View 2 Replies
View Related
Apr 25, 2016
I'm trying to configure auditd to monitor "strange" events with apache2 weberver on Wheezy (though same problem occurs on Jessie), tried both with "vanilla" 3.2 and backports 3.16 kernel I am actually using.
Here's auditd rules I have problem with:
Code: Select all-a exit,never -F arch=b64 -S stat -F path=/var/www/server-status -k web
-a exit,always -F arch=b64 -S stat -F uid=www-data -F success=0 -k web
So to recap, I want to log stat syscall failures for www-data user, but excluding some "known" issues, such as that "/var/www/server-status" (after a2enmod status, /server-status path can be accessed for statistics, though apache2 still tries to find physical file for that path and fails).
But the problem is.. excluding does not work.
Here's "auditctl -l" output:
Code: Select all# auditctl -l
LIST_RULES: exit,never arch=3221225534 (0xc000003e) watch=/var/www/server-status key=web syscall=stat
LIST_RULES: exit,always arch=3221225534 (0xc000003e) uid=33 (0x21) success=0 key=web syscall=stat
But when I execute:
Code: Select all# wget -O - http://localhost/server-status
audit.log appears:
Code: Select alltype=SYSCALL msg=audit(1461591557.077:365): arch=c000003e syscall=4 success=no exit=-2 a0=7f1bedab9358 a1=7ffef316ac20 a2=7ffef316ac20 a3=7f1bedab91f8 items=1 ppid=2398 pid=2451 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/lib/apache2/mpm-prefork/apache2" key="web"
type=CWD msg=audit(1461591557.077:365):Â cwd="/"
type=PATH msg=audit(1461591557.077:365): item=0 name="/var/www/server-status" nametype=UNKNOWN
type=UNKNOWN[1327] msg=audit(1461591557.077:365): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
So, syscall=4 (stat) is still captured. Looks like "path" is known for auditd, but not excluded.
I've tried various rule combinations, for example simpler, more generic one:
Code: Select all-a exit,never -F path=/var/www/server-status
But it's the same.
Sadly man audit.rules and man auditctl does not have "exit,never" examples, only some (sometimes also similarly unsuccessfull) google results.
Could it be that Debian kernel does not support some audit features?
View 1 Replies
View Related
Apr 19, 2011
I have a trayless SATA hotswap bay that is really terrific for quickly attaching and removing SATA hard drives. I'm trying to write a udev rule to create a symbolic link to the device node for the drive that is attached through the hotswap bay (/dev/bay -> /dev/sdX). This eliminates any ambiguity when performing destructive tasks (fdisk, etc). I'm running squeeze amd64. I've read through several tutorials and have it working somewhat. Here's the output of udevadm info for a drive attached via the hotswap bay.
looking at device '/devices/pci0000:00/0000:00:11.0/host7/target7:0:0/7:0:0:0/block/sdb':
KERNEL=="sdb"
SUBSYSTEM=="block"
DRIVER==""
ATTR{range}=="16"
ATTR{ext_range}=="256"
ATTR{removable}=="0"
ATTR{ro}=="0"
ATTR{size}=="156301488"
ATTR{alignment_offset}=="0"
ATTR{capability}=="52" ....
Here is my udev rule
DEVPATH=="/devices/pci0000:00/0000:00:11.0/host7/*", SUBSYSTEM=="block", SYMLINK+="bay%n"
This produces the desired behavior and gives me an fdisk-able device node. The problem I am having is that the "host" component of the DEVPATH varies from bootup to bootup. I'm just using on onboard SATA, host2-7, specifically host7. There is also onboard PATA, host0-1. It seems to just be random which "host"s are assigned to which controller. For example, the next time I boot the system, the onboard SATA will be host0-5 and the onboard PATA will be host6-7. In this simple case, I could just write 2 rules, one for each possibility and it would still be correct because of the different PCI addresses of the two controllers. But on systems with more SCSI (uh... libata, actually) controllers, a "host" file can point to different physical ports between bootstraps. This would be bad. Does anyone know of a way to write a rule to tie a device node to a specific physical SATA port on the motherboard/hba?
View 1 Replies
View Related
Mar 4, 2011
This is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
View 1 Replies
View Related
Nov 4, 2010
I have added a 10 Mbps network card to my SGI O2 MIPS workstation running Debian Lenny running the 26-2 kernel. The workstation already has an onboard NIC which is working fine.(eth0).
lspci -v shows ths card as:-00:03.0 Ethernet controller: Compex ReadyLink 2000 (rev 0a) Flags: medium devsel, IRQ 18 I/O ports at 1800 [disabled] [size=32] Upon googling I found out that this card is an NE2000 clone. I downloaded the latest 2.6.36 kernel sources and did the following:-
1. Make Menuconfig
2. Loaded an alternate kernel config file (my working kernel config file)
3. In DeviceDrivers->Network device support->Ethernet (10 or 100 Mbit)
I selected ASIX AX88796 as the help associated with this showed it as an NE 2000 clone. configured it to be a module and did make, make_modules and make_install. Edited /etc/Modules to load ax88796 and added an alias eth1 ax88796 to this file. copied the new kernel to the /boot and did a reboot, the machine booted up fine and udev -r showed the 2.6.36 kernel and lsmod showed ax88796 loaded. But, Iam not able to bring up eth1 using:-
ifup eth1
The error messages given are:-
SIOCSIFADDR: No such device
eth1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
[Code]...
View 1 Replies
View Related
May 3, 2010
I want to be able to have two x terminals at a time, one for the graphical login, and one for miscellaneous 'startx's by tty users. How can I do this? Can I do this?
View 3 Replies
View Related
Jun 22, 2011
I just installed Debian 6 squeeze on a P3, 632 MB RAM, 20 GB HD, and am trying to get it on-line. Ran lspci and lsusb on it (advice from another forum). Got the following results:
[Code]....
Exactly what I am trying to do: Existing network is as follows: Comcast internet to cable modem to Belkin N Wireless Router Model F5D 8236-4 v3. That router is wired to one desktop (running Windows XP)and has 4 wifi notebooks (two running Windows 7 and two running Mint 9 Isadora) and two Wii consoles running off of it. I am seeking to add another desktop to the network in another room without having to drill some holes and run about 40 feet of cable. Seems like it shouldn't take much to get the two routers to "talk" to each other so I can do this. The router I am trying to hook to it is either a Belkin F5D 9230-4 wireless router or a NetGear N150 WNR1000 v2 Wireless router.
View 6 Replies
View Related
Jan 21, 2016
After adding the backports from 8/Jessie to a 7/Wheezy sources.list and running aptitude update, I get these odd error messages. What is going on?
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: You may want to run apt-get update to correct these problems
View 3 Replies
View Related
Jul 26, 2011
I am currently running a Debian 4.0 (etch) PC and I can't upgrade to a newer distribution for legacy software reasons.
It is currently running on Kernel 2.6.18-4-686 and I would like to upgrade it to Kernel 2.6.22-3-686 (whilst keeping my current Debian 4.0 Etch installation). Does anyone know how this could be possible?
Prefereably I would like to instal Kernel 2.6.22-3-686 along side my current Kernel 2.6.18-4-686 with the option to specify which kernel to use when booting.
View 6 Replies
View Related
Feb 24, 2016
I'm trying to setup a PXE server with Jessie. I've got the basic setup working by following the steps at [URL] .... That part was really easy. I would like to make the process as automated as possible and then add Win7/10 to the system as well.
The first hurdle I've come across is the fact that netboot downloads everything off the repositories. This has the potential to use up a lot of bandwidth and I would like to avoid this if possible. The first idea I came across was to create a local mirror, this way not only will I be installing everything off the LAN but I'll also be getting all the updates for my systems off the LAN too. I wasn't too keen on this. The other option that I read about was to use the debian ISOs instead.
What I have tried is to copy the Debian ISO to /var/www/html/debian
Then, when my boot via the pxe, i set the option to manually select a repository and then i type in the IP address for my webserver for the address and type in /debian for the mirror directory.
However it breaks at this point. I get a message saying "Downloading a file failed"
I would prefer the as much of the install to come from the ISO as possible to keep bandwidth usage to a minimum.
For Win10, I read that I have to use an AIK to build the Winpe and then boot that. Then I can load the Windows10 ISO via nfs through Winpe.
pxelinux.cfg/default
Code: Select allroot@DHCP:/srv/tftp# cat pxelinux.cfg/default
UI menu.c32
TITLE PXE Test Boot
LABEL Debian 8
  kernel linux
  append vga=normal preseed/url=http://192.168.0.254/debian/preseed.txt initrd=initrd.gz --
LABEL Windows 10
  kernel ??
  append ??
LABEL HardDrive Boot
 Â
This is a preseed I have setup so far
Code: Select all#### Contents of the preconfiguration file (for jessie)
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US
[Code] ....
View 0 Replies
View Related
Jun 10, 2011
I'm building a Debian based router, I want to add to this router a mail service function. I don't want mail to be sent outside of the network, what I want is the ability for services to send mail to the Debian server and for me to then pick them up from this server via pop3 into my normal mail application. Given I'm not looking for mail to be sent outside of the network and its strictly for services to log notifications via. What of the various mail applications should I setup? i.e. just looking for SMTP + POP3 internally.
View 5 Replies
View Related
Apr 21, 2011
Is there an easy way to add SATA drives to an existing system and have them m automatically at boot?So far I've been able to create a partition and format but they never mount at boot.What do I have to put in fstab so it will work?Also, since RAID doesn't work in Debian, is it possible to make two drives mount at the same folder
View 3 Replies
View Related
Jul 16, 2010
Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
View 9 Replies
View Related
May 18, 2011
I have googlled and get these commands to install extracted .tar.gz file such as ./configure, make and make install, after extraction it becomes a directory called eclipse. But when i giving these commands also i got error like this
[Code].....
View 2 Replies
View Related
Mar 14, 2011
I have an old version of DSL installed, followed by XP. On a further partition I installed Debian 6. Installation of Debian went smoothly, including the final detection of the other two OS for Grub. I had expected that the Debian-version of Grub would override/overwrite the one that came when I installed DSL.
It did not - when I boot, Grub comes up with the old DSL menu, in which Debian is not included.
From what I've been reading about Grub, there's two "fases", first in MBR, that points to the second part where the actual boot-commands are given, in my case stored in DSL.
When I open the Grub config-file in Debian, both DSL and XP are correctly listed.
Now I'm not sure what to do - I'm a bit hesitant to try and point grub-fase-1 to Debian (if I can write the correct lines at all, I'm very insecure on that) - if that fails, I cannot boot at all. But I'm not really sure either how to formulate a new rule in the DSL-grub, to make Debian boot from the existing menu.
View 9 Replies
View Related
Mar 5, 2011
Is it possible to add menu entries for older kernels to boot instead of the latest?
I have tried this in Ubuntu 10.04 and it hasn't worked.
This used to be possible with ease in grub legacy.
I copied the current menu entry from /boot/grub/grub.cfg and pasted it in the /etc/grub.d/ 20_custom file.
Then I changed the kernel number to the older kernel number and the initrd number too. #update-grub puts this entry into 'grub.cfg', but it doesn't work.
I get:
The old kernel is in /boot as well as the respective initrd and config files.
View 1 Replies
View Related
Nov 18, 2010
I am having no luck configuring ProFTPd on a Debian Lenny production server we use to host our MySQL databases and a few websites. I had originally set it up so I could login and manage our internal sites, but I have the need to allow a few clients in to access their sites that we host. I am trying to root the users in their site directory, which would be "/sites/www.whatever.com/".
It just hit me while typing this. Is it possible to create a user without a shell to prevent login via SSH and set the home folder to /sites/whatever instead of /home/username? That would allow me to continue operating with my current configuration and root them in their site while preventing SSH logins.
View 6 Replies
View Related
Jul 20, 2011
i have a HP MSA 2312fc SAN with 2 LUNs configured. The first LUN (LUN ID 1) is correctly connected to the system, but when i connect the second LUN (LUN ID 30), i find in the syslog this message: multipathd: 8:64: size 6835937472, expected 5267578112. Discard
Here is the multipath.conf
[Code]....
So I correctly see the two luns, but multipath doesn't create the relative devices. Under /dev/mapper I see: control mpath0 mpath0-part1 mpath0-part1 is the first lun, the one I mounted in a directory under filesystem. I can't find the device for the second lun
View 1 Replies
View Related
Apr 5, 2010
I am *finally* getting around to rebuilding my file-sharing computer. I'll be sharing files with both Linux and Windoze machines. It's a home network, so there's nothing fancy needed. I know I have to tweak my smb.conf file until I'm satisfied with the features and security. I'm using SWAT and I'm starting with a bare-bones conf file. It's not secure but I can see the server and selected files/directories from my other Linux box.
My really dumb question is, do I have to reboot both the server and the client machines every time I change the SAMBA configuration? I thought I just had to stop and restart the SAMBA service in the SWAT software - but then the server disappears from my client. It looks like I need to reboot both machines for the client to see the server.
View 1 Replies
View Related
Aug 23, 2011
I have some errors when run the mount -all command: mount: wrong fs type, bad option, bad superblock on /dev/sdc5, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so Failed to open /proc/filesystems: No such file or directory
[Code]..
View 14 Replies
View Related
Aug 3, 2011
I have a PC104 running debian. I have 3 hard drives (in addition to the one booting) mounted in fstab by UUID. I use the options defaults,error=remount-ro. However, this means that when I boot with the hard drives not attached, I have to press Ctrl-D to bypass when the boot discovers the drives are missing. Is there a timeout commandoption I can add to fstab so that it automatically continues booting even if the hard drives are not attached? I could not find anything on a timeout command. (I tried adding timeout=1000 but no-random guess)
View 5 Replies
View Related
Mar 19, 2011
A week ago I opened this thread viewtopic.php?f=17&t=61580 in "Board index ‹ Help ‹ Installation" and asked for a moderator to move this to here. Because it hasnt happened up to know, I am reopening the thread here. It would be reeeeally great if somebody could help me with my problem!
I own two computers, one netbook and one laptop. I want to boot my netbook as a diskless client via PXE.I set up a dhcp-, tftp and nfs-server on my laptop but when i boot my netbook, the follwoing messages are displayed:(to make it more clear, i uploaded the whole output and shortened the output below)
[Code]...
View 1 Replies
View Related
Jul 31, 2011
I am using Squessze and Gnome. When I try to use the gui System>Administration>Network or Users and Groups I get the error The configuration could not be loaded. You are not allowed to access the system configuration.Everything was working before. I read around a bit. In some cases,it was caused by mismatching group and password files after using the gui. I do not know how to check if they are matching. Of course I do not know for sure that is the problem in my case.
View 14 Replies
View Related
Mar 5, 2010
I use apache2 with virtual host and I 've a solution of Webftp who run on it. This solution send automatically email when a new client register himself. In the header of the mail I look this "Content-type: text/html". But when I look this mail with Outlook 2007 the accents are bad coding.It's a script who generate this Html content email.
View 1 Replies
View Related
Jun 17, 2010
I am working on a Debian 2.6.26-19 Distribution with exim4 as MTA. After a system restart a problem occurred with delivering emails to local addresses. These local addresses use a 1and1 mailserver for email. The MX records for the local domain are set correctly but exim does not use a DNS lookup for these addresses because it identifies them as local addresses. I figured this out by executing the exim4 -d -bt command. The dns lookup part of the result looks like this (I replaced the actual address with placeholders):
[Code]....
The eventual result of the exim4 -d -bt command is: [user]@[domain.ext] is undeliverable: Unrouteable address How can I make sure, that exim4 makes a DNS lookup for the local addresses instead of skipping it? I know that I have to edit a exim4 configuration file, but I could not figure out which and how.
View 1 Replies
View Related
Jul 6, 2010
I have a set of vm's with stable, testing, and sid to keep track of how things are going. When I did an apt-get dist-upgrade with squeeze last week, things seemed to OK (350 package updates) until the end. It didn't seem to like and / or was confused by a kernel dependency.
I am not too concerned yet. Because these are in vm's, I do a snapshot before any significant change. I can futz around with impunity because I have that backup.
I re-booted, and tried the apt-get dist-upgrade again with same results. I think I also tried apt-get -f install.
So I reverted to the snapshot, and will simply try again in the future. I recall that with lenny as testing, the font-desktop was really screwed up for about a period of 6 weeks.
However, just in case someone else runs into this:
1) a re-boot worked, but the failure of apt-get made me nervous enough to revert.
2) waiting for corrections has seemed to work in the past (with a single exception with a 4-disk SCSI software RAID10 update that failed to re-boot lenny successfully after what seemed to be a minor update -- that was on a real system, not a vm. I haven't gotten back to look at that.)
View 14 Replies
View Related
Oct 3, 2010
I was trying to get the Windows one working again. Here's what fdisk -l reads:
[Code]...
I'll change these or do some grub configurations, if anyone knows what ones can work.
View 1 Replies
View Related
Nov 14, 2010
I have problems with the system harddrive. I would like to install my Debian on to a new HDD with the same configuration and packages. How do I get the configuration to the new Debian. What files/directory do I need to copy? How do install the same packages?
View 4 Replies
View Related
Jan 24, 2011
To configure SMS gateway using Kannel configuration for Huwei GSM Modem
dmesg gives attached modem in my system:
View 2 Replies
View Related
