Debian Configuration :: Iptables Blocks FTP Connections

Jul 8, 2011

For some reason my FTP packets are blocked by iptables even though I thought I allowed them through

My syslog errors are along this line:

And my iptables ruleset:

View 4 Replies


ADVERTISEMENT

Security :: Iptables State Module - Configuration Error / Not Enable Incoming Packets From Connections Initiated From Inside?

Mar 30, 2011

I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :

Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....

In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.

Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".

Does this configuration not enable incoming packets from connections initiated from inside?

View 3 Replies View Related

Debian Configuration :: Icew - Your Websense Policy Blocks This Page At All Times

Jan 25, 2010

Iceweasel told me "Your Websense policy blocks this page at all times". How can I disable websense in Iceweasel?

View 4 Replies View Related

OpenSUSE Network :: Command That Blocks All Connections?

Jul 16, 2011

Just wonder is there any command that blocks all connections?

I am aware about RedHat #sudo /sbin/services iptables panic

and wonder is there something with similar effect in opensuse?

View 5 Replies View Related

Ubuntu Networking :: Ufw Blocks IPv6 Connections?

Jan 10, 2011

I've just started using ufw with the frontend gufw. I've configured it like this:

Accept everything in and out as default Block incoming FTP connections from a certain IPv4 address (brute-force for days)

Today I noticed that IPv6 connections don't work anymore. The connection to two hosts (IPv6 only) times out. As soon as I disable ufw entirely, the connections work again. The host I want to connect to is:

2001:638:a00:f00b:200:1cff:fedb:d38f port 7337
2001:638:a00:f00b:a00:6ff:fe07:cda2 port 7337

These are small telnet servers that print out a number (temperature nearby) and close again. I'm logging those values in a database.

Is ufw not IPv6-capable and blocks things it's not supposed to?

Update: ufw seems complete garbage to me... You can't even configure it while it's disabled! How am I supposed to safely activate it when the first thing it does is blocking all communications? I can't even configure it to let me in before I configure it to keep me out... And then, even if I explicitly let it pass port 7337, it still blocks it through IPv6.

View 4 Replies View Related

Security :: Regional IP Blocks For IPtables Rules?

Aug 23, 2010

I was wondering if there is a way to find out IP blocks based on a given region. I know there are IP Lookups that will tell you what Country and possibly City a given IP is from. What I want is the following:

- I would like to set up a IPTABLES rule that implements something like:

=> ALLOW VPN connections FROM THIS ISP/IP BLOCKS THAT ARE IN CITY XYZ

Basically, I want to limit my incoming VPN connections FROM my ISP in the surrounding area. So, for example, I can go to my friends house who also has the same ISP. I should be able to connect from his home to mine because we have 1) same ISP 2) IP blocks is confined to a particular local location.

View 1 Replies View Related

Debian Configuration :: Ssh Is Not Accepting Any Connections?

Jul 14, 2010

I have ssh installed and running on my laptop(Debian Sequeeze). I can run "ssh localhost" without any problem. But for some reason I cannot connect to it from other computers. They all give "connection timed out". I can connect to these computers`s ssh servers but for some reason my laptop with Debian is not accepting any connections.

View 5 Replies View Related

Debian Configuration :: Refuses Port Connections - VNC

Sep 29, 2010

I'm trying to setup VNC on our debian server so the boss can remotely do admin stuff from anywhere in the world. the first step is getting it working from anywhere in the room, though. And I can't even seem to get that far.

So far I have a VNC server setup, although not without problems. I downloaded and installed vnc from the vnc site, that wouldn't work because trying to start a vnc server gave this error: "error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory"

There are lots of results on google for this error, and the solution everywhere seems to be the same. to install the package: libstdc++2.10-glibc2.2

However, trying to install this package in debian fails. both using apt-get and trying to manually download it from packages.debian.org it just doesn't seem to exist.

I've tried tightvnc from the official repositories and it gives the same error, too.

The way I got around that eventually, thanks to another tutorial, was to install the package vnc4server. then run vnc4passwd to create a password. and after that vncserver works fine, or seems to. Creates display 1.

Now, when I'm trying to connect to hostname:1 from another computer in the LAN. It gives error 10061, connection refused. I installed the debian and I don't recall setting it up to refuse connections on port 1. Is there anything I should check or change to allow the connection, or any log file in debian to check and see what's going wrong?

I'm also trying connecting internally via client on the debian machine, but I can't runvncviewer. I get the same missing shared library error as before. I guess I just worked around, not solved it.

I also can't access it with the java viewer. Trying to connect on port 5801 either from the server itself, or from another one on the lan, tells me it's refusing the connection.

To be clear, I'm certain that the vnc server is started. We have working DNS, and trying to connect directly to the internal IP:1 doesn't work either.

View 6 Replies View Related

Debian Configuration :: Load Balancing Over Uneven Connections?

Jan 31, 2011

A little background: CCNA and A+ I have preformed this task on Cisco routers Linux for 5+ years, mostly with Debian (mostly casual, a few production situations) I need to setup a linux box with Load Balancing over a cable line 8mb down, 1mb up connection and a T1 line. If this isn't possible, at the very least I need Failover (which I have admittedly not researched as fully.) I know Failover is possible, but I would really love to double my upload bandwidth as we host a small website here. Is load balancing over uneven connections possible on Debian?

Side question: If I host a website, when users connect and get responses over 2 Public IP's, what would be the reaction on the users side? Would it get filtered and or blocked by a firewall?

View 2 Replies View Related

Debian Configuration :: Restricting Connections Per User Group

Apr 3, 2011

I want to limit the amount of connections a user can make outside of the box per user group, should I be doing this via iptables or what? aka:

group1 can only have 2 simultaneous outbound connections
group2 can only have 8

View 1 Replies View Related

Debian Configuration :: How To Show Active Ssh Tunnel Connections

Apr 23, 2011

My Debian server is used by people to set up ssh-tunnels for use as a local proxy ( on their remote machines).Since only the tunnel is setup, and no shell is used, I can't use "who" to see which users have an active ssh-tunnel on my server, but I would like to have an idea about who is active etc. I think I should be able to determine this from the auth.log file, but then I would have to use some script to determine what connection is still active. Is there an easy way to see what users have active ssh-tunnels on my Debian server at any given moment?

View 3 Replies View Related

Debian Configuration :: Bridge Wireless And Wired Connections?

May 17, 2011

I'm trying to bridge connections between a wired and a wireless connection in one of my computers. I was told it was impossible due to low-level limitations in the wireless subsystem, but apparently theres a way if you somehow forward packets from one port to the other. Is there a way I can achieve this?

View 1 Replies View Related

Debian Configuration :: Exim Ignoring External Connections?

May 25, 2011

I have exim setup on squeeze to run as an "internet site". Outgoing mail works fine but it seems to just ignore incoming smtp requests on port 25. I can see the incoming connection via tcpdump but exim doesn't seem to talk. If I connect via telnet it rather quickly says connection refused. Is there something additional I need in the Exim conf?

View 1 Replies View Related

Debian :: Iptables Cannot Save The Configuration?

Apr 28, 2011

I am configuring the iptables in the debain squeeze and then running the: iptables-save

View 4 Replies View Related

Debian Configuration :: Bad Argument '#' In Iptables

Jul 11, 2011

I follow this instructions but after iptables-restore < /etc/iptables.test.rules I see this error # iptables-restore < /etc/iptables.test.rules Bad argument `#' Error occurred at line: 3 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The line 3 is the same as the link - # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

View 3 Replies View Related

Debian Configuration :: Unable To Access System>Pereferences>Network Connections?

Mar 15, 2011

I just installed Debian and am getting a problem where I can't open the list of network connections. I can use the network manager applet to connect to wireless networks, but I cannot access the network connections list from there either (right click "edit connections)

I'm not incredibly knowledgeable with Linux, but I tried a few simple things I could think of like reinstalling the packages, or restarting the interfaces. (ifdown/up wlan0)

It's strange, because when I click "network connections," I see it show up for a second on the bottom panel, I get some rotating mouse icon while I wait a few seconds and then if goes away. Is there some kind of logfile that could help me identify the problem?

Using Debian 6 on eeePC1000HEB with Ath9k (i think) wireless card. Net Interface: wlan0

View 1 Replies View Related

Debian Configuration :: Setting Up Dell Inspiron 6000 Wireless Connections

Jul 24, 2011

I am still a noob with linux and debian in particular. I do some android development so through that I have learned a little bit about linux but only the basic command prompt commands and the basics of how linux works and such.Anyways, I was looking around on the forum and on other forums and I couldn't find any helpful information about how to set up wireless connections (such as wifi) on debian. When I installed debian on my computer it asked me for the ipw2200 files and I didn't have them at the time but now I have the latest framework files for that, I don't really know how to install them and after I install them I don't know how to turn on my wireless connections from there.

I am really sorry if someone already made a post on this subject and I am just too clutzy to find it, if that's the case please just post the link to that thread for me cause I'm dumb as crap.So basically the main problem I am trying to fix right now is that I cannot get my internet to work on my old dell inspiron 6000 laptop which I am trying to get to run debian.

View 3 Replies View Related

Debian Configuration :: Iptables Forwarding For Tomcat?

Nov 10, 2010

I've been trying to forward some ports using iptables for some time now, but still haven't figured out how to get it to work..What i'm trying to accomplish is to forward all traffic from port 80 to port 8080, and all traffic from port 443 to port 8443, this because i would like to run tomcat as a non-root user, and the original ports can only be used as root.. I've currently setup my iptables like this:

# Generated by iptables-save v1.4.2 on Wed Nov 10 16:44:45 2010
*nat
:PREROUTING ACCEPT [39350:6120333]

[code].....

View 2 Replies View Related

Networking :: Iptables Configuration On Debian Dmz Host?

Jul 6, 2010

I am trying to set up a DMZ host - that is, one multifunctional PC between the WAN and the LAN. I've started with a basic router, and expanding upon that as the need arises. I am currently trying to gain access (from the WAN) to a website hosted on one of the servers in the LAN, but I am having trouble accessing the host from the WAN; I think my iptables configuration may be too restrictive. On the DMZ host, I'm using Debian (Etch). I have setup dhcp3-server, a script to configure iptables and pound (reverse-proxy). The (virtual) machine has 4 network cards: eth0, eth1, eth2, eth3; eth0 is the WAN, eth1 through eth3 serve 3 different virtual LANs.

All machines in the LAN (except one windows 2008 server - I might want to address that problem later) get their IP adresses correctly via dhcp from the DMZ host. All machines on the LAN can access the internet (including the 2008 server if I configure it manually) as they should. If I access http://localhost on the DMZ host, pound reports "The service is not available. Please try again later." - as it should.

I can ping the DMZ host from the WAN on 10.0.0.79 However, if I try to access the DMZ host from the WAN (http://10.0.0.79) I get "Unable to connect" from firefox. I'm sure this is not a pound problem, so I think it's in the iptables, or maybe I should be installing some extra software that I'm unaware of.

[code]....

View 3 Replies View Related

Debian Configuration :: IPTables Output Block Not Local

Sep 19, 2015

I try to create some rules to detect an outgoing traffic from my debian jessie that is not from my IP or loop.

#!/bin/bash
/sbin/iptables -N C_OUT_N_LOCAL
/sbin/iptables -N C_OUT_N_LOCAL_LO
/sbin/iptables -A C_OUT_N_LOCAL -m limit --limit 2/min -j LOG --log-prefix "PK: output not local : " --log-level 4

LO_IP="127.0.0.1"
MY_IP="192.168.0.4"

/sbin/iptables -I OUTPUT -p ALL ! -s $LO_IP -j C_OUT_N_LOCAL_LO
/sbin/iptables -A C_OUT_N_LOCAL_LO -p ALL ! -s $MY_IP -j C_OUT_N_LOCAL

View 0 Replies View Related

Debian Configuration :: Lenny Not Loading Iptables Rules

Dec 30, 2010

I'm having some trouble with the configuration of the iptables. I want to setup a network server to serve as Fail Over (for my 2 ISPs), DHCP and DNS. I have 3 network cards, 2 connected to ISP's routers and 1 that serves as UPLINK for my switch.

I want to add some Iptables rules so I can achieve what I want to do. The problem is that the rules I try to use, they have to effect.... they don't load, here are the rules I am trying to add:

#iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j SNAT --to EXTIP

When I try to check to see if it loads, with the command:

#iptables -L

It returns empty

View 2 Replies View Related

Debian Configuration :: OpenVPN And IPTables - No Local Hostnames Accessible

Feb 7, 2016

I managed to set up an openvpn server, ip-forwarding and a nat iptable rule for that.

Almost everything works as expected, but my problem is:

Smartphone -> VPN -> Internet ==> works (by ip and hostname)
Smartphone -> VPN -> machine in my local network by IP ==> works
Smartphone -> VPN -> machine in my local network by its hostname => DOES NOT WORK
Machine w/ VPN server -> ping to machine in local network by ip or hostname => works

So, i wonder why i cant access a local machine through the vpn by its hostname. I guess I'm missing a forwarding rule??

iptables dump:
# Generated by iptables-save v1.4.21 on Sun Feb 7 20:56:52 2016
*nat
:PREROUTING ACCEPT [786:59064]
:INPUT ACCEPT [728:53047]
:OUTPUT ACCEPT [19:1487]
:POSTROUTING ACCEPT [20:1576]
-A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Feb 7 20:56:52 2016

View 0 Replies View Related

Debian Configuration :: IPTABLES Protocol To Reject All Incoming Ssh Traffic

Apr 4, 2010

a good IPTABLES protocol to reject all incoming ssh trafiic except for a single IP or IP range?

View 4 Replies View Related

Debian Configuration :: Setting IPTables Default Forward Policy?

May 3, 2010

I'm intending to replace my current router (486DX2 w/16MB running FREESCO which has been faithfully working 24/7 for well over a decade) with a debian box with a bit more grunt and newer features. I'm currently setting up my iptables ruleset and am after a bit of advice re the FORWARD policy. A few example rulesets I have found set the default policy to DROP and the have two lines for each port forward, one to allow the traffic and one to direct the incoming packets to the correct machine.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-destination 10.0.100.10:25
iptables -A FORWARD -i eth1 -p tcp --dport 25 -o eth0 -d 10.0.100.10 -m conntrack --ctstate NEW -j ACCEPT

I'm thinking of setting the default policy to ACCEPT to cut down on typing as my default INPUT policy is DROP and unless there is a valid FORWARD rule for a particular port, the packets aren't going anywhere anyway. Or have I misunderstood something. My googling returned heaps of example scripts & not much intelligent commentary. Alternatively, what do you all use to configure & maintain your debian gateways; hand rolled iptables rules, or any toolset recommendations?

View 4 Replies View Related

Debian Configuration :: How To Restore Iptables To Default Installation Values

May 9, 2010

After resetting a pc running lenny I get iptables errors at boot ("resource temporarily unavailable", "bad rule" etc). "setting up firewall" (Guarddog) is not followed by any errors and the firewall apparently operates ok.How can I restore my iptables to the default installation values?

View 2 Replies View Related

Debian Configuration :: IPTables - Local Host Cannot Get Returning Traffic

Sep 20, 2010

I have a strange iptables issues. I have just built a new Debian install and starting adding some real basic rules (see below) the problem seems to be that the localhost itself can't get any returning traffic. That is, it seems to be allowed outgoing traffic but not the connected, returning traffic. Ordinarily allowing Established Connections would resolve this, see the rule below, but it hasn't. Why this doesn't work. Removing the last DROP in the INPUT chains obviously makes the traffic work!

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j ACCEPT -p tcp --dport 22
iptables -A INPUT -j ACCEPT -s x.x.x.x
iptables -A INPUT -j ACCEPT -s x.x.x.x
iptables -A INPUT -j ACCEPT -s x.x.x.x -p tcp --dport 80
iptables -A INPUT -j ACCEPT -s x.x.x.x -p tcp --dport 8080
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP

View 3 Replies View Related

Debian Configuration :: IPTables Logging Rules Dropping WiFi Connection

Dec 1, 2015

I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.

By dead I mean I can no longer open a webpage or ping google.

iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

View 9 Replies View Related

Networking :: Only Allow OpenVPN Connections With IPtables ?

May 23, 2011

I'd like to configure IPtables to make sure I can only access the internet through an openvpn connection (so when the connection is down I have no way to access the internet but to connect to the vpn again).

I know how to do this with Firestarter (restrictive outgoing policy and I only allow the vpn server IPs) but Firestarter seems to be stupid : for some reason eth0 was changed to eth1 and Firestarter can't work properly anymore, even though that probably can be fixed with Firestarter I'm no more interested in this program and I'd better like to know how to apply the same policy using IPtables.

I've tried a few things already but it failed each time ... how can I effectively allow my computer to connect to the VPN while everything else is blocked ?

View 3 Replies View Related

Ubuntu Security :: Iptables To Allow HTTPS Connections Only?

Jul 16, 2011

I have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:

Quote:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT

[Code]....

Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.

ps: I got the rules from that website: [URL]

View 9 Replies View Related

Networking :: Monitor Gateway Connections - Iptables?

Jun 3, 2010

I want to find out which server/service a streaming box connects to and maybe also take a look at some packets. The box connects to the Internet via a Linux gateway running Debian I have root access to. I have some basic knowledge about iptables, tcpdump, netstat etc. but couldn't yet figure out how to get this info.

My first approach was with netstat, but this traffic seems not to be visible (which somehow makes sense to me). My next guess was that with iptables it should be possible to log this connections, however I couldn't yet figure out how to.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved