Debian :: Connecting To SSH With Specific Source Port
May 14, 2015
I'm looking forward to know how to connect to a remote server through SSH but from a specific port, so I con drop connections from random ports that's not the one I choose. Is this possible?
I have tried by setting up an iptables entry to forward output through both, PREROUTING and OUTPUT (one at each time, flushing when I can see that it's not working), in NAT table, so I can connect doing ssh localhost
Code: Select alliptables -t nat -I OUTPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 4141 -j DNAT --to 192.168.1.2:4040
Unfortunately, it is not forwarding as I'd like.
I want to do this because I think that doing this will enhace the security, dropping connections of clients that are trying to connect from not allowed ports. I have already set up fail2ban and created SSH keys, not allowing to login with password, only key allowed. Will only allowing connections from a specific port will enhance the security or not really?
View 4 Replies
ADVERTISEMENT
Sep 17, 2010
Is it possible to setup SSH Daemon to listen on multiple ports and only accept specific groups to a given port? In the past I've created a second SSH Daemon by copying the config file and /etc/init.d/ daemon then configuring each port separately / rules however if I was able to maintain just the one Daemon that would be optimal. Is this possible?
View 1 Replies
View Related
Apr 19, 2011
I have a trayless SATA hotswap bay that is really terrific for quickly attaching and removing SATA hard drives. I'm trying to write a udev rule to create a symbolic link to the device node for the drive that is attached through the hotswap bay (/dev/bay -> /dev/sdX). This eliminates any ambiguity when performing destructive tasks (fdisk, etc). I'm running squeeze amd64. I've read through several tutorials and have it working somewhat. Here's the output of udevadm info for a drive attached via the hotswap bay.
looking at device '/devices/pci0000:00/0000:00:11.0/host7/target7:0:0/7:0:0:0/block/sdb':
KERNEL=="sdb"
SUBSYSTEM=="block"
DRIVER==""
ATTR{range}=="16"
ATTR{ext_range}=="256"
ATTR{removable}=="0"
ATTR{ro}=="0"
ATTR{size}=="156301488"
ATTR{alignment_offset}=="0"
ATTR{capability}=="52" ....
Here is my udev rule
DEVPATH=="/devices/pci0000:00/0000:00:11.0/host7/*", SUBSYSTEM=="block", SYMLINK+="bay%n"
This produces the desired behavior and gives me an fdisk-able device node. The problem I am having is that the "host" component of the DEVPATH varies from bootup to bootup. I'm just using on onboard SATA, host2-7, specifically host7. There is also onboard PATA, host0-1. It seems to just be random which "host"s are assigned to which controller. For example, the next time I boot the system, the onboard SATA will be host0-5 and the onboard PATA will be host6-7. In this simple case, I could just write 2 rules, one for each possibility and it would still be correct because of the different PCI addresses of the two controllers. But on systems with more SCSI (uh... libata, actually) controllers, a "host" file can point to different physical ports between bootstraps. This would be bad. Does anyone know of a way to write a rule to tie a device node to a specific physical SATA port on the motherboard/hba?
View 1 Replies
View Related
Jul 14, 2011
I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS
View 1 Replies
View Related
Feb 13, 2010
I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):
SourceDestinationPortServiceProgram
192.168.0.11266.235.133.4280HTTP
I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).The IP address appears to belong to esomniture.com - some sort of web analytics company. How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.
View 8 Replies
View Related
Apr 7, 2010
I want to restrict SSH so that its only accessible via the machines I own on this network. Obviously need to secure user authentication/host authentication, that aside though is the following sufficient at a network level given technical users also use this network? IP addresses are static, though I know they could be spoofed.
Code:
Chain INPUT (policy DROP)
target prot opt source destination
existing-connections all -- anywhere anywhere
allowed all -- anywhere anywhere
[Code]....
View 4 Replies
View Related
Mar 17, 2011
How do I get FTP to use a specific port number? .. I read the manual but cannot work this one out.
View 2 Replies
View Related
Dec 9, 2010
I might as well start off by saying that I have the Linux-based Linksys WRT54GL router running the Tomato firmware. I've come up with an idea that I'm not sure is possible. Specifically, setting a router up to ban not by the MAC address of the network card, but by the operating system the machine itself is running.
This way someone could have, say, a laptop dual-booting Windows and Linux and would be unable to access the internal network if they are in Windows. However, if they reboot into Linux (or practically any other OS) they would be able to access the local network safely without the chance of spreading worms and whatever else garbage across the internal network. Similarly, other devices like Xbox 360s, Wiis, etc. would be unaffected since they don't run Windows. [Yes, 360 probably runs some highly modified NT kernel, but almost nothing else is similar to a Windows PC and the whole system is highly locked down by Microsoft, so I'd say it could be an exception.]
I was thinking of specifically banning Windows XP and lower (honestly as f***ed up as I've seen Vista and 7 get, I would consider banning those too...). The idea is to allow, well... everything that isn't Windows (except possibly Win7) to connect wirelessly to the local network.
Unfortunately, I cannot do anything like this just yet, and I'm in the planning stages, trying to figure out if it is even possible. There are unfortunately two computers in the house that aren't mine (one running Windows XP and another Windows 7... go figure, they came with it and either my sister refuses to use anything else or my mom's computer's wireless is a massive PITA to get to work in anything *besides* Windows). My guess is that this is either not possible or would be extremely hard to pull off. What do you guys think?
On the other hand, it would probably be possible to connect two routers to the incoming cable connection, giving them both different settings (SSIDs, WPA passwords, etc.) and only giving Windows users access to the outer router, but it'd be cool to be able to accomplish something like this with one router through its settings.
View 5 Replies
View Related
Dec 11, 2010
how can i find on a linux system the processes that are using 8080 port (ex a web server)
View 2 Replies
View Related
Jul 9, 2011
Recently I discovered that we were accidentally running a POP server (port 110), when we only should have been running the encrypted version thereof (port 995). This wouldn't have been a problem if the port was blocked in the first place. I had wrongly assumed that any port NOT specifically listed in one's firewall rules (CentOS 5 with default iptables installation) would be blocked. I thought you had to add a rule to /etc/sysconfig/iptables in order to open up a port. Apparently this is NOT the case. So is it true that if I install some random software that starts listening on any number of ports that I have not specifically mentioned in /etc/sysconfig/iptables that it will not be blocked - it will work right away?
Anyway, I guess two questions:
1) What's a generic way to block a specific port? I use rules like this to "open" ports (although is this not needed if they're open anyway?)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
What's the analog of this kind of rule to *block* a port?
2) Is there a better way to configure iptables to block all ports that are not mentioned in its configuration? Is that dangerous? (will it block things that I don't want to block?)
View 3 Replies
View Related
Mar 14, 2011
I have to route some packages over the right interface.I default route everything for the target-network over one network-interface. That works perfectly. But i have to route packages for one specific host and one specific port over another network-interface. I tried many things with the route-command, but i think there's no possibility to route only one port? May i can do this with iptables? I only found ways to forward some packages, which are coming in over one interface. But in my case all packages go out over one interface.
View 13 Replies
View Related
Dec 4, 2009
I've got a few systems which forward ports to one another all over the place, and somewhere along the line a port forward fails. I want to trace the route of a connection on a specific port to see where the connection hits a wall, to see what system is causing the problem. I've tried `tracetoure -T -p <port>` but it doesn't output anything about the ports it hits, stops when it hits the address I supplied even though it is forwarded elsewhere, and there doesn't seem to be a verbose mode. interstingly, if I specify a different source port via the '-s' option, the trace keeps hopping to * * * * and never get anywhere (at least to 27 hops then I CTRL+C)
View 6 Replies
View Related
May 12, 2009
I went and generated a self signed SSL .pem file ($1000 for a signed wildcard ssl certificate is out of my price range at the moment). I can connect to my server on port 26 when using STARTTLS but not SSL/TLS mode. I would like to be able to connect to port 465 on SSL mode, but I have no idea how.
View 1 Replies
View Related
Feb 27, 2011
I'm working on a new conky script, and I had the idea to use text from a [URL]... The command I'm using to pull the file is:
Code:
curl -s http://www.thefuckingweather.com/?zipcode=33186 | grep 'ITS FKING *'
However, this gives me the entire line of code this line appears in.
Code:
<br />ITS FKCING NICE</div><div id="remark"><br />
How can I limit this to simply the text?
Sorry about the foul language btw...the words obviously aren't misspelled when I enter them in the terminal
View 5 Replies
View Related
Oct 23, 2010
I am a student in Information Technology . I have a question from the book of Mark g.Sobell . I could not find the answer for that .Why might you have a problem connecting to an FTP server in PORT mode?
View 1 Replies
View Related
Nov 11, 2009
In a remote machine port 25 is open its enabled in firewall also...but not able to connect through telnet..why ?
netstat -an | grep 25
Code:
tcp 0 0 0.0.0.0:44525 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
[code]....
Code:
telnet 172.17.65.206 25
Trying 172.17.65.206...
telnet: connect to address 172.17.65.206: No route to host
View 3 Replies
View Related
Jan 11, 2011
I have been trying all day today to setup a sendmail SMTP server on our Red Hat 5.5 dev box. We have 2 network cards, 1 to the local network with a 192.168 prefix and an external card which goes out to the web through a BT leased line through a Cisco router.
First I followed one of the many helpful tutorials online to setup sendmail, installed all the required packages and made a couple of small config changes to allow the service to listen on all IP addresses rather than just the localhost 127.0.0.1.
The main change is in the /etc/mail/sendmail.mc file where I have changed the following line;
DAEMON_OPTIONS(`Port=smtp,Addr=x.x.x.x, Name=MTA')dnl
I have tried removing Addr completely, setting to either the local or external IP and then rebuilding the sendmail file using 'make -C /etc/mail' and then restarting using 'service sendmail restart'
The SMTP port has been added into the firewall and it is showing to be listening on IP 0.0.0.0:25 which I believe means it is listening on all IP's assigned to the machine, sendmail is also in listen mode and running correctly.
Finally I have changed the /etc/mail/access file to include the local IP range 192.168 and external IP range and rebuilt this into the /etc/mail/access.db file and then restarted sendmail.
Googling the error all the sites I have found talk about making sure the 'DAEMON_OPTIONS(`Port=smtp,Addr=x.x.x.x, Name=MTA')dnl' line is uncommented and not much else in terms of what else might be incorrect.
I am starting to run out of ideas on things to change or check, telnet works correctly on other ports on the same server, ie httpd for apache on port 80. I have also rebooted the server to make sure that it wasn't something odd happening.
View 2 Replies
View Related
Jun 2, 2010
Linux machine is running a webcam. I export my webcam with fswebcam for the moment on a ftp and ssh, but it is so slow.
I wanna stream it, how can I make it and make it simple for the friends ?
View 1 Replies
View Related
Sep 26, 2010
I am trying to create a socket to listen for a bootp response so I am using a PF_PACKET socket so that I get the response based on my mac. My problem is that I don't want to hear all traffic (as I do now) so would like to use a specific port number and bind to it.
View 1 Replies
View Related
Jun 8, 2010
I have installed SUSE 11.2 and have performed update software manually, using YaST > Online Update. This all appears to be successful. I am getting an error dialog that says Problem connecting to a software source There was a (possibly temporary) problem connecting to a software source. Pleas check the detailed error for further updates. the details are as follows:
[Code]....
View 1 Replies
View Related
Aug 20, 2010
Using a fresh Ubuntu server install, i setup UFW :
[Code]..
When connecting from external box to this server on port 25, the connection is properly blocked by UFW but i can't find any UFW log (/var/log/kern.log, /var/log/messages, /var/log/ufw.log ...). I'm using default rsyslog.
View 1 Replies
View Related
May 28, 2011
- I've recently been donated a second emac by a friend that needs a new hdd. I want to add as much speed as possible, but don't know much about hdd transfer speeds
1)sub 100 SSD vs 7200 16mb 3.5'' platter drive ? I can't seem to find much information here. As far as I can tell, the standard hard drive would be faster unless I'm prepared to spend a couple of hundred on a top of the range SSD - is this correct?
2) will a sata/ide converter slow the transfer rates? is it worth spending the extra 50% to get an ide drive with the same specs as a SATA drive, or just use the converter?
3) Thoughts on connecting the drive via firewire - how much slower would this be than connecting the drive via the ide port on the motherboard? I am only concidering this as I don't use the firewire ports for anything else, and getting to the hard drive is a total pain, not to mention the inherrant risk of electric shock on these machines.
View 3 Replies
View Related
Nov 18, 2009
whose only way of connecting is trought a serial cable like the one used for a monitor but on the reversed, (sorry i dont know the correct term), ive tried using hptalx and kermit to no avail if someone could poinme in the rigth direction wolud be much apraciated, (i'll be having, some exams soon, so im in a bit of trouble), distribution slackware 12.2 , kernel 2.6.27.31 (i think).
View 2 Replies
View Related
Jul 30, 2011
1. Need to connect 2 CCTV DVRs and view from remote. 2. Can get a static IP address. But I dont know if this is a secure way since any once can view if the know the ip address. 3. Question is : is it possible to connect the DVR( s) to a linux server which will get user name and password before letting us view the DVR. Currently there is one set as follows: 1. From location X a device is connected to location Y using leased line and static IP (12 kms distance). In location Y a router is placed and port forwarding is configured. From Location Z using internet and remote desktop concept the device at location X is viewed and data captured. Is it possible to use a similar concept but with some sort of security authentication procedure in place.
View 1 Replies
View Related
Jun 1, 2010
Im running a web server on port80, but i want traffic coming from ip 212.333.111.222 on port 80 to be fowarded to port 9020 on the same server that my web server is rinning at that is my sshd port
View 1 Replies
View Related
Feb 15, 2010
When one connects to an SSH server running on a non-standard port ( i.e. not port 22) it is straightforward to alter the command syntax so you can connect to this port. Is it possible to define the source port from the local machine ? For example, can you define the source port on your local machine to be 12345 as opposed to another port chosen by your system?
View 2 Replies
View Related
Dec 16, 2009
I am trying to connect to a cisco console port using the usb to serial converter. I am using minicom and I changed me setting to reflect the USB converter cable, but it isn't working. I have set my baud rate to 9600, 8 data bits and no parity. Minicom acts as if it is connected (it doesn't give any errors), but there is nothing on the screen and nothing happens when I type. Also, I use the tail command and it sees the usb connector connected when I unplug it and plug it back in.
View 10 Replies
View Related
Jul 23, 2011
I'm new to linux, and setting up the mysql database server.
Here are my situation:
OS: CentOS 6
mysql version: 5.5
I tried to use MySQL Administrator to connect to my database on the host 192.168.1.120
and my computer is under the same network with ip: 192.168.1.105
But it shows the error msg: Could not connect to MySQL instance at 192.168.1.120
Error: Can't connect to MySQL server on '192.168.1.120'(61)(code 2003)
On the server side I've tried:
Code:
skip_networking is off and I've set the port for it.
When I check the process in OS:
Code:
When I try netstat:
Code:
I thought it's the problem of firewall, so I have check it also:
Code:
View 3 Replies
View Related
Dec 23, 2010
I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
View 10 Replies
View Related
Jul 23, 2011
My network isPC1 -- (NIC1,10.1.1.x) Linux (NIC2,10.1.2.x) -- Server 1 (HTTP/FTP)My question isIn the linux system, can I change the PC1 source port from 20000 to 30000? for examplePC1(sport:20000,dport:80)---Linux-- (sport:30000,dport:80)--- Server 1 (HTTP/FTP)
View 2 Replies
View Related
