Debian :: How To Use Firestarter To Open Port To One Site Only?
Dec 6, 2010
I have a question about anybody who knows how to use firestarter firewall. I'm trying to get access to a Macromedia flash site that needs port 1935 open. While it is not a big issue to open the port, I want to do it just for the server that needs it. I do not want to open it to everybody else. I wonder if anybody has any idea of how to do this. Normally I just go to www.redhotpawn.com which is a chess playing site. I then pressed on the blitz button to go into a game. But it tells me access denied, and then the site has a warning about what it means. The site that mentions that if this is the case then this port has to be open. I don't have a problem of opening the port for the one site as I trust it. But I don't want the port open for every site. I know I can go into the firewall settings and under policy I click on the allow service port for. I put in the port number, but then I don't want to select all. I want to find out what the IP, host or network that I need to allow. Basically I only want to open the port to the one site.
I have a system running 9.10 configured with Firestarter acting as a router. We have multiple Xbox 360's on the network. Unless some ports are forwarded, the Xbox has a NAT type of "Moderate". I have been able to set an Xbox with a Static IP and forward the necessary ports for that IP, which allows the Xbox's NAT to become "Open." My question is, how do I do this for multiple Xboxs? If the follow the same procedure for additional Xboxes, only one Xbox at a time can have an "Open" NAT type, and the rest would be "Moderate". The ports the Xbox uses cannot be changed via the Xbox.
I know this has got to be a beginners question but I can not find the answer. I have searched the forum, the wiki, and the reference. I have used google and found the answer as it applies to red hat but doesn't work in debian. Found a couple of more but they didn't work either. I need to open a port for ssh to work. I have it working on 3 computers but the 4th has the port closed and I can't open it. I have openssh client and server installed and running. I am using Wheezy/testing on an acer laptop.
I have system with debian linux installed. i got to know that debian doesent have IPTABLES firewall installed in built. i found the shoerwall firewall installed on system. now i wanted to open port no.7 for application comunication purpose please let me know if any one knows.also one more thing.. if i type command iptables --list i can see list of rules installed on ssytem....confuse which firewall application installed on the system.
I am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
I've noticed that when I open firefox I get really strange HTTP and HTTPS connections showing up in firestarter (which as I understand it is just a GUI for IPtables). They connect to various bits of a site listed as 1e100.net (when you use "lookup hostnames") such as wy-in-f18.1e100.net, they stay connected all the time as far as I can see unless I close firefox. I've heard people say they are connected to Google, but I can close all tabs after loging out of google and still see them... it's very odd.
A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
I have a java application that I wrote recently. It runs off port 9955. The application runs great on my mac server. When I installed it on my linux box i cant get to it from outside the box. A port scan shows the port as closed. I flushed my iptables, did not help. I can telnet into the app locally, from the server and it works great. I cannot telnet from outside the server. I have a reference to the application in /etc/services as a tcp port (which it is).
Right now my server is being used as a Minecraft server. I have a site hosted on it, but my ISP blocks port 80, so I'm the only one who is able to view the site. I want to be able to change the port the site is on so that anyone can view it. I've looked it up and apparently that is possible; however, I haven't found out how to do it. I've changed the ports.conf file in /etc/apache2 and the default file in /etc/apache2/sites-available, but it didn't work. All that did was take my site off of 80, but it did not put it on the new port I specified. What exactly do I have to change so that when I go to mysite:port, it loads my website?
EDIT: Also, just for extra information, the two ports I tried were 8080 and 81.
Currently my home internet provider does not allow services on ports 1 to 1024 but allow the use of high ports to whatever users want to do and I was wondering what ways are there to mask my webserver @ ip:8080 and yet maintain the servernames ? For example currently if I use myexample.com:8080 it will open just fine but I know there some ways to make it look like if port 8080 never existed, one example of this would be using a proxy server somewhere else to redirect the access but I don't have one available nor money to use for this.
In the above case what would happen is that when user hitted the proxy server it would redirect and query my server so user would never know 2nd server existed at all. Another way would be creating a page somewhere else and put your site as a iframe or frame which would hide it but may be a problem to some browsers etc...
So I belive the question here is what options do I have to mask my server at 8080 to look like a transparent webserver? While I do know this seems a bit technical I belive the place to ask this question would be here instead of serverfault
If I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
I'm having a mare with SSL with Apache. I have set it up and if I go to the follwoing address http://192.168.1.2 it seems to work and the pages are delivered to my browser. However if I try to access it from an exernal PC it will not work.
I can get to the non-ssl part of the site so the static ip is resolved and the port forwarding all works.
Does any one have any ideas (and in fact i think I may have just solved it - Ports - 80 mis open but I haven't done anything with 443. Will check it out and post back.
I installed Firestarter firewall on debian Squeeze.Now i note there is a gui available in System->Administration which apparently does not need to be running all the time - its not set up to start on boot.When I boot I notice the boot message has a line saying "Starting Firestarter firewall .... failed"When I am logged in and type "/etc/init.d/firestarter status" as the Firestarter FAQs say, I get"Firestarter is running... ... (warning)"I can run the gui manually and still same message.
I installed firestarter and then at a later date uninstalled/purged it, both actions via synaptic. I have a very verbose boot, I like to see what's going on, and noticed after the uninstall/purge that I was getting an error zooming up the screen containing firestarter in it. After many restarts I found that a file was left in /etc/network/if-up.d/50firestarter and this file was simply a script trying to restart firestarter. At this point I've commented out the calling line and followed the commented line with exit 0. This removes the error but there's still a link calling the file so, is this a bug or am I missing something? It appears the uninstall/purge wasn't entirely complete.
I have sendmail running on my centOS 4.6. My lamp server also runs on it. I want to send mail through php mail function. when i execute php page, which fires the mail function, it takes so much long tim1 say even 1 minute, and at last displays that message sent successfully. Suppose, destination address is [URL].... I did not get any mail there. My server is running in LAN. I checked the status of sendmail, it shows me that it ios running. when i issue "nmap localhost" it shows me that SMTP port 25 is open, but when i issue "nmap myserver" (192.168.1.20 myserver ( written in hostfile)), it does not show that SMTP port is open.
I checked the /var/log/maillog, one person in my previous post advice me to see that. There it shows that message is accepted for delivery...but i do not get any mail in my destination, even not in spam folder. One more confusion is that, in my case my server is in LAN and if I am at all enable to open the SMTP port on it, does i need to open SMTP port on my router (which connects my LAN to internet) also needs to open? I think no, because SMTP is application layer protocol, it will wrap my mail in IP packet, which router just need to forward. am i right?
Ok For some reason I open my ports in security and firewall. I open ssh and other ports and port 7001 for example but when I go to check to see if they are open or try to connect to them. It shows that they are still closed. I am using - [URL] Also yes my ports are open on my router. I know my router works fine with opening ports because I have shoutcast setup on another computer with xp that is currently running. I am willing to pay for who can ever get this fixed for me...
I have installed Firestarter, and set it up following some manual (just a simple, baseline setting, nothing fancy). However, after restart I got error message: Starting the Firestarter firewall... failed! and then, later: startpar: service(s) returned failure: firestarter ... failed! Why this happens?
how to configure my firestarter firewall. I have a website which requires the port 1935 to be open. I figured out how to open the port using firestarter. Is there anyway to make the port open only to this website, and not to every other website for security reasons of course.
I have a bit of an odd network setup, shown in the pic here:I am trying to remote desktop from the XP boxes on the side to the one on the bottom, behind a Debian box/firestarter firewall. Is this possible to do without changing my network (IE wiring/topology) setup? If I had my druthers, I would put the router behind the Linux box, before the XP box, but my work laptop does not allow me to connect in that fashion as I can't change the internet settings.
I am certain the setup is correct on both the Windows clients and host, so it has to be something with my firestarter firewall, or something else I'm completely missing. I have the RDP port opened on firestarter, but whenever I try to connect to the XP box, whether it's by computer name or LAN IP address, it is unable to connect. I had thought about setting up a VPN server on my Debian box, and then VPN'ing to it, and then in turn RDC'ing to my Windows machine. Is this possible? If all else fails, I may just plug the Windows box directly into the router and deal with the lower security or get a second wireless router just for my work pc.
I've become reliant on Net Objects Fusion for building and maintaining my web site. NOF is still only offered as a windows app and it is the only reason I have to keep Windows installed.Can anyone propose a comparable application (preferably open source) that will run in Linux?
I have just recently installed firestarter to get an idea of iptables editing with a GUI. Firestarter works great and I love it, however when I turn my system on, and my system is booting up the terminal displays a "Failed" message when attempting to start up firestarter. Now I have been doing my homework (reserch) and have read that a user will get this error because firestarter trys to load prior to the network manager starting up. I have also read some other variables that can cause this is if you use network manager and have a password on your user account (which I do have) can cause this issue.
However in most cases from what I have read is even though it gives the user a "Failed" startup message, once the user logs in, and is connected to the internet firestarter will actually load the iptables. I did some tests and from what I understand I can see that this is true because I have allowed access to certain torrent trackers, and denied access to others, and I can see some come online. Does firestarter load iptables once the user logs in? Or once it fails to load, does it not load at all unless you manually open/load the application. If firestarter just modifies iptables, then once I save my listings in firestarter then I really don't need it to start up correct?
After I had upgraded to 10.10, Firefox was at first running smoothly, but later it would no longer connect/open any given site. (could not connect to server). I the de-installed and new installed Firefox and it worked fine again for a while but then the same problem returned. I then completely removed Firefox and all packages pertaining to it, and then made a new install of the basic Firefox browser (same problem), then started adding one by one the other "Ubuntu" packages in synaptic for firefox, but the problem remains. I am currently using Chromium (which runs well and extremely fast) but I would like to have Firefox back
I was able to get the a2ensite command to enable a virtual site because it says "Site xxxxx.com already enabled" when I run the command. My problem now is that even though a site is enabled it says this: Code: /etc/init.d/apache2 restart * Restarting web server apache2
[Tue Apr 20 01:28:57 2010] [warn] NameVirtualHost *:80 has no VirtualHosts [Tue Apr 20 01:28:57 2010] [warn] NameVirtualHost *:80 has no VirtualHosts [Tue Apr 20 01:28:57 2010] [warn] NameVirtualHost *:80 has no VirtualHosts [Tue Apr 20 01:28:57 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs Should I do a chown or chmod to a file?
[URL].. One of my reference link: A very good place for search for drivers since many hardware manufacturers do not have a driver site for open source.
I have to ubuntu machine (9.10 and 10.4) with a openvpn tunnel between them.This is the situation:
Code: NetworkA 192.168.0.0/24 | UbuntuA br0:192.168.0.3 (openvpn bridge between eth0 and tap0)[code].....
UbuntuA has one only interface etho and there are two openvpn instance: one bridge istance with br0 and another instance with tun0. UbuntuA is not the gateway for networkA. UbuntuB is the gateway for NetworkB.I need to comunicate between pc on networkB e those on networkA.This is the "ping situation" (no pc tested has an active firewall):
ubuntuA vs ubuntuB: OK ubuntuB vs ubuntuA: OK pc on NetworkA vs ubuntuA and ubuntuB: OK[code].....
I've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
