Debian :: How To Set Iptables With Config

Feb 18, 2015

I`d like to block bruteforce attack from china, russia to my mysql and i want to open 3306 mysql port just for one type adress from internet like this:: 212.23.165.xxx, and for others I want to block just for 3306.In my new installaton of weezy I`ve not configured iptables..how should looks like iptables config and how to set iptables with this config?

View 3 Replies


ADVERTISEMENT

Fedora Networking :: Can't Ping On 10 Affer Config NAT Iptables?

Nov 26, 2010

Currently,i use Fedora 10 and get a follow trouble :My network:

route(10.11.10.2/24)----eth0----(10.11.10.105/24)Fedora10(172.16.239.1/24)----vmnet0----(172.16.239.2/24)Virtual Machine XP2.
I used : Vmware 6.5.1,Virtual Machine : Window XP SP2.

[code]...

View 1 Replies View Related

Ubuntu Servers :: Using Basic Iptables Config - But ALL Traffic DROPS

Jan 11, 2010

I'm using Ubuntu server 9.10 with 2 NICS (Internet-router-eth0, eth1-LAN). I use iptables to generate rules for 20 computers, but when I execute the script, ALL TRAFFIC DROPS, including the server. What am I doing wrong?

Code:
#!/bin/sh
#eth0 192.168.0.50 - connected to Internet
#eth1 192.168.1.51 - connected to LAN
#192.168.1.52 - workstation1
#set default policies
iptables -P INPUT DROP

[Code]...

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -s 192.168.1.52 -j ACCEPT. The reason I'm doing this is, I just want to open necessary ports in the server and restrict LAN usage.

View 2 Replies View Related

Networking :: Iptables & Kernel Config To Do Conntrack Of Bittorrent Traffic

Jul 31, 2010

I was just wondering if using a non-smp kernel would be ok on a older p4 system with no x. I am wondering due to some functionality in IPTABLES that is broken in the SMP kernels ( -m owner --sid.pid,cmd-owner).

Could someone that is running a NON-SMP kernel advise as to whether the support for -m owner --cmd-owner is working in iptables with those kernels? Also, could someone advise me if running a NON-SMP kernel is even advisable? The machine will not have x.

View 14 Replies View Related

Ubuntu Servers :: Iptables / Netfilter Config Stops Sendmail From Working?

Oct 8, 2010

I have an ubuntu server virtual machine with a webhost. I am trying to configure the firewall. I am having a problem with sendmail and the required firewall configuraiton If I type the command:

iptables -F

Then sendmail works perfectly. I can see the emails sent in my googlemail inbox. I then configure my firewall as follows:

iptables -F
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 2252 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[Code]....

(I have moved SSH to a diffrent port) Once this is setup sendmail no longer works. I had assumed that sendmail will establish a tcp connection and the first rule will allow all established connections to pass. why this iptables/netfilter config stops sendmail from working.

View 5 Replies View Related

General :: Unable To Find Iptables Config File In Ubuntu Lucid

Jun 1, 2011

let me know where is iptables rules stored?

View 2 Replies View Related

Server :: Set Up Squid3 Proxy As A Transparent Proxy & Iptables Config

Feb 23, 2011

I am trying to set up my squid3 proxy as a transparent proxy - right now, I have to manually configure browsers to access via proxy. I understand that I have to put some rules into Iptables and also some further directives in the squid.conf.

I have a couple of specific questions. The proxy server is running on a Ubuntu 10.04 workstation and this machine also acts as a dhcp server for the network. I have just one subnet , namely 192.168.0.1-254 There is only 1 network card. Is it much easier to put in a second network card or is it just as easy to configure the existing lan card as a dual IP?

Is it necessary to configure these 2 IP's ( whether they are via 2 lan cards or dual IP on single card ) to be on different subnets. i.e ETH0 192.168.0.1 and ETH1 192.168.1.1 or is ok to have something like ETH0 192.168.0.1 and ETH1 192.168.0.254 ( where ETH0 is the one facing the LAN and ETH1 points to the modem router / switch i.e The Internet ) Where specifically do I save the Iptables rule configuration file and what must I call it ?

View 4 Replies View Related

Debian :: Debian Lenny Iptables Does Not Logs

Mar 29, 2011

I have problem with loging, actually iptables logs a data but it seems that for some reasons does not writes in a log file:

Code:
iptables -L -v
Chain INPUT (policy ACCEPT 406 packets, 124K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any xxxxxxxxxxx anywhere tcp dpt:xxxx

[Code]....

i checked /var/log/message and /var/log/syslog nothing is here related to iptables. then i create separate file for Iptables by adding this: kern.warning /var/log/iptables.log in my rsyslog.conf it does create iptables.log file inside /var/ but its still empty

View 4 Replies View Related

Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading

Nov 26, 2010

I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.

View 2 Replies View Related

General :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?

Sep 17, 2010

I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,

[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

[code]....

View 6 Replies View Related

CentOS 5 :: Svn Server Config - Understanding Location Svnpath Parameter On Svn Config

Sep 7, 2009

I was tryin to deploy svn on centos 5 with respect to [URL] I am stuck understandin the location svnpath parameter on svn config

[Code]...

View 1 Replies View Related

Debian :: Getting Iptables To Run On Boot?

May 30, 2011

I don't like this[URL]because every time there is slight change in firewall rules, all that would have to be done again and again

View 3 Replies View Related

Ubuntu Servers :: Config - Change / Add From The Default OpenSSH Config Files To Get Tunnelling To Work?

Jul 10, 2011

I'm running Ubuntu Server 11.04 with OpenSSH, trying to create an ssh tunnel (for web traffic) to it from my (also Ubuntu) laptop. This is the command I'm using to create the tunnel:

Code: ssh -ND localhost:8080 george@192.168.1.20 I had it all working on a virtual machine.. which was deleted What settings/lines do I need to change/add from the default OpenSSH config files to get tunnelling to work? I've Googled and AllowTcpForwarding is set to yes, as is X11Forwarding.. but it still doesn't work. Chrome can connect to the server, but says the connection was closed before any data was sent.

View 3 Replies View Related

Debian :: What Would Optimal .config For EEE PC Look Like?

May 30, 2011

I installed this package (Squeeze) and the man page for laptop-mode.conf is rather overwhelming in the amount of information it provides, as is the .conf itself; does anyone know if simply installing laptop-mode-tools has an effect on power consumption? In other words, does the default .config save power? Or do I have to alter the .config? If so what would an optimal .config for an EEE PC look like?

View 1 Replies View Related

Networking :: How To Config 2nd NIC In Debian

Mar 8, 2011

I have installed Debian6 on Vbox , i have 2 nic on VM and i configured one of them during installation , but how can i configur 2nd nic ?

View 4 Replies View Related

Ubuntu :: Try `iptables -h' Or 'iptables --help' For More Information - ' Not Found.4.4: Host/network `98.200.58.73

Nov 3, 2010

I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):

Code:

#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above

[code]....

Safe.txt contains:

Code:

127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1

And the error message generated is:

Code:

root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8

[code]....

View 3 Replies View Related

Slackware :: How To Save Needed Modules Config To Create .config?

Apr 9, 2011

I am running a server with a GRSecurity patched Kernel 2.6.32.36. I've tried to optimize the kernel as much as I can and know it (removing options, not needed drivers and so on) and compiled the modules into the kernel (no loadable modules anymore). I've started with Slackware 13.0 and the default config for 2.6.29.6-huge. Still I am not sure what to remove/optimize further now.

My question: Is there a way to boot with a kernel with loadable modules, check which modules are really needed for this hardware, (do something like lsmod) and save the running configuration modules for a next kernel compile to be the default .config instead of writing them down by hand and search for the appropriate names in .config or during menuconfig? (Note: zcat /proc/config.gz > .config is NOT the way I want, as it gives me just the current kernel config)

View 5 Replies View Related

Fedora :: IPtables Creates An Error During Startup - Applying Firewall Rules: Iptables-restore: Line 21 Failed

Jul 17, 2010

IPtables creates an error during startup as well as when I try to restart it: Here's the output of:

[Code]....

View 11 Replies View Related

Debian :: Iptables Log UDP Flood Under 64 Packages?

Jan 22, 2011

how to do iptables log to file UDP Flood under 64 packages?

View 14 Replies View Related

Debian :: Iptables Cannot Save The Configuration?

Apr 28, 2011

I am configuring the iptables in the debain squeeze and then running the: iptables-save

View 4 Replies View Related

Debian Configuration :: Bad Argument '#' In Iptables

Jul 11, 2011

I follow this instructions but after iptables-restore < /etc/iptables.test.rules I see this error # iptables-restore < /etc/iptables.test.rules Bad argument `#' Error occurred at line: 3 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The line 3 is the same as the link - # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

View 3 Replies View Related

Debian :: Live Helper GDM Config

May 18, 2010

I'm using Live helper to create install discs. I have the system all set up as it needs to be to run live from t a DVD, and have tested the installer on built ISOs and it works great.However, I can't seem to keep my modified /etc/gdm/gdm.conf file from being replaced with a pristine default gdm.conf. I have even placed it under config/chroot_local-includes//etc/gdm/gdm.conf which I thought should work?

View 4 Replies View Related

Ubuntu Servers :: Setup Iptables Rules In /etc/if-up.d/iptables?

Apr 16, 2011

I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables

Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.

View 2 Replies View Related

CentOS 5 :: Custom Iptables: Remove The Existing Iptables First?

Apr 28, 2009

To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?

View 4 Replies View Related

Debian :: Iptables - Netfilter Queue Handling

Jul 17, 2015

I have created a nfq handler via nfq_open() and using the returned qhandle to bind my application program to a specific queue number that is configured in iptables. when i invoke nfq_create_queue() my program is stuck there and the back trace shows it is blocked in recvfrom()

bt

in recvfrom () from /lib/x86_64-linux-gnu/libpthread.so.0
in nfnl_recv () from /usr/lib/libnfnetlink.so.0
in nfnl_catch () from /usr/lib/libnfnetlink.so.0

View 0 Replies View Related

Debian Installation :: How To Install Netfilter / Iptables

Apr 5, 2011

How to install netfilter/iptables ? debian6

View 1 Replies View Related

Debian Configuration :: Iptables Forwarding For Tomcat?

Nov 10, 2010

I've been trying to forward some ports using iptables for some time now, but still haven't figured out how to get it to work..What i'm trying to accomplish is to forward all traffic from port 80 to port 8080, and all traffic from port 443 to port 8443, this because i would like to run tomcat as a non-root user, and the original ports can only be used as root.. I've currently setup my iptables like this:

# Generated by iptables-save v1.4.2 on Wed Nov 10 16:44:45 2010
*nat
:PREROUTING ACCEPT [39350:6120333]

[code].....

View 2 Replies View Related

Debian Configuration :: Iptables Blocks FTP Connections

Jul 8, 2011

For some reason my FTP packets are blocked by iptables even though I thought I allowed them through

My syslog errors are along this line:

And my iptables ruleset:

View 4 Replies View Related

Debian :: How To Use IPtables - Basic Firewall Setup

May 16, 2010

Recently I have been working on iptables and trying to understand how to use it. Here's a little script I have written to setup a basic firewall for myself:

Code:
#!/bin/bash
if [ `id -u` -ne 0 ]; then
echo "You need root privilege"
exit 1
fi

PROG=/sbin/iptables
$PROG -F
function sethttp {
echo "Opening http port..."
$PROG -A INPUT -p tcp --dport 80 -j ACCEPT
}

function sethttps {
echo "Opening https port..."
$PROG -A INPUT -p tcp --dport 443 -j ACCEPT
}

function settorrent {
echo "Opening torrent port..."
$PROG -A INPUT -p tcp --dport 52413 -j ACCEPT
}

while getopts "hst" option; do
case "$option" in
h) sethttp;;
s) sethttps;;
t) settorrent;;
*) echo "DOH!"
esac
done

$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$PROG -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$PROG -A INPUT -i lo -j ACCEPT
$PROG -A OUTPUT -o lo -j ACCEPT
$PROG -A INPUT -j DROP
$PROG -A FORWARD -j REJECT
echo "Done setting up the firewall! Enjoy :)"
exit 0

OK, this can take 3 arguments that open ports 80, 443 and 52413. And at the end, some default rules are applied. But here's the thing I don't understand:
if I don't give the argument for port 80, I can still view web pages... and also, when I remove the line:

Code:
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Whether I say it to open port 80 or not, I can't view any web pages.

View 1 Replies View Related

Networking :: Iptables Configuration On Debian Dmz Host?

Jul 6, 2010

I am trying to set up a DMZ host - that is, one multifunctional PC between the WAN and the LAN. I've started with a basic router, and expanding upon that as the need arises. I am currently trying to gain access (from the WAN) to a website hosted on one of the servers in the LAN, but I am having trouble accessing the host from the WAN; I think my iptables configuration may be too restrictive. On the DMZ host, I'm using Debian (Etch). I have setup dhcp3-server, a script to configure iptables and pound (reverse-proxy). The (virtual) machine has 4 network cards: eth0, eth1, eth2, eth3; eth0 is the WAN, eth1 through eth3 serve 3 different virtual LANs.

All machines in the LAN (except one windows 2008 server - I might want to address that problem later) get their IP adresses correctly via dhcp from the DMZ host. All machines on the LAN can access the internet (including the 2008 server if I configure it manually) as they should. If I access http://localhost on the DMZ host, pound reports "The service is not available. Please try again later." - as it should.

I can ping the DMZ host from the WAN on 10.0.0.79 However, if I try to access the DMZ host from the WAN (http://10.0.0.79) I get "Unable to connect" from firefox. I'm sure this is not a pound problem, so I think it's in the iptables, or maybe I should be installing some extra software that I'm unaware of.

[code]....

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved