Debian :: Iptables - Netfilter Queue Handling
Jul 17, 2015
I have created a nfq handler via nfq_open() and using the returned qhandle to bind my application program to a specific queue number that is configured in iptables. when i invoke nfq_create_queue() my program is stuck there and the back trace shows it is blocked in recvfrom()
bt
in recvfrom () from /lib/x86_64-linux-gnu/libpthread.so.0
in nfnl_recv () from /usr/lib/libnfnetlink.so.0
in nfnl_catch () from /usr/lib/libnfnetlink.so.0
View 0 Replies
ADVERTISEMENT
Apr 5, 2011
How to install netfilter/iptables ? debian6
View 1 Replies
View Related
Jun 14, 2011
In a single main() function,so need signal handling. Use Posix Message Queue IPC mechanism , can ignore the priority and other linked list message,to implement the scenario:
View 1 Replies
View Related
Oct 8, 2010
I have an ubuntu server virtual machine with a webhost. I am trying to configure the firewall. I am having a problem with sendmail and the required firewall configuraiton If I type the command:
iptables -F
Then sendmail works perfectly. I can see the emails sent in my googlemail inbox. I then configure my firewall as follows:
iptables -F
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 2252 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[Code]....
(I have moved SSH to a diffrent port) Once this is setup sendmail no longer works. I had assumed that sendmail will establish a tcp connection and the first rule will allow all established connections to pass. why this iptables/netfilter config stops sendmail from working.
View 5 Replies
View Related
Sep 3, 2015
I installed few days ago Debian Jessie (Linux server-1 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04) x86_64 GNU/Linux) for some tests.I tried to install iptables-persistent with the command "apt-get install iptables-persistent".During the install process, I got the following message :
Code: Select allPreconfiguring packages ...
Selecting previously unselected package netfilter-persistent.
(Reading database ... 31677 files and directories currently installed.)
Preparing to unpack .../netfilter-persistent_1.0.3_all.deb ...
Unpacking netfilter-persistent (1.0.3) ...
Selecting previously unselected package iptables-persistent.
[code]....
Some talks about cups, acpid, ipv6 or systemd but nothing has solved the issue in my case.I used iptables-persistent many times with older debian versions.
View 6 Replies
View Related
Nov 3, 2010
is it possible to get the length or even the items of both queues, the run queue and the swap queue? I've googled a lot but had no luck. Maybe I havn't used the correct search words...
Is there any header and/or code example to use structures or any API to get these information from the kernel or the scheduler?
View 1 Replies
View Related
Jun 15, 2011
I want to run a script when the switch goes down and an other when it goes up. Is there an easy way to pull this off in Debian (preferably with no other than system tools)? I suppose there is no difference (in the OS point of view) between unplugging ethernet cable and the switch losing power.
On an event I get lines like these in the syslog:
Jun 15 17:49:41 debian kernel: [ 5506.956130] igb: eth1 NIC Link is Down
...
Jun 15 17:49:45 debian kernel: [ 5511.168788] igb: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
In FreeBSD you can pipe log messages (pre-filtered by regex patterns) to a program. What is the easiest way to replicate this on Debian (with as little additional software as possible)?
View 1 Replies
View Related
Jul 21, 2011
after installing Debian 6 on a server. When I try to install a software called ActiveCampaign, I get the following error ... "Your server does not appear to be handling sessions properly."I have install Apache, PHP, MySql and Perl already. Also, after the server restarts, I Webmin will not automatically start, even thou it is setup in the Webmin configuration to start with the server. I have to use /etc/init.d/webmin start from a command line after I su.
My last question is about ftp permissions. I have install proftpd and it seems to be working fine, but when I try to edit any file or upload, I can not. In order to upload and manipulate files, I am using WinSCP under root, wich is a big NO NO.Sorry for the three questions, but I figured I would ask all in one post, instead of creating multiple, since I already have your attention.
View 1 Replies
View Related
Mar 13, 2009
I currently run a home sever using windows server 2008. On it I'm using VMware to run 2 virtual machines (currently running CentOS (which is Red Hat based) as web and mail servers. It's not a big setup, we only host our personal websites and a couple for some friends. Although server 2008 handles resouces much better than server 2003, it's still running windows, which as we know is far more inferior to a Linux server. I'm trying to convince the husband to let me run everything on Debian, but he wants to run it on Red Hat (which okay, isn't bad but our household is devided. We have long running arguments because he likes his boxes Red Hat based running KDE, and I like my Debian distros running Gnome!)
The host server is running on a standard pc box, it's got a 2.5 gigahertz dual core processor and 3 gig of ram, almost one TB storage. (don't ask why I'm including this drastically important info!) I want to run the entire network on Debian. So that would be the main host running Debian and the two virtual machines also. The host itself would need to run as a file and app server for our home network and the two vertuals as web and mail servers. (we run about 12 domains three of which are under heavy usage with Mysql databases, so we run two servers so we can dedicate more rescources to the virtual server that sucks the most juice.) I was wondering how Debian handles virtualisation and what program(s) would be a good alternative to VMware?
View 2 Replies
View Related
Mar 16, 2011
I have an HP printer for my Lenny which has worked for some year. But I don't remember what method I used to install it. So this is one piece of the puzzle that I can't see. But like I said the printer works. One day I accidentally printed more than I had papers in the printer-machine. Then I kind of stacked a lot of print jobs in the queue out of frustration. So whenever I reboot the PC/Lenny then it waste some paper by printing things that got stuck in the printer queue. It's not very environmental this weird behavior.
So next time this happens how do I flush the Printer queue so Lenny doesn't remember what happened before the reboot? I followed these instructions earlier but it only switched one weird behavior with another weird behavior. So it didn't work for my Lenny, and I couldn't find any better solutions on the Internet. [URL]...
View 3 Replies
View Related
Jun 16, 2010
I have no idea what's going on. I've had this machine running for over a year, and it's been great. A month or so ago, I realized that jobs weren't going to the printer. When i VNC'd in, I noticed that print jobs would show up in the queue as "Processing" briefly, then disappear.
lsusb:
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[Code]....
I've even reinstalled the OS (not just for this reason) to no avail. Printer is dete cted without issue, I just can't use it.
View 6 Replies
View Related
Dec 10, 2010
On Kernel 2.6.33.4 I get this from /proc/net/ip_conntrack:
tcp 6 431557 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=44242 dport=993 packets=128 bytes=9267 src=X.X.X.X dst=X.X.X.X sport=993 dport=44242 packets=85 bytes=53950 [ASSURED] mark=0 use=2
On Kernel 2.6.36.2 I get this from that same file:
tcp 6 431665 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=4640 dport=8082 src=X.X.X.X dst=X.X.X.X sport=8082 dport=4640 [ASSURED] mark=0 use=2
It's missing the data on bytes and packets transmitted through that particular connection. I had written a program that uses this information. Was this pulled out of the kernel on purpose or did I miss some option when compiling the new kernel for my box?
View 1 Replies
View Related
May 17, 2009
I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
View 3 Replies
View Related
Feb 25, 2011
i am writing a netfilter module for linux 2.6.34.6-47 / 2.6.35. while i could capture the packets on the incoming hook since the same came as a single packet in probably the allocated skbuff area by the stack, i found that packets going out of the machine are getting splitted into linear and non-linear area. skb->data gives the total length of packet as correct, but when i extract skb-> data to print it, it prints only ip and tcp header. Now to treat the data i need to extract it and then push it back on the route.
To clarify if my data is 3 bytes . the total length by passing pointers show as 55 bytes = ( 52 byte of header + 3 byte of data), but i can't access these 3 bytes by using skb->tail - skb->data. how to extract outgoing data for any further action and then put it back on route for further encapsulation by the L2 stack or whatever. will skb_linearize() or skb_linearize_cow() be of any use , if yes how and why?
View 1 Replies
View Related
Feb 27, 2010
Well my problem is that i want to configure Net filter (FORWARD) not manually but by importing a text file which may contain a binary array with c++ language like :
0 0 1
1 1 0
0 0 1
with 0 is "IPTABLES -A FORWARD -p udp -j ACCEPT"
and 1 is "IPTABLES -A FORWARD -p udp -j DROP"
so after importing i want to find in my firewall 9 rules equal to the numbers of the binary array.
View 1 Replies
View Related
Dec 22, 2010
Recently I am logging the packets that are supposedly INVALID and I found out that I am dropping a lot of packets that seem legitimate (in the sense that they are clients that are allowed to contact us).
Code:
:invalid - [0:0]
-A invalid -j LOG --log-prefix "[DROP INVALID] : " --log-tcp-options --log-ip-options
-A invalid -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
[Code]...
I would like to know If I can tell a complaining client that his dual-WAN solution is not behaving properly.Should such a dual WAN-router spoof its IP to the one that initiated the connection? And what happens if these packets are not dropped? Will they be accepted by the application or does it depend on the application? It sounds like a security risk if it does. It seems to me those packets will be ignored anyway by the application Netfilter's manual says that it's safe to drop these packets.
View 1 Replies
View Related
Apr 1, 2010
We are trying to implement a firewall as kernel module through netfilter hooking (in C). In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet. On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.
We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).
[Code]....
View 1 Replies
View Related
Mar 29, 2011
I have problem with loging, actually iptables logs a data but it seems that for some reasons does not writes in a log file:
Code:
iptables -L -v
Chain INPUT (policy ACCEPT 406 packets, 124K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any xxxxxxxxxxx anywhere tcp dpt:xxxx
[Code]....
i checked /var/log/message and /var/log/syslog nothing is here related to iptables. then i create separate file for Iptables by adding this: kern.warning /var/log/iptables.log in my rsyslog.conf it does create iptables.log file inside /var/ but its still empty
View 4 Replies
View Related
May 13, 2010
just noticed when I went to burn a cd (just got a new car and at the moment the stereo does't have a auxiliary port and I'm not about to use a shotty fm transmitter) that k3b spikes the cpu through the roof an freezes when I write/burn/convert a m4a media file... I'm using k3b version 1.91.0.
View 3 Replies
View Related
Jan 29, 2010
I'm just starting out on a project relating to web search, to be done in C++. Which library should I use to help with downloading web pages into memory so that I can process them? The big thing is I want to be able to download the pages into variables/structures without actually putting them onto the hard disk.I googled and saw libcurl, but I was confused by some of the examples and wondering if this was really what I wanted.
View 2 Replies
View Related
Jan 3, 2010
I wonder how error handling is done in C in real applications, by returning a error code when something goes wrong, or by using setjmp and longjmp, or something else?
View 10 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Sep 17, 2010
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
View 6 Replies
View Related
Feb 18, 2015
I`d like to block bruteforce attack from china, russia to my mysql and i want to open 3306 mysql port just for one type adress from internet like this:: 212.23.165.xxx, and for others I want to block just for 3306.In my new installaton of weezy I`ve not configured iptables..how should looks like iptables config and how to set iptables with this config?
View 3 Replies
View Related
May 30, 2011
I don't like this[URL]because every time there is slight change in firewall rules, all that would have to be done again and again
View 3 Replies
View Related
Nov 3, 2010
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
View 3 Replies
View Related
Mar 28, 2011
I've got this log file and I need to get all sorts of information from it...
24 - [02/Sep/2010:00:01:16 +0200] - 10.1.53.62 - 200
23 - [02/Sep/2010:00:01:26 +0200] - 10.1.53.62 - 200
19 - [02/Sep/2010:00:01:56 +0200] - 10.1.53.62 - 200
[code]....
View 6 Replies
View Related
Mar 12, 2011
I have created a pthread, and installed a signal handler inside that, same way as we do in main( ) function. The thread's signal handler is a separate function. Surprisingly, it is not working, that is the thread's signal handler is not able to catch signals. Here is the code:
Code: #include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <signal.h>
typedef struct data
[Code]...
View 1 Replies
View Related
May 12, 2010
I writed Quote:
#!/usr/bin/perl -w
use Error qw(:try);
try {
[code]....
View 1 Replies
View Related
Jun 30, 2011
I found, in bash, something similar to 'try/except' in python. I've been using something like this:
Code:
if ! 'command';then
echo 'damn, there was an error'
[code]....
View 4 Replies
View Related
