I would like to log and drop outgoing connection attempts, but the log is not showing the destination IPs.I have the following Iptable rules for my browser:
Code: Select alliptables -N LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -j LOG --log-prefix "browser connections: " --log-level 6
iptables -A LOGGING -j DROP
Only after removing the DROP line it works.
I noticed with the recent version of Ubuntu, 10.10 that the drop down menus, when selected the sub menus doi not appear straight away. I have to repeatedly go up and down the menu until they appear. They often open a blank box and sometime once selected leave the menu on the screen. This happens on all my machines.
View 4 Replies View RelatedI am trying to write a little port knocking daemon that needs to see every failed connection attempt on every port on the system. The primary way to do this (as the Wikipedia page points out) is to monitor the firewall log file. I am using UFW and reading its output in /var/log/kern.log. Typically, when UFW blocks something, it prints a little line like this:
Quote:
Feb 17 10:42:42 serin kernel: [323588.279588] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:0b:e6:00:85:96:00:09:5b:9f:41:a4:08:00 SRC=192.168.0.4 DST=192.168.0.8 LEN=60 TOS=0x00 PREC=0x20 TTL=49 ID=46945 PROTO=TCP SPT=56849 DPT=1723 WINDOW=5840 RES=0x00 SYN URGP=0
But it seems that whenever UFW experiences a significant "load" (my client sends eight packets over the span of about 25 seconds, not too significant if you ask me), it just kind of "gives up" after 10 or so attempts. Log messages stop appearing in kern.log. I know the packets are coming; wireshark confirms this.
It seems to me that a buffer of some sort is filling up, because if I give the system a breather and try sending my sequence again in, say, three minutes, it prints log messages for 10-12 straight attempts before giving up again. I've tried sending packets at longer intervals and reading from other logs like /var/log/messages, but none of this has helped. Does anyone have any idea why UFW would fail to log all blocked connection attempts?
I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:
iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).
Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below:I'm not even going to bother covering the IP addresses because I personally don't see why I should care but as you can see, there has been loads of them attempting to connect to ports 3674 - 3675. I ran nmap 127.0.0.1 and it came back as 631 being the only one open. So then I thought maybe lsof -i would mention much more but all it shown was:
@boris:~$ cat meh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1644 root 5u IPv6 14329 0t0 TCP localhost:ipp (LISTEN)
[code]...
I'm running Ubuntu 8.04.3 server on my XP Pro SP3 machine using VMWare. I'm trying to set up a static IP address but I can no longer ping anything except my router (not even the XP machine it's hosted on). I'm using "bridged" mode in VMware
Here's my /etc/network/interfaces file:
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.50
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
I open this thread after an unsuccessful long search over the Web. Essentially what I want is to block the outgoing connection of a program. All I know about this program is its name and so I don't have any information regarding the ports it utilizes or the address it may contact.
View 9 Replies View RelatedI have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)
View 2 Replies View RelatedFolks, I am running 10.10 with the Macbuntu addon (theming, if that makes a difference).I've noticed for a long time, when I play some videos, my network connection (on this computer only) drops. For instance, while posting this, I began to watch this video:
HTML Code:
<iframe id="tsFrame55086" src="http://cdn.topspin.net/api/v2/widget/player/55086" style="width:400px;height:300px;border:none;" frameborder="0"/>
[code]....
I am new to fedora, but not so new to linux. I've got f13 installed on my netbook, and the speed and overall beter-ness? of it made me want to get it going on my desktop. I've installed, and have updated the kernel, and network manager (Along with a few other things). My problem is this; after about an hour or two I get a drop out, unable to reconnect. Until I use 'ifconfig wlan0 down > ifconfig wlan0 up' then it works great for about 10 minutes, slows down, and eventualy drops out. i updated networkmanager in the hopes it may have been that, but it really made only a slight difference.
iwconfig :
$ iwconfig wlan0
wlan0 IEEE 802.11bg ESSID:
Mode:Managed Frequency:2.462 GHz Access Point: 00:1E:2A:0E:08:50
Bit Rate=54 Mb/s Tx-Power=18 dBm
Retry long limit:7 RTS thr: off Fragment thr: off
Power Management: on
Link Quality=32/70 Signal level=-78 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
I am using a linksys wusb54g > chipset ralink rt2510? (don't quote me on that its from memory). I am also using WPA encription. I am currently messing with those setting to see if that helps.
How can I drop or forward a incoming connection from a part of a host like *.alicedsl.de
For example:
The user is connection from *.alicedsl.de on port 12345
So how can I drop this connection or forward to google.com on port 80
I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
View 3 Replies View RelatedI'm trying to get my wireless to work on my laptop (dell inspiron 1520 broadcom 4311). I installed the b43 firmware and was able to set up my wireless connection. However, the internet connection is extremely patchy and seems to continuously drop (in fact most of the time it doesn't work). I can ping certain sites such as Google and get all packets received.
[Code]....
Furthermore, in Firefox the opening websites only works some of the time. Sometimes the google search page will load and sometimes it won't. I've disabled ipv6 using yast-network settings.
I've been using a Netgear WG311v3 wireless card to connect to the internet successfully since 8.10. However, since 10.04 I've had some serious issues with this card (at least...I think it's the card). I updated to Meerkat hoping that the problem might fix itself, but it's still there. Here's the situation: The problem most often occurs when I'm running Transmission, but also Firefox. It also happens when streaming videos to my xbox via uShare...basically, any time I'm using the internet.
Suddenly, my download in Transmission will drop to 0.0 KiB/s or in Firefox, pages will stop loading. If I close and try to reopen Firefox, it tells me the process is already running. If I try to restart, it says firefox-bin is still running. I click reboot anyway, and the computer hangs indefinitely at the purple Ubuntu shutdown screen. The terminal also freezes if I try to run any commands that are wireless related, for example iwconfig or ifconfig. I have to close the terminal to kill the process.
I've also had more serious crashes when running Transmission where absolutely everything freezes and a hard reset is my only way out. Forgive my n00bishness and let me know what other information I can provide you with.
I'm trying to get an laptop running more or less like a headless server, my reasons are not all that serious. Mostly I want to leave the laptop running as a seed box when my main PC is turned off, also want to setup it up as a media top, common place for media files and playback on Tv. So essentially I want to be able to access the remote machine, preferably sharing the same session and persisting while I log out from remote.
What I've done:
setup keys for ssh to connect automatically between machines, so I can login via terminal, access the file system without issues, which is already a great step. enabled remote access on remote machine lightdm manager setup deluge for daemon torrenting, which enables almost seamlessly client to connect remotely (though deluge is not the best with speed)
What I've tried so far:
Connect directly with a new X session
Code: Select allX -query your_server_ip :1
Works alright, creates a new display (:1) which is oddly in F2 tty instead F8 as is expected. Works alright, not much lag, audio is not routed.
But an issue! whenever I decide to log out X will simply shutdown, screen goes black and I can't resume on my regular session on my local machine.Connect X with nested Xephyr session
Code: Select allXephyr -query your_server_ip -screen 1280x1024 :1
This works too and might be the best solution yet, a windows is created and the remote session is nested in your current X session. Visual and performance is ok. Only real issue is that session is not shared, eg, application will not remain running...Connect via VNC
So it seems only solution for shared sessions is VNC.
With the remote desktop apps from KDE (which is the DE for both), I can connect buzz around and etc, but its kinda cumbersome and laggy, password always resets and I usually need to accept on the remote machine.
I've tried setting up lightdm to allow a vncserver at logon, but this is erratic at best, took a long time to get the Xvnc command correct enough for me to login remotely, and even then got a garbled screen and the X session wasn't even the same...
So that's it... Isn't there a way of regular X session sharing in the remote computer? Or a better solution for lightdm vnc invoke?
I'm experiencing very slow network speeds in one direction (out) on a clean install of debian.
iperf client running on laptop connecting to server with issue:
Code: Select all$ iperf -c 192.168.10.187 -d
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to 192.168.10.187, TCP port 5001
TCP window size: 129 KByte (default)
------------------------------------------------------------
[ 5] local 192.168.10.131 port 55340 connected with 192.168.10.187 port 5001
[ 6] local 192.168.10.131 port 5001 connected with 192.168.10.187 port 52664
[ ID] Interval Transfer Bandwidth
[ 5] 0.0-10.0 sec 247 MBytes 207 Mbits/sec
[ 6] 0.0-11.5 sec 1.00 MBytes 730 Kbits/sec
I've tried with different cables on the server, no luck. Also note that the laptop gets full speed to speedtest.net as per my internet subscription (75/75 gbit fiber), so the laptop can be ruled out as a problem since it gets more than 75X performance to the internet compared to the local server.
The main purpose of this server is to be a virtualbox host. I've set up one guest system and ran iperf between the host/guest (bridged network). It gives better numbers, still the host -> guest direction is much slower than it should be:
Code: Select allClient connecting to 192.168.10.187, TCP port 5001
TCP window size: 108 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.10.163 port 48573 connected with 192.168.10.187 port 5001
[ 5] local 192.168.10.163 port 5001 connected with 192.168.10.187 port 48856
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 1.65 GBytes 1.42 Gbits/sec
[CODE]..
What is the reason to drop Xdialog from the new release; is any replacement on the horizon? (beside zenity that is really crippled version of Xdialog).
View 6 Replies View Relatedhow can i drop my email address from bug report in the debian bug report system?
[URL]
Using Linux 4.3.0-1-686-pae #1 SMP Debian 4.3.3-2 (2015-12-17) i686 GNU/Linux (Debian Stretch)
Also using XFCE
When using mouse to drag files from one folder to another (to move, not copy), it frequently crashes thunar.
This has been going on for a couple of months now, despite getting the usual upgrades.
On Windows, I can drop file on batch script file, then dropped file is accepted as script parameter and script is automatically executed. Trying the same in Nautilus it seems like not possible.Is there some other way of using this approach in Debian?I hope it's clear what I'm after - I don't want to write Nautilus scripts as workaround and want to avoid: - opening terminal - cd to bash script - type script name andmeter file then executeinstead I would like already mentioned, drop filename expected as parameter to bash script, and then script to execute automatically.
View 3 Replies View RelatedNow that Ubuntu is at a LTS stage with Lucid and is easier to install PV in XenServer, I have been wanting to drop my current debian VM nodes in favor of Ubuntu 10.04. So far I have DRBD8 and OCFS2 all working nicely as primary/primary and I am on the next stage of my setup by installing ldirectord and heartbeat. Can anyone shed some light on heartbeat-gui (hb_gui) as it no longer seems to be in the repositories (since Jaunty)?[URL].. I understand that Lucid now uses pacemaker as part of a clustering suite but I have no idea if I really need it. I really liked being able to run hb_gui and logging into the heartbeat cluster to manage resources via point and click so if anyone has any hints on replacements or newer preferred methods to accomplish the same tasks via point-n-click,
View 1 Replies View Related1 linksys router: gets the net from PPPOE and give the network DHCP. The router IP is 192.168.1.1. 1 windows laptop that work wireless and wired. 1 debian desktop that work wired and not working wireless. THe problem with the debian desktop is like this: I have a TP-Link TL-WN321G installed and found by lsusb command. I make a wireless connection WPA Personal (just like the router settings) it says i am connected to the wl network but no internet connection. the route command give me this:
[code]....
I tryed with wicd who said that the connection is WEP (and it's not, it is setup to WPA on the router and the network-manager conncetion) and when i try to connect i get bad password. I tryed with network-manager uninstalled and no chance.
Each time I start up debian -lenny, the network-manager does not automatically connect me to my wireless network. The connection list shows a lot of networks available, but mine is always absent from the list. This means I each time have to go to "Connect to other Wireless Network" in and write in my network name (SSID) and password (PWA2 Personal). Then is connects nicely and everything works fine until next time I boot
View 5 Replies View RelatedThe situation: The office has a WiFi network on one DSL line, which is used for our VoIP call center, and a wired network for our internal network and the majority of web surfing/traffic . Part of the office must be temperature controlled/monitored - we have a rather nice digital thermometer which is WiFi enabled.I have a Debian Wheezy box with a WiFi card and ethernet connection
What I'm trying to accomplish:Connect wifi enabled thermometer to WiFi network so it can automatically send temp updates (currently I have to do it manually via USB)Have the Wheezy box accept the downloaded file then send it to a back up server in the wired network
Side things that may be useful : Prefer to use wired connection for internet and apt and suchWiFi connection will really just be used for connecting to the thermometer
This [URL] .... topic got me thinking that there might be a way to bring the two networks together, but I don't know if that will wreak havoc on things. I know, the Windows and Mac OS don't like having ethernet and wifi at the same time, might Linux be better for this?
v&n had this to offer in the prior thread [URL] .... which I'll be doing more research on.
How do I limit the max login attempts in the sshd_config file? I found a way to do it on Google some time back but I can't find it now. I have Denyhost already, but I really wanna do the "MAx Login Attempts" what ever it was that I was able to do in the config file.
View 2 Replies View RelatedHow can failed user attempts logs can be seen.
Also why /etc/login.defs file is used ?
I know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned
View 6 Replies View RelatedWhen i try to partition the disk i get this error, on the live and the install dvd. I have googled but have not found solution?"cannot commit to disk after 5 attempts"
View 14 Replies View RelatedI have a server box behind my ISP router at home, and I need to allow ssh access to my server. My ISP router doesn't let me allow selectively ssh from some IP. It allows ssh to everyone.
I have fedora10 and openssh-server-5.1p1-3. How can I configure openssh to allow just from 1 IP?
Does it use xinetd at all and the hosts.allow and .deny mechanism?
OK, I'm not really a newbie, but I definitely no expert either.I've been surfing the web trying to find a good tutorial on locking out users after three failed logon attempts.At present I've reset everything in the /etc/pam.d directory back to the default state. This sets up all my password requirements and this works. Now I need to crack getting the account to lockout after three failed attempts. Let me know what files you need to see in the pam.d directory and I'll paste them in.
View 1 Replies View Related