Fedora Networking :: Proper Management Of Iptables?
Mar 8, 2011
for quite a while inside of our organization we've been editing /etc/sysconfig/iptables directly without much issues. However it was suggested to us that by doing so we risk losing all those rules whenever some package decides to use lokkit or "system-config-firewal*"Doing a bit of analysis I can't really find any trace of code that would prevent us from maintaining iptables just the way we were (as long as *we* don't use lokkit or system-config-firewall*) since "service iptables save" is a valid technique and uses iptables-save script which is part of iptables package and *not* part of system-config-firewall*
So we've got some evidence that may confirm our usage as valid, however it would be nice to know if indeed this is *not* a recommended way of maintaining iptables and we should reconsider how we approach it.
View 9 Replies
ADVERTISEMENT
Jun 1, 2011
I can't find any proper power management options on Fedora 15, only really basic simple options under the Advanced tab of the Screensaver.Where can I change the Power Management settings in F15?I'd like to set it so that
- screen powers down on closing the lid only, else never powers down / or after a certain time.
- the machine never powers down, either on AC or on battery.
- screen dims on battery after some time, but no on AC.
- hard drive never powers down.
I previously used Fedora 14 and earlier version on my laptops, and could easily set these power management either through the Screensaver, or directly from another menu.Also, I enabled the "Blank Screen Only" mode in the Screensaver, and disabled the "Lock Screen After", but it still asks for a password after some time. How can I stop that?
View 14 Replies
View Related
Jan 1, 2011
i wanted to do bandwidth management/traffic shaping on my Internet link(have two internet connections), but i have some questions to ask: I want to know how could i for example filter some traffics using tc and iptables (e.g Peer-to-Peer,IM,Download Managers,Flash videos..) i can do filtering for known services like http,ssh,... but since these applications doesn't use one port, i am confused a little bit. I also want to do some bandwidth allocations (based on protocol) thats why i need filtering.
The other question is that currently i am using tc for bandwidth allocation and iptables for marking packets to send to these classes, am i doing it right? I mean it does work, but is it better to use for example "U32" filters for filtering? P.S: i tried to use ClearOS in gateway mode, but it doesn't have bandwidth allocation functionality. Does anyone know if i could do bandwidth allocation in ClearOS/Endian.
View 1 Replies
View Related
Mar 26, 2011
I am doing something wrong. Just connected Fedora 14 to the internet. I wanted to do a speed test and this requires flash. I have download the linux (yum) version and tried to install adobe-release-i386-1.0-1.noarch.rpm no idea what is needed to be done next.
View 8 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Aug 3, 2010
how to let iptables to allow dns & dhcp distributions from the server to the clients only w/out exposing the port dhcp port udp 67,68 and tcp port 67,68 as well from the outside world.DHCP only uses udp, but still I also allowed tcp ports as well just to be sure & also I already allow DNS ports in the firewall w/c is not inluded below. linux newbie here,
when i issued the command below to allow those ports only to the internal network the firewall still blocking it. what seems to be the problem?? #iptables -A INPUT -m iprange --src-range 192.168.0.1-192.168.0.254 -p udp --dport 67 -j ACCEPT
[Code]...
View 1 Replies
View Related
Apr 26, 2009
I've tried both the firewall interface that comes with Fedora and Firestarter, neither can configure as I want. So I think I'm going to have to do it by hand. In this laptop I have one 10/100 Nic and one wifi connection, at times either of them can be connected to the network. How can I configure IPtables so that any traffic is allowed out, nothing is allowed in (other than std stateful firewall replies), no icmp and that the fw logs any attempts to connect to the laptop?
View 5 Replies
View Related
May 7, 2009
I need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code:
sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80
this is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[Code].....
View 9 Replies
View Related
Apr 21, 2011
I'd like to pass all traffic between bridge ports via the FORWARDING chain, so I changed following sysctl parameters:
Code:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[code]...
View 1 Replies
View Related
Jul 9, 2011
Friends the following shall block a particular machine in the same network, what can be done if it is dynamic IP and from other network?
iptables -A INPUT -s 192.168.0.0/24 -m mac --mac-source 00:50:8D:FD:E6:32 -j DROP
View 3 Replies
View Related
Jun 8, 2010
i know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
View 1 Replies
View Related
Jan 25, 2010
I am trying solve a strange problem which ocurred after upgrading many packages including kernel and iptables.This is a Fedora 10 PC acting as a small home-server I've been using over a year without problems. Recently, I've run a yum upgrade and after that, connections outside home wouldn't work. No changes in IPtables (firewall) rules have been done. But connection through local network is working.Symptom is.I've connected to my second PC at home and connected to the server. It works fine on local network. I restart network services (service network restart) and outside connections could be established.I have disabled iptables and ip6tables and after reboots it works fine. But PC is running without firewall.
View 5 Replies
View Related
Nov 26, 2010
Currently,i use Fedora 10 and get a follow trouble :My network:
route(10.11.10.2/24)----eth0----(10.11.10.105/24)Fedora10(172.16.239.1/24)----vmnet0----(172.16.239.2/24)Virtual Machine XP2.
I used : Vmware 6.5.1,Virtual Machine : Window XP SP2.
[code]...
View 1 Replies
View Related
Oct 27, 2010
I Need to know how to block this applications using iptables or ROPE scriptable Method..?..
1.Web navigation
2.Electronic mail
3.FTP transfers
4.Video traffic (multicast video stream and unicast video stream)
5.VoIP service
6.Instant Message (MSN and yahoo messenger�etc)
7.Management service (TR-069 and SNMP)
View 6 Replies
View Related
Jun 21, 2011
I have a config script for a particular software package that does...
iptables-restore < /etc/sysconfig/iptables > /tmp/firewall.log 2>&1
The problem is, the output hangs after this. If the user hits a return, the rest of the output comes to the screen and the script finishes normally. But the script looks like its hung because of this odd iptables-restore behavior.
View 1 Replies
View Related
Aug 15, 2011
I'm trying to build a firewall with IPTables: INTERNET <--------> (eth0) FIREWALL (eth1) <------------->FTP_srvI set all rules DROP by default.My rules for forwarding packet to FTP server:
#iptables -t nat -A PREROUTING -i eth1 -d $FIREWALL_EX_ADDR -p tcp --dport 21 -j DNAT --to-destination $FTP_ADDR:21
#iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]....
View 2 Replies
View Related
May 20, 2009
I'm using Fedora Core5.0 I have using Iptables for forward port 80 to port 3128(Squid) in the same of server.I need to forward using Iptables to use the other proxy server because this server i am use for vpn and mail tranfer.What a Commnand for i use?ase 1. Server 1 >Ip 192.168.0.4 SQUID WITH PORT(3128)2. Server 2 IP 192.168.0.254 PF SENSE (3128) I will use server 2 for using internet connect only.
View 1 Replies
View Related
Oct 31, 2009
Im new to fedora 11 and iptables, and i need to set the following set of instruction so VirtuaBox can accept request from lan, to the mailServer in the guest os, but after restart fedora i have to input it all again.How can it become permanent entry in iptables.
View 2 Replies
View Related
Jun 18, 2011
I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies
View Related
May 18, 2011
my little daughter is keeping me asking about email and messenger on her laptop. Right now, it is not connected to the net. I was thinking about *blocking all outport ports* with iptables but leaving free smtps /pop3s and messenger (pidgin).
View 1 Replies
View Related
Feb 24, 2011
I have a working network Ubuntu 10 Win7 (thanks to you guys on this site).
My last hurdle is how to mount folders or disks from Win7 onto Ubuntu.
I used a tutorial, and got fstab installed I think...
Where do I get the information to PUT IN fstab and WHERE to put it?
Here is my fstab file code...
View 2 Replies
View Related
Nov 2, 2010
I'm sure this has been covered before but how does one go about setting up a dial-up Internet connection without wvdial or gnome ppp?
My brother lives in a remote area with only dial-up Internet service. I got him set up with an external serial modem plus a disc with Ubuntu 9.04 and WUBI. Apparently wvdial is not included in the basic install. I will be visiting him in a few days and I would like get him going with his dial up. He currently has Windows XP and WUBI installed. I tried sending him a disc with wvdial but it didn't include the dependencies. Is there any way I can download a package on a disc?
View 2 Replies
View Related
Nov 30, 2010
I have a gaming server set up and running client software 24/7. This prevents me from editing the configuration files while the client is running. The server is connected to a switch which also connects another computer to the internet.What would be the proper software to use if I want to edit files on the server without interrupting the client?I have looked at Samba, SSH, and Screen, but I'm not entirely sure which one would be the best tool for the job.
View 6 Replies
View Related
Mar 8, 2011
I found that I needed to connect them to the same workgroup, which I now have and for the most part it works. However, for one of the computers I do not want to use a .local domain, rather I need to use a .org. But no matter what I do, other computers on the network think it is a .local hostname. Currently the /etc/hostname on the computer file is as follows:
[Code]...
Here is a screenshot of an ipscan done from another computer on the local area network so you can see what I'm talking about.
View 2 Replies
View Related
May 22, 2011
where can I download the proper driver for my wifi module : Ralink RT3090 ?
Ubuntu 10.04 propose the rt3090sta which is no good
View 9 Replies
View Related
Apr 6, 2011
I set openbox wallpaper with:
Code:
feh --bg-scale ~/Pictures/image.jpg &
In ~/.config/openbox/autostart.sh last line.
But some kind of KDE stuff overrides it and sets default again after few seconds. I can override it again with manual command. How can I set wallpaper then in openbox in proper way?
View 6 Replies
View Related
Apr 17, 2011
I was wondering the proper way to disable phpmyadmin.
View 1 Replies
View Related
Oct 22, 2009
I have dhcpd3 running but it does not seem to properly use my vlan subnets to assign addresses.
I have eth0.10, eth0.20, eth0.30, eth0.40, eth0 all declared with proper ranges, subnets and gateways.
If request an address in on eth0.30, I would think that it should use the range associated with this subnet (ie eth0.30 is 10.10.30.10/24) and this is setup in dhcpd3, but this is not the case.
It seems to use the first declared subnet instead. If I comment the first subnet out, it uses the second one properly.
View 3 Replies
View Related
May 5, 2010
i want a downloader so that when i save wiki saves for me all the links in the wiki page, i have worked with flashgot but it is not proper and does not work properly.
View 1 Replies
View Related
