I want to write a custom rule to allow all connections to the ip addresses on my local network (192.168.2.2 through ...99) but I don't know how. I know adding a custom rule asks me to read a file and put it in "iptables" format, but I don't know how...
View 5 RepliesI'm working with a Ubuntu 10.04 LTS system with two network interfaces (both Ethernet). I wish to setup this system such that it is simultaneously connected to my local and an OpenVPN network and able direct traffic between the connections depending on what program is sending the traffic. The problem: Under my current OpenVPN configuration all network traffic is directed to the VPN.
My OpenVPN config file (some details omitted)
--remote [gateway ip] # vpn12 load:
--remote [gateway ip] # vpn11 load:
--remote [gateway ip] # vpn15 load:
--remote [gateway ip] # vpn16 load:
[code]....
In practice, I would like OpenVPN to operate out of one of my two network interfaces and leave the other interface connected to the local network. Then by default all network traffic should be directed to my local network unless I specify (on a per program bases) that certain traffic should go though the VPN. These two network connections can (should) stay completely independent of each other and do not need to talk to each other.
Does anyone know how to permanently enable X connections from all machines on my local network. I keep having to enter 'xhost +' to allow X connections.
View 2 Replies View RelatedI want to know the details about the implementation of distributed firewall in a local area network
View 5 Replies View RelatedI have problem on VPS running opensuse. When I enable firewall outbound connections stop working. I have tried everything I know (not much when it comes to firewall (iptables)) but could not solve this.
Here is my ifconfig:
Code:
I used xxx.xxx.xxx.xxx to hide real address.
once I updated , there will be no connections to Internet in GUI , while it's available in TUI . So it's wired , huh ? Before upating, it's available both in TUI and GUI, though all the time the network-manager shows no connection , in fact , there is and both GUI and CUI . Now I updated , and it can't access Internet from GUI.
View 2 Replies View RelatedI just set up my firewall, and now I can't see any Samba workgroups. It says it can't find any workgroups on my local network, and it may be caused by a firewall. It is a firewall issue because if I disable my firewall, I can see the workgroup. What do I need to open on my firewall to see the workgroup? I am using Slackware64 13.37.
Here is how I set up my firewall.
Code:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
I got the commands from here url.
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedI recently installed Fedora 15 now, and during installation I set the internet connection manually, then did update and after reboot, the internet connection settings have been removed. Now I can not set because the network connection to the Internet Connection is inactive. I mention that before the update was functional internet connection.
View 5 Replies View RelatedCode:
[bee@localhost ~]$ ulimit -a | grep files
open files (-n) 1024
that open files value set to 1024, but is it valid only for real files ("file handles/descriptors" of files on your filesystems: hd partitions / cdrom / floppy / usb devices) or does it counts also network/sockets connections? i'm just asking without a reason. it's just curiosity ... as you can see sockets with lsof, somebody like me could think connections are counted as they were "files" by ulimit too
I have a machine that I'm trying to setup as a reverse web proxy. It will have two NICs, eth0 will face the public network, and eth1 will face the "internal" network (connects to a switch that goes out to the other web servers that are statically assigned a private IP address).
When both interfaces are started, I can ping hosts on the 1.2.3.0 network and the 192.168.10.0 network without problem when doing so by IP, but if I try to run a ping or nslookup command with a DNS name, it does not work. I've tried commenting out my entries in /etc/resolv.conf and adding the DNS entries in the /etc/sysconfig/network-scripts/ifcfg-ethX files directly (DNS1=x.x.x.x and DNS2=x.x.x.x), but the results are the same.
I am new with IP tables stuff and i have a problem....i have a pc Contain a fedora OS and i want to make a small network (4 PCs Contain XP OS) and using the pc of fedora OS as a firewall i want to Prevent the ping (i think it called(ICMP)) in the privat network and prevent one of the PCs from Browsing internet(prevent port 80 and 81 as i think) and i still don't know how to make the internet go Through the firewall to the private network...
Note: WAN = eth0
LAN = eth1
My linux box has 3 network adapter. eth0 connects with ISP, eth1 is for staff network, eth2 is for public user. I want to limit the usage of internet bandwidth. for example, the traffic going through eth0, 75% is for staff network, 25% is for public user.In addition, I setup shorewall on it for port forwarding and filtering, but I felt the traffic shaping of shorewall is complex. I don't need the specific TOS, but only the percentage. could you give me some suggestion?Which software or package I should use to achieve this goal?
View 3 Replies View RelatedI'm working on setting up access for our developer via Telnet, we are on a local network behind a physical firewall. I set up the standard Telnet service for Fedora15 and from localhost I can login via any user and root.... However I cannot login from another terminal on the LAN, even though I can ping and FTP to the fedora15 box. I added the firewall rules for telnet, that did not work, so I disabled the firewall, still cannot get a connection via port 25. I feel either port 25 is closed in another manor or the telnet is restricted to the localhost.
Also I cannot login to root to configure the Firewall Desktop GUI, only standard users, is this an issue? I also cannot login to the console as root even though I use the correct password.I can only su to root and sometimes it is a PITA. There must be some settings to clear these issues up...
i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies View RelatedI'd like a way to see all of the devices on my local network and what their local IP address is. I recall that I used wireshark to troubleshoot a similar problem a while back, but it doesn't seem to have a way to see all of the devices- only the traffic. (I'd like to do this without having to physically interface with my router if possible, and I am in an encrypted network if that matters)
View 6 Replies View RelatedI have installed a web server on my local network. Everything is well configured and web pages are shown correctly from Internet (outside the local network) using the domain or the public IP.The issue is if I try to see that web pages (using the domain or the public IP) from inside the local network. In that case the router config page (192.168.1.1) is shown instead of the web pages.From inside the local network I'm only able to see the web pages using the internal IP address (192.168.1.XX).
View 2 Replies View RelatedI've spent AGES getting ndiswrapper to work on FC11 with my USR 5416 card.
Now it's finally working and Networkmanager can see my local wireless network. Problem is when I try to connect and it asks for the wep key, the encryption I'm using is not an option.
My network uses a 64 bit ASCII passphrase. My options when connecting are:
None of these seem to be right for my network and, consequently, none of them work.
build a cluster within local network based on opensuse and fedora?
View 2 Replies View RelatedI've got an Ubuntu server hosting our websites and other various things here in our own home. We recently switched to a router that doesn't support loopback (abomination), so I've set up hosts files on our computers so we can access our own sites when on our home LAN.
However, we often take our laptops as we travel about, and I'm guessing due to the hosts files when we try to access our sites, it'll look on whatever local network we're connected to for our server, which won't work, obviously.
Is there a way to set up something like a hosts file that'll only try to look up the local IP of the server when we're on a specific network (our home one), or have one that tries to look for the local IP first, then proceeds to try and resolve the domain name and use the external IP if the local IP doesn't work?
I have my box setup as a router/NAT with two different network cards. One for external connection(connected to the Cable Modem) one for internal connection(used for internal DHCP). It works perfectly when I manually activate the two interfaces after booting(both interfaces always show up as inactive after booting), then the DHCP server and firewall. I am confused, however, by which program has control of these interfaces.
First, there is the Network Configuration (System->Administration->Network), which is where I manually start the interfaces after rebooting. Both interfaces are set to "Activate when computer starts" in here.
Second, Network Device control(System->Administration->Network Device Control), which looks to be almost the same thing as the above.
Third, the NetworkManager applet(on the top bar) - both devices show up as unmanaged when I left click on this, but if I set "Controlled by Network Manager" in the "Network configuration" window(number one above), It still does not work. Can I get rid of two of these programs, or is there some way to edit the startup scripts to start my ethernet cards before the dhcp server/firewall(which is shorewall BTW)?
I greet you at the same time ask me to help with a problem I have and I could not solve. Within the requirements I have is to connect a network that is connected by VPN to my LAN.The detail is I could have connection to the network by adding a network card (eth3) on the firewall and connect to the VPN router (DLINK) cable network, but I can not reach the other estin that are in the VPN.
It should be noted if I add a station within the network: 10.30.1.X/24 has no problems connecting with the other destinations.Physically this router is inside my 10.30.1.X DATA CENTER another wan.
Neither of my wired network connections are listed in the network manager applet. I know that networking seems to be functional since I can ping local devices on the network. I can't resolve DNS names however. I suppose this is because network manager usually handles DNS? I've posted the outputs of various configurations below.
Code:
/etc/NetworkManager/nm-system-settings.cfg
# This file is installed into /etc/NetworkManager, and is loaded by
# NetworkManager by default. To override, specify: '--config file'
# during NM startup. This can be done by appending to DAEMON_OPTS in
[code]....
Is there a way to log specific type of network connection with timestamp? I mean, if someone sends a mail through mail server, is there a way the server logs that connection with timestamp?
Example:
2010-03-17 14:10:12 <server>:25 <client1>:<port1>
2010-03-17 14:10:26 <server>:25 <client2>:<port2>
2010-03-17 14:13:09 <server>:25 <client3>:<port3>
2010-03-17 14:15:43 <server>:25 <client4>:<port4>
...
...
...
I'm having trouble running 2 network connections on an Ubuntu 10.10 machine. My wireless connection provides my internet access and is assigned the ip 192.168.1.7 My ethernet connection provides access to a separate network containing a nas box/server. The ip address for this is 192.168.5.100 When I am only connected to the wireless network, the internet works fine. However, once I connect to the ethernet network, I lose internet access via browsers and email client I cannot ping external web servers. It doesn't appear to be an ip address conflict so I'm at a loss as to what is causing my internet connection to drop.
View 8 Replies View RelatedI have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies View RelatedI know that GNU/Linux does not need a firewall (due to iptables), but I would like a basic firewall that would watch incoming and outgoing connections. I would prefer it to have a try icon and be able to run as a regular user, such that I can add it to my .fluxbox/startup file. Anyone know of any good ones? They don't actually have to interface into iptables (because I would do that myself), but if they do it would be a bonus.
View 4 Replies View RelatedI run ubuntu on home pc and am very happy with it. I use internet to surf and to see my email on gmail.com etc. What commands should I give to setup ufw firewall so that only this much is allowed? Also, where can I see if some other connections have been blocked?
View 9 Replies View RelatedI suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
Here is the layout of my network:My cable modem plugs into eth0 on my ubuntu server which acts as a firewall (shorewall) and dhcp server to my lan. A dd-wrt access point is plugged into eth1 and then a bridge connecting my xbox360 and another bridge connecting a desktop computer.Everything works pretty well, except a few times a day, my network will just shut down. The wireless on my macbook and my wife's laptop will just shut down, and if my xbox is running, it will lose connectivity. It will be down for maybe a minute or two, and then come back up like nothing ever happened.I never had this problem when I had just a dd-wrt router running everything instead of my server.When I ssh into my server afterwards and run dmesg, this is what I will get:
Code:
[398598.251548] martian source 169.254.1.255 from 169.254.1.33, on dev eth1
[398598.251565] ll header: ff:ff:ff:ff:ff:ff:00:23:69:3d:b1:82:08:00
[code]....