If I forward port 5764 to port 80 to my VOIP device, I can nmap and get a proper connection. If I forward port 5764 to port 22 to my server, it comes up filtered. It even happens if I try forwarding port 80 to my server. So I'm sure it has something to do with my server, but I'm not sure.Here's my Linksys iptables:
Code:
:wanin - [0:0]
-A FORWARD -i vlan1 -j wanin
[code]....
I'm having a mare with SSL with Apache. I have set it up and if I go to the follwoing address http://192.168.1.2 it seems to work and the pages are delivered to my browser. However if I try to access it from an exernal PC it will not work.
I can get to the non-ssl part of the site so the static ip is resolved and the port forwarding all works.
Does any one have any ideas (and in fact i think I may have just solved it - Ports - 80 mis open but I haven't done anything with 443. Will check it out and post back.
sudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies View RelatedI'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies View RelatedAs it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
I am setting up Apache (Fedora 12) inside my home network. From inside my home network I access it without any problem. I need to set it up to access it from internet. I have the following questions. Here is temporary setup for testing purpose.
Internet-->ADSL modem (SEIMENS Speed Stream 4200)---> Apache (Fedora 12)
1. Do I have to do any kind of ports forwarding on ADSL modem. (There is no option to do port forwarding on Modem) May be I need different Model of Modem??
2. I tired to Ping my real IP for modem form another computer from internet. I am even unable to PING the ADSL 's real IP. Why it is that?
Up to now I've been playing with Ubuntu whilst storing important data elsewhere for about 2 years. Now I'm ready to move to Ubuntu completely but want to address my security.I'm currently using a desktop and server behind a hardware firewall / Internet router. The router has DynDNS and forwards port 80 to the webserver and a port I picked at random to the desktop 22 for SSH with private keys. SSH passwords are disabled.
The first question is, is there a danger of running different security levels on the two machines? I don't care about the server, there is no data on it so I currently forward port 80 and am considering forwarding ports 631 (CUPS) and a port for LDAP. Will this effect my desktop (which has info I don't want to loose).The next question is whether port forwarding / hardware firewall is actually a safeguard against attack.
I'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
I've got two virtual machines running, the first VM (VM1) has two network interfaces, one bridged with my real lan, one a private subnet. The second VM (VM2) has one nic, only on the private subnet.
I have VM1 acting as a router for VM2, giving access to my real lan for internet access. The problem I'm having is I cannot get VM1 to forward ports 80 (http) or 222 (ssh) to VM2 from my real lan.
Here is the script I've cobbled together from various (foreshadowing!) locations:
Code:
I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:
Code:
PORT STATE SERVICE
22350/tcp closed unknown
[code]....
I installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
View 1 Replies View Relatedmy ftp (with SSL) server is behind firewall.
Code:81.81.81.81 FIREWALL (my external address) 192.168.1.5 - FTP server How to create portforwarding for such a configuration. I`m not interesting about iptables rules. I would like to know which port should I redirect and how ? FTP server usualy using 20 and 21. What about VSFTPD with SSL ? Also 20 and 21 ?
I have two PC's, one with slackware and one with arch, and I am trying to access the web server from the archlinux machine but i haven't manage to do that. The archlinux machine is connect to the internet via the slackware machine via a crossover cable:
internet > eth0 (pc1) and ppp0 (the PPPoE connection, pc1) > eth1 (pc1) > eth0 (pc2)
PC1:
ifconfig eth1 192.168.0.1 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT
pc2:
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
ifconfig eth0 up
route add default gw 192.168.0.1 eth0
/etc/resolv.conf (The same DNS as the first PC)
And now the internet is working and on the archlinux machine, but I am not able to access the web server from LAN with a public IP. I tried many iptables port forwarding commands but none worked.
I currently have a gui running on port 8000 on some of my remote servers, unfortunately i do not control the firewall so can not open that outbound port to access it from hereIs there a way with an ssh tunnel to redirect that to another port so i can access it from here?
View 2 Replies View RelatedThis should be easy but for some reason its not working. I don't have admin rights on one of my local networks to open the firewall for port 80 to make my server accessible remotely (from the internet). I have a remote server (OpenVZ VPS) and I want to port forward so that [url]:8080 will point to my localhost:80 from the internet itself (i can get it to work on the remote VPS server's local network)...
How could I accomplish this? Basically, I am trying to serve webpages from behind a firewall using a VPS as a hub.
We have a Ubuntu system that is connected to 4 different networks.
Code:
eth0: 192.168.12.9
eth1: 192.168.2.142
[code]....
I have the following setup and Im trying to forward all incoming connection on port 1194 on eth2 which is the external network to ip 192.168.10.100, but seems its not working.
Current config:
# Generated by iptables-save v1.3.8 on Sun Nov 16 00:00:54 2008
*nat
:PREROUTING ACCEPT [26751696:2175544875]
:POSTROUTING ACCEPT [339911:19096812]
[code]....
plus im adding the prerouting:
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 1194 -j DNAT --to-destination 192.168.10.100
This configuration doesnt work. I also I have tried:
iptables -D PREROUTING -t nat -p tcp -d XX.XX.XX.XX --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.10.100:1194
and the same its not working. Connecting thru telnet to the domain: telnet mydomain.org 1194 doesnt work, but within the server, running telnet 192.168.10.100 1194 it works.
i need to setup port forwarding on my server (i have it running ubuntu 11.04 desktop) so i can host a minecraft server.
View 1 Replies View RelatedHere's my (admittedly complex) situation:
I set up a dynamic DNS address for my home network. Let's call it [URL]. Then I set up one of my machines with a bind9 DNS server and pointed my router's DNS setting to it. I did this so that I could resolve awesome.server.com from machines inside my network and have them correctly find my server. Then I set up a second machine to serve web pages using [URL]. I did this by forwarding port 9200 on my router to port 80 on that machine. This works, but of course, it only works from outside my network.
What is the best way to get [URL] to work from inside my network?
I've tried setting up the iptables on my server to forward that port, but it just times out. I used these rules that I found by searching the internet:
Code:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 9200 -j DNAT --to 192.168.0.300:80
iptables -A INPUT -p tcp -m state --state NEW --dport 9200 -i eth1 -j ACCEPT
However, those rules might be failing because they are intended to forward ports requested from outside the network. I must admit, this iptables stuff is way, way over my head. Is there a different method that I must use to make it work inside my network? Or is there a better way besides iptables?
I'm trying to get my SSH server I set up on my home box working from behind a router. A 2wire 2700HG-B gateway, in fact. Now, I know my server is working fine, because I can get into it via loopback, anywhere inside the LAN from another machine, OR if I go into the router's config and enable DMZ for the machine. However, I don't like having DMZ on all the time because of the kludge-ness of it, and the security issue of the complete absence of a hardware firewall.If I try to port forward and access it from outside the LAN using the external IP (or my DynDNS, because it's dynamic), it just times out. I have a nonstandard port (45) for the listen port of the server, to keep away hack attempts if I were using the standard 22. I used this to see if the port was open, and it said it was. But, I tried the trick of telnetting the IP with that port, and it also timed out, instead of printing stuff about OpenSSH.
Attached is a screenie of my router's firewall page, so you all can look at it and see if I'm an idiot and doing it wrong. You might notice uTorrent there, it's because this machine is a dual-boot with 7, and the router doesn't differentiate the OS's. Also the SSH @ 46 port is for the Windows side, with freeSSHd. I changed the port on that one so the client I have can distinguish them, so it can run a reachability test.
1. Need to connect 2 CCTV DVRs and view from remote. 2. Can get a static IP address. But I dont know if this is a secure way since any once can view if the know the ip address. 3. Question is : is it possible to connect the DVR( s) to a linux server which will get user name and password before letting us view the DVR. Currently there is one set as follows: 1. From location X a device is connected to location Y using leased line and static IP (12 kms distance). In location Y a router is placed and port forwarding is configured. From Location Z using internet and remote desktop concept the device at location X is viewed and data captured. Is it possible to use a similar concept but with some sort of security authentication procedure in place.
View 1 Replies View RelatedI'm trying to enable port forwarding so I can use my computer as an FTP server to some friends. Here's my setup:
CLEAR wireless modem <--> LAN port 4 on router (not WAN) and LAN port 1 on router <---> eth0 in Ubuntu 9.10
The modem acts as a DHCP server which successfully assigns an IP address to my desktop system. I can also go onto the internet just fine on my desktop, and any other computer that connects to the router.
I have enabled port forwarding on the modem (not the router because it's being used as a switch, and not using its WAN port) to forward ports 21 and 80 to my desktop. What I don't understand, though, is that when I try to FTP to the modem's WAN IP address, the connection is refused. However, when I use websites such as:
www.canyouseeme.org
www.yougetsignal.com/tools/open-ports/
They say ports 21 and 80 are open (and not other random ports like 22 or 23 which I tried to see if the site simply said everything was open) but I cannot access my site from a web browser.
I was wondering what it was that's stopping computers from the Internet from communicating with my computer? The modem? The router? Configs?
I am a network/system Administrator in an avg. based company, we are using Cent Os as servers. We are developing applications in both php & java, for java we are using apache tomcat as server (port number 8080) & for php we are using apache as server (port 80). Php applications are uploaded in the server and giving the link to our clients like localhost.com/chrome. Now we are planning to give the java based application for testing purpose to clients & can give the application link to client as localhost.com:8080/mozilla. Is it is possible to change the link localhost.com:8080/mozilla to localhost.com/mozilla with out changing the portnumber of apache tomcat server & without interrupting the php applications, that means our clients can access php application as localhost.com/chrome & java application as localhost.com/mozilla in the same server at the same time.
View 9 Replies View RelatedI have x11 forwarding enabled in /etc/ssh/sshd_config on a suse 11.2 32 bit box running kde I can open x apps on a windows machine using xming and putty just fine, but when I boot the same machine into suse 11.2 64 bit using kde and try using konsole I get: cannot connect to x server
The command I'm using to log in is: ssh -X -l username host I doubt the problem is with the server I'm logging into or it wouldn't work in windows, not really sure what to look for as I've never had a problem using x11 forwarding from a linux client before only windows ones
How do you configure the firewall to allow external web access (it's a LAMP server) and internal access for samba shares ?
View 6 Replies View RelatedI have a question regarding port forwarding. I have a fedora server, with two eth cards: eth0 ---> external IP, eth1 ----> LAN IP I use SNAT for connection sharing. I also have an internet domain hosted on this server... let's call it [URL] Anyway, one of our computers in the LAN has some kind of web server on it, which must be accessed from the internet on the port 23700.
So, using iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 23700 -j DNAT --to 192.168.1.25 (the IP of the network computer) Everything works perfectly fine from outside the lan. When I type [URL], I connect to that computer. My problem is that inside the lan, typing [URL] does not work! It only works if I enter it by IP 192.168.1.25:23700 Is there any way to make the server forward my request to that specific computer even if I'm inside the LAN?
I am running Fedora Core 10 and KDE 4.2.1. My KTorrent is having trouble finding online peers lately. I suspect this is a port forwarding issue. I have set up my router to forward port 4444 (UDP) and port 56000 and more (TCP) to my machine's IP address. I have also set my local firewall (system-config-firewall) to allow these ports through.But when I try to test ports 4444 and 56000 via this Open Port Check Tool, it tells me they are closed
View 6 Replies View RelatedI'm trying to implement remote NFS in our network
So I read a lot of posts on the Internet, but I don't understand which ports I have
to open/forward for this.
On some posts I see a lot of ports, I don't want to do this.
If this is the case, and I would set up NFS through an ssh tunnel, then do I only need the ssh port and does this mean it will always work if the server is reachable through ssh?
Or is this wishful thinking ?
How do I setup Self Port Forwarding on Fedora 13 x64 How Port Forwarding Works Port forwarding allows access to a local area network by a remote user through forwarding ports that provide ftp access and web server access. The operating systems use a kernel or ipfirewall to carry out the port forwarding process.
There are several different ways that port forwarding is accomplished. * Self Forwarding: Self forwarding is port forwarding that is accomplished on a local area network that has multiple computers connected to the network. Since all of the computers share the same IP address, the port forwarding must be conducted within each computer on its own system. If the local area network router has a network access translator then the computers that are connected to the router must also do port forwarding within their own system.Port forwarding can be accomplished with Unix systems however the port can only be accessed by the root administrator. This is a less common method of port forwarding due to the fact that using a root administrator poses risks to the system because the users will often take a detour to a higher port number to gain faster access to the server.Double port forwarding involves the use of multiple routers that join computers on a local area network. As a result, the ports on one router are forwarded to another router that acts as a gateway. The gateway router then forwards to a host on the local area network (LAN). This type of port forwarding involves the communication of several components which include the session server, session client, and session port. When the user establishes a connection the session server will connect to one of the session ports that are to be forwarded which will in turn, forward the port to the session client. Reverse port forwarding is used when access is required to a port that is protected behind a firewall.
While port forwarding is convenient, there are a few things to be aware of when using this type of technology. If you use port forwarding only one port can be used at a time and the machine that is receiving the port forwarding can only view the information as coming from the router instead of the original machine. Additionally, port forwarding can open up network access to other machines that may be able to find the port forwarding by gaining unauthorized access. I know how to setup port forwarding in my router along with Dyndns.org free ED, but my local area network has multiple computers connected to the network on my router. All of the computers share the same external (public) dynamic IP address; when I setup port forwarding only my Web Server can access the internet, so how do I setup Self Port Forwarding on Fedora 13 x64
[Code]...
I've recently installed OpenVPN on my dedicated server (Fedora) in order to have full internet access for all of my WinXP clients. In case somebody is interested in the details of the OpenVPN installation, I followed this documentation: Rootserver-as-OpenVPN-Gateway. The installation runs quire nicely, I'm able to surf the net and even file-sharing programs work on the XP clients - at least to some extent. There is a slight problem though: the file-sharing programs complain that they have a "NAT problem" or that they are "Firewalled".
Most likely, this problem can be addressed by configuring remote port forwarding (RPF) on the server. The only routing rules which I've added on the server during the OpenVPN installation are these:
Code:
# initialize natting for openvpn
iptables -t nat -F POSTROUTING
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 10.66.66.0/24 -j MASQUERADE
Let's assume a certain application on a client is listening on e.g. port 1234. How do I configure RPF for this port on the server side.