Fedora :: Using Iptables To Make Port 22 Accessible Through 4455 Externally
Apr 16, 2011
Have previously moved my ssh server from 22 to 4455 just by moving the port in sshd_config. This is done to minimize the log entries resulting from brute force attacks.However, it seems like Zimbra and other local services expect to find the ssh service locally available on port 22, so I figured it's better to move the port in the firewall so that it remains configured on port 22 in sshd_config, and instead use iptables with a nat/port rewrite to move 4455 incoming to 22 locally.
Isolated this works as long as I also keep allowing port 22, but the moment I close port 22, port 4455 is also dead, which sort of defies the purpose
View 2 Replies
ADVERTISEMENT
Nov 26, 2009
My school computer Crasht, so i thoug hey i wana create a linux server, so do anyone know how to make a Fedora server that can be acest thru the wanport ( acest thru the web ) for sharing school stuff etc ... any one know? or know where i shoud look for manuals?
View 1 Replies
View Related
Jan 25, 2010
So if I do
dmesg | tail and find out that
lp0: using parport0 (interrupt-driven).
lp0: console ready
[root@Juha Juha.Koskiniemi]# cat /proc/bus/usb/devices
What is it fro following?
lspci
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O Controller (rev 03)
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 01)
00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 (rev 01)
00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 81)
00:1f.0 ISA bridge: Intel Corporation 82801DBM (ICH4-M) LPC Interface Bridge (rev 01)
00:1f.1 IDE interface: Intel Corporation 82801DBM (ICH4-M) IDE Controller (rev 01)
00:1f.3 SMBus: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller (rev 01)
00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 01)
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Modem Controller (rev 01)
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon Mobility M6 LY
02:00.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev aa)
02:00.1 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev aa)
02:00.2 FireWire (IEEE 1394): Ricoh Co Ltd R5C552 IEEE 1394 Controller (rev 02)
02:01.0 Ethernet controller: Intel Corporation 82540EP Gigabit Ethernet Controller (Mobile) (rev 03)
02:02.0 Network controller: Intel Corporation PRO/Wireless 2915ABG [Calexico2] Network Connection (rev 05)
And how to evaluate the list of cat /proc/bus/usb/devices? I am asking this since seems that parport is recognized but why I can not access the it to via gtkteminal by using /dev/lp0
QGtkStyle cannot be used together with the GTK_Qt engine.
Qt: Session management error: None of the authentication protocols specified are supported
opening failed
How to edit thread header since the misspelling?
View 2 Replies
View Related
Jun 1, 2011
I have blocked all connection with iptables and allowed only the loopback:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Next I want to allow only ssh connections, and also I want to record the IP address of each attempt to access port 22 using the recent module. Then I want to to see if that IP address has attempted to connect 2 or more times within the last 60 seconds, and if not then the packet is accepted:
iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 2 --name ssh --rsource -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
View 9 Replies
View Related
May 7, 2009
I need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code:
sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80
this is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[Code].....
View 9 Replies
View Related
Apr 18, 2011
Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
View 5 Replies
View Related
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
Mar 31, 2009
I need to know what the Iptables "code" is to change the outgoing/Incoming IP for port 53 (DNS). I'm running CentOS on a dedicated server. I very familiar with Putty and SSH. So I don't need much details, I just can't figure this out. I asked my server providor but they deleted my ticket and didn't answer me.I tried this but am not sure if this correct of working?
View 5 Replies
View Related
Feb 20, 2010
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
View 6 Replies
View Related
Aug 5, 2009
If I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
View 4 Replies
View Related
Feb 7, 2016
I managed to set up an openvpn server, ip-forwarding and a nat iptable rule for that.
Almost everything works as expected, but my problem is:
Smartphone -> VPN -> Internet ==> works (by ip and hostname)
Smartphone -> VPN -> machine in my local network by IP ==> works
Smartphone -> VPN -> machine in my local network by its hostname => DOES NOT WORK
Machine w/ VPN server -> ping to machine in local network by ip or hostname => works
So, i wonder why i cant access a local machine through the vpn by its hostname. I guess I'm missing a forwarding rule??
iptables dump:
# Generated by iptables-save v1.4.21 on Sun Feb 7 20:56:52 2016
*nat
:PREROUTING ACCEPT [786:59064]
:INPUT ACCEPT [728:53047]
:OUTPUT ACCEPT [19:1487]
:POSTROUTING ACCEPT [20:1576]
-A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Feb 7 20:56:52 2016
View 0 Replies
View Related
Mar 25, 2010
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
View 2 Replies
View Related
Dec 31, 2010
I have reinstalled CentOS 5.5 on my un-managed VPS. Everything is fine except port 80
I am trying to access IP address in Internet Explorer but seems port 80 is not accessible.
I have checked by changing Listen 80 to Listen 90 in httpd.conf
and accessed the ipaddress with port 90 i.e. 208.89.213.70:90 and apache page was displayed
I need help on how to resolve this issue
View 1 Replies
View Related
Nov 4, 2010
I am trying to have a serial device connect to my ubuntu machine via the com port, and forward that comport over the network to a windows box so that I can configure/access the device. I have looked into socat/ sredird but still haven't found an option that I can get to work.
View 1 Replies
View Related
May 6, 2010
I'm using fedora12 with KVM. I'm also using iptables for filtering and nat. Problem is when I start libvirtd, it overwrites my current iptables and iptables config file (/etc/sysconfig/iptables).
Ok it leaves an old copy in /etc/sysconfig/iptables.old, but the main problem is that it removes also all my custom settings from filter and my full nat. I would like the keep control on my iptables and like to manage them on my own. But I cant find an option in the libvirtd config files and/or the libvirtd startup scripts to prevent libvirt from changing my iptables. how I can make libvirtd stop tempering with my iptables?
View 1 Replies
View Related
Sep 1, 2011
I download something all the files and folders have root permission. So I can't do anything. I can change them all to have permission for me but it takes like an hour for one download. How do I make EVERYTHING accessible to me?
View 6 Replies
View Related
Feb 19, 2011
I was trying to make my Desktop accessible from anywhere with DynDns. I have AT&T 2wire router 2701-hg b router. which doesnot have dyndns settings.
So installed ddclient. its running fine..
I did tracepath
I did nslookup
View 6 Replies
View Related
Dec 23, 2010
On computer, I have apache server, configured at port 80, running. In local network, web page is accessible by my local IP (192...). Although, when I want to get to the page from the internet, I don't know right ip address, since router's one should be local, and also, router has it's own web page running at port 80. So I guessed that my server IP would be modem's one, which I don't know. Sometime in past, I figured out address of modem too, but it has it's own application running. Also, router supports port forwarding (which I guess, is needed), but I don't know how to get using to it. what address from internet should I have? How should I determine it?
View 8 Replies
View Related
Mar 6, 2011
I did a wget on the source and built the apache binaries correctly. Now what do I need to do to get some documents accessible using HTTP (start some services?)? Also, do I need to group all the files I want to make accessible in some directory and make the directory and its contents accessible or can I just make the individual documents available? I will be providing these links to my colleagues and do not want them to be down, so need to make sure that the apache services are up automatically after a reboot. Does apache have some inbuilt support for this?
View 2 Replies
View Related
Nov 1, 2010
The cable internet I'm using runs on Dynamic DHCP IP addresses. I changed it to a static IP address in my router settings, but it keeps changing. This means that I can't connect to my home server from a remote location.
Is there anyway to run my ubuntu server on a DHCP IP address without connecting through my router 192.168.1.xxx?
View 1 Replies
View Related
Nov 11, 2009
I have made out a little software as to talk with my friends through network . there are two parts : one is listening to receive messages ,the other will send messages. but the firewall is bothering .so I want to know if I can make my software listen to port 80 while apache is also running .
View 11 Replies
View Related
Dec 7, 2009
HTTP - Can't see website(s) externally
View 4 Replies
View Related
Mar 4, 2010
my son is 15, autistic and mentally retarded. he is moderate-low functioning and loves to watch barney the dinosaur, thomas the tank engine and other young children's programming on videos on his computer. he can talk in a limited way and can read out loud at about the first-grade level, though he seems to have little or no comprehension of what he's read (hyperlexia).i'm having problems with viruses and spyware because he lacks the judgment that keeps the rest of us from clicking on every window that pops up. we've had a particularly nasty crop of ad-ware viruses lately that pops up graphic porn ads even when the browser is closed. i've had enough of this.
the computer is an ancient dell dimension 4600 desktop (circa ~2002) running windows xp. i've run ubuntu from a live cd and installed flash as a test. videos videos play fine, so that's not a problem. i don't really want to replace the computer becasue it still works and is only used by him to run firefox. i am willing to buy a new computer if that turns out to be the only option.i've been using ubuntu exclusively on my laptop for several years and i would like to remove windows from his computer and replace it with ubuntu. i'm wondering how i can make his computer as accessible as possible to him while not sacrificing too much security.my son has very poor fine motor control over his hands. he can use a mouse with some difficulty, but using a keyboard is out of the question. he can use the mouse to click on the shortcuts to his favorite videos, but i can't think of how he would be able to enter a password for his account. not only does he have the fine motor problem, but he is not able to remember any usefully secure password.
does anyone have any ideas about how to make his computer accessible to him without opening a gaping security hole? two ideas that i've kicked around are creating a user with absolutely the minimum privileges required to use firefox and no password or finding some way to enter a password that doesn't require a keyboard. i haven't come up with how to implement either of those ideas successfully.
View 6 Replies
View Related
Aug 16, 2011
The details of "how to access externally with hostname instead of IPAddress in fedora"
View 1 Replies
View Related
Mar 18, 2011
iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -p udp --dport -j ACCEPT
iptables -A FORWARD -p tcp --dport -j ACCEPT
and the rules are placed in iptables, i can see them when I do iptables -L. But when I do netstat -an | grep 161 I can see that port 161 (SNMP) is not listening. Why?
View 7 Replies
View Related
Jan 13, 2010
I am running a voip server on port 5060. I want to hide this to all the robots scanning the net permanently - I know this is not enough security - it is just to prevent them from wasting by bandwidth testing all usernames until fail2ban stops them !
I'd like to have port 5060 accepting requests only from 'trusted' hosts, while others (client with dynamic ip) use port 5065 - thus, port 5060 will only appear open for some trusted partners and the bots will skip to something else.
I have setup the iptables rules succesfully to accept only trusted hosts.
-A RH-Firewall-1-INPUT -s 93.x.y.z -p udp -m state --state NEW -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5060 -j DROP
I've added a PREROUTING NAT rule that change the port from 5065 to 5060 for others - but then, this gets caught in the INPUT rule as port 5060 -A PREROUTING -p udp -m udp --dport 5065 -j DNAT --to-destination 192.168.1.1:5060
This works so well that the packets coming on port 5065 are translated to port 5060 and get caught in the DROP rule...
View 1 Replies
View Related
Jan 20, 2010
I get today a server with CentOS.. and someone told me to block access to port 22 for all IP's except my.. so I did
Code:
iptables -A INPUT -p tcp -s my_ip --dport 22 -j ACCEPT
and after
[code]...
View 7 Replies
View Related
Aug 14, 2010
I have a CentOS box which is Internet Facing. It has 3 LAN's connected to it which are for virtual machines.
I want to port forward port 445 to a machine on one of the LAN interfaces. I have tried various ways to get it done, but still cannot access that port from the interface. I definately know device hosting port 445 is live, as I can ping it from the CentOS box and use lynx to access it! (It's a web server)
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j DNAT --to-destination 192.168.0.2:445
View 6 Replies
View Related
Jun 7, 2010
I've been Googling about port forwarding iptables and even though there's result and I've applied it in my script, I can't make iptables forwading request to another machine so I decided to ask help.
eth0 is my Internet Interface (1.2.3.4 is the public ip)
eth1 is my Lan Interface
eth2 is my DMZ Interface
[code]....
View 14 Replies
View Related
Jun 17, 2010
There is this server where in I want to use port redirection using iptables. For port redirection I have used nat table with PREROUTING chain and REDIRECT option. Like:
Code:
iptables -t nat -A PREROUTING -p tcp --dport pop3 -j REDIRECT --to-port 8110
It just does not work. I have tried to redirect other ports as well but nothing works.
[code]....
View 15 Replies
View Related
