Fedora :: Set The INPUT - OUTPUT And FORWARD Chains In Iptables To ACCEPT?
Oct 25, 2009What commands do you use to set the INPUT, OUTPUT, and FORWARD chains in iptables to ACCEPT?
View 5 Replies
ADVERTISEMENT
Ubuntu Security :: IPTables - Setting Default Rules To All Chains As DROP
Jun 30, 2010I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP:
# Set default-deny policies for all three default chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
Then allow only some ports:
#Accept inbound packets that are part of previously-OK'ed sessions
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# Accept inbound packets which initiate SSH sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
# Accept inbound packets which initiate FTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
# Accept inbound packets which initiate HTTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH
So my question is:
- Does the IP tables take effect immediately after I input a rule?
- Is there any mean to run this as a batch job (create a script and run all these rules one time).
- My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
Security :: IPTables Layered Chains - Create Rules For Certain Services Like Xmpp / Web
Jan 16, 2010I want to simplify some of my rules, so I want to create rules for certain services like xmpp, web, etc. since some of them use multiple ports, and I toggle them on/off a lot. Can I simply put the jump to rule clauses in the Input chain, and once the sub chains run, does it return to the input chain after the jump to rule clause? I want to do this so I don't have a ton of rules in the input chain. I think that if I simply make a list of all the rules to jump to in the input chain, it will work itself through all of them until it finds a matching filter in one of them correct?
View 9 Replies View RelatedRed Hat / Fedora :: Properly Define Iptables To Accept Traffic Only From Specified Hosts?
Nov 8, 2010I have an log monitoring application that is listening on port 514 to receive events only from certain hosts.In order to control this,I've tried set up iptables to define those hosts that are allowed to this application. Here is an example of the script that contain the commands:
iptables.sh -> Code: iptables -I INPUT -p tcp -s 192.168.0.10/24 --dport 514 -j ACCEPT
iptables -I INPUT -p tcp -s 192.168.0.15/24 --dport 514 -j ACCEPT
...
[code]....
Fedora Networking :: How To Forward A Port Using Iptables
May 7, 2009I need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code:
sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80
this is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[Code].....
Fedora :: Iptables Loads But Won't Forward Internet / Why Is So?
May 6, 2011I just upgraded my fedora 13 to fedora 14. I changed the cpu and the motherboard so i had to install from scratch...but I saved my iptables.
The problem is that
I do all the suff
service iptables save
And apparently it works...
But everytime I reboot I have to re run the script to forward Internet...Everything else works just fine...I mean I can ssh, vnc, etc but wont forward intel :S dont know why?
Fedora Security :: FC11 Is Set By Default To Reset The IPTables Firewall To ACCEPT Across The Board Each Restart?
Jul 16, 2009How come FC11 is set by default to reset the IPTables firewall to ACCEPT across the board each restart?
View 4 Replies View RelatedNetworking :: Fedora Iptables Forward Port80 To Other Proxy Server?
May 20, 2009I'm using Fedora Core5.0 I have using Iptables for forward port 80 to port 3128(Squid) in the same of server.I need to forward using Iptables to use the other proxy server because this server i am use for vpn and mail tranfer.What a Commnand for i use?ase 1. Server 1 >Ip 192.168.0.4 SQUID WITH PORT(3128)2. Server 2 IP 192.168.0.254 PF SENSE (3128) I will use server 2 for using internet connect only.
View 1 Replies View RelatedCentOS 5 :: Password Does Not Accept Input At All?
Feb 1, 2010I installed Asterisks On a VM machine.
The asterisk I downloaded came with Centos 5.3 It runs well on VM console But the problem is when It request for localhost login which accepts input but the password does not accept input at all.
Ubuntu :: Login Screen Won't Accept Input?
Jan 26, 2011When I try to switch to another user, the login screen show the user selection list, but I can't enter anything - when I click on a user name, the computer just beeps. I have to reboot to get out of this.
View 4 Replies View RelatedFedora :: Input / Output Error On NTFS HDD
Mar 25, 2011My dad is out of town for a while, so I've been using his computer to rip my DVDs with Handbrake. He has Windows Vista installed, so I did a full installation of Fedora 13 on a thumb drive and just run everything off of that. However, when I went to delete some of the encoded videos after I had moved them to my computer, I got a system error that said 'can't delete files: I/O error.' Now, if I try to boot up Windows, his computer is stuck on a black screen checking a bunch of dlls. He'll be back in a couple of weeks, so I'd like to have it fixed by then.
View 2 Replies View RelatedRed Hat / Fedora :: Input - Output Erro When Cloning ?
Apr 27, 2010I'm trying to clone 2 raid sets using dd.( have done this successfully many times in the past)
this time however running into issues.
dd stops with a 'input/output error'
dmesg shows:
A little above this i find
Background: this is a proliant sevrer & has got XFS filesystem on it. Last weeek it showed some XFS errors, tried to do a repair but didnt work.So thought would clone the raid set from a good 'source' server. ( we need this for a test purpose )
Before cloning I deleted raid & created again. everything looked OK, all disks showed as GOOD, but then the dd copy failed with above msg. I'm sure the source raid set is in good condition. Any thoughts on what could be wrong here & how I may be able to recover it?
Ubuntu :: Display Message To And Accept Input From User?
Jul 4, 2010I am using LuckyBackup to back up my laptop disk to a USB disk. I would like to display to the user the message "Please mount backup disk" and have the user click "OK". LuckyBackup has a feature to allow issuing commands before it does the backup. I have been investigating scripts (I have never written one.), but do not understand how to use them to this end.
View 4 Replies View RelatedNetworking :: Iptables Rule To Accept All Connection From Program
Oct 29, 2010my iptables Policy is Drop..my server ports is open just for httpd,ssh .Is there any rule which can allow all connection from a specific program for ex. i want to scan an ip Address ports.as you know nmap connect to every known port to see if that is open or not so, if i want to allow nmap to connect, i need to include all ports for that, or i can allow connection from localhost to outside in all ports .my server is very secure . i dont want other programs (probably a backdoor) use those ports to connect outside i want to know is there any ability in iptables which can rule connections by name of program like "Allow any Connection from /usr/bin/nmap to everywhere " ?
View 2 Replies View RelatedFedora :: Input/output Error When Trying To Copy DVD Contents With DD
Mar 3, 2010I even threw some video DVDs at it to make sure it wasn't the disc.
Code:
[pickens@acer1 Videos]$ dd if=/dev/sr0 of=POTC.iso
dd: reading `/dev/sr0': Input/output error
5088+0 records in
[code]....
I am getting the same thing on my laptop running Mandriva, oddly enough. Two different drives, two different computers, two different distros and multiple DVDs.
Fedora :: Cannot Remove `file': Input/output Error
Jan 21, 2011When running rsnapshot tonight it failed with a bunch of
cannot remove `file': Input/output error
errors.
I navigated to the directory and tried to delete it manually and I got the same errors. I tried with 'sudo rm directory'. How else can I delete this directory? What would cause a situation like this?
Fedora Hardware :: Tape Input - Output Error ?
May 3, 2011I'm either missing the obvious or have four identically defective tape drives. Each is a Seagate or IBM Travan drive (yes, I know they're old and I need to access the data; they were in Win boxes) using QIC-80/DC-2120 media. I've been trying to solve this using three Fedora boxes (different versions) and one Debian machine.
The OS's recognize the drives and they show up as /dev/st0.
With no media in the drives, I get a status report; with media inserted, I get the same input/output errors.
Examples (all as root):
With tape inserted:
With no tape in drive:
With tape inserted
Everything I've found on Google suggests that the drives are defective.
Red Hat / Fedora :: Change Input/Output Color In Bash?
Jun 5, 2009When in the interactive envirment, my Input and Output are all mess-up. So i want to color the Input and Output with two different colors.. so i can figure them out..
View 1 Replies View RelatedFedora :: Input/output Error When Copying Files To Fedora Live CD?
Dec 21, 2010I booted my Fedora 13 live CD on my Dell server, and configured networking and SSHd. On my desktop I logged into the live cd and started copying over a big file (1.5 GB) (i.e. copying from the desktop computer to the server). After copying about half the fil, the download fails with an error message about the filesystem being read-only.I've seen this exact same behavior on both i386 and x86_64 of the same live CD, but don't know why it's happening. I've also had the same issue when copying small files. In /var/log/messages these messages are repeated many times:
Code:
Dec 20 12:32:23 localhost kernel: Buffer I/O error on device dm-0, logical block 684075
Dec 20 12:32:23 localhost kernel: lost page write due to I/O error on dm-0
[code]....
General :: Do A NAT Forward In Iptables?
Jan 7, 2010I am trying to do a NAT forward in iptables but get the following error:Quote:[root@server88-xxx-xxx-198 openvpn]# iptables -t nat -I POSTROUTING -i tun0 -o eiptables v1.3.5: Can't use -i with POSTROUTINGAny ideas on what to do?I have an OpenVON server running and I need the client to use the ports on the OpenVPN server
View 8 Replies View RelatedFedora :: Installing Wine In 13 - Errno 5] Input/output Error
Jul 28, 2010I'm trying to install Wine on Fedora 13, I tried installing it from the "Add/Remove Software Repository" but the installation fails, I tried installing it from the Terminal using the following command as root: "yum install wine"
Here's the output I get:
Code:
Security :: Accept Different Source Network Address In Iptable Input Chain?
May 27, 2010Quote:
-A RH-Firewall-1-INPUT -s 10.12.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Ex- 10.12.0.0/16, 172.150.0.0/16, 192.168.20.0/24
How can we add multiple sources network address in the above INPUT chain?
Networking :: Iptables - Forward All FTP To Other Server?
Dec 24, 2008So here is my issue in a nutshell. I need to take FTP requests that hit Server_A and forward them to Server_B. Server_B is not natted...Server_B is another public server in a completely different location in the world. One thing to note is that I only have one NIC hence why you will see both in and out being eth0. This is what I have in my iptables on SERVER_A:iptables -A FORWARD -p tcp -i eth0 --sport 21 -o eth0 -d SERVER_B --dport 21 -m state --state NEW -j ACCEPTiptables -A FORWARD -p tcp -i eth0 --sport 20 -o eth0 -d SERVER_B --dport 20 -m state --state NEW -j ACCEPTI've also tried both of the above without the --sport option. When I FTP to SERVER_A (where the above iptables rule are) it connects to SERVER_A instead of forwarding them to SERVER_B.
View 1 Replies View RelatedServer :: Iptables To Forward According To The Domain?
Jul 22, 2011my company is a small company!and it only have one public ip,but my company have a lot of websites to access!now i use Reverse Proxy Server -- apahce to solve temporary!it is not convenience for me !So i think out whether iptables can not be used to forward according to the domain!!it is the test as follows:
public ip :10.0.0.1
privite ip1 :192.168.1.1
matching website domain:www1.test.com
privite ip2:192.168.1.2
matching website domain:www2.test.com
and if someone access [URL] the iptables will know they want to access 192.168.1.1 and it will forward to the server 192.168.1.1!!
Slackware :: Forward RDP Port With In Iptables?
May 4, 2010I`m running a rather simple iptables script, but no matter what port i try to forward it wont open. Here are the basics:
Code:
ipt="/usr/sbin/iptables"
$ipt -F
[code]...
Fedora Networking :: IPTables Restore Script - Output Hangs
Jun 21, 2011I have a config script for a particular software package that does...
iptables-restore < /etc/sysconfig/iptables > /tmp/firewall.log 2>&1
The problem is, the output hangs after this. If the user hits a return, the rest of the output comes to the screen and the script finishes normally. But the script looks like its hung because of this odd iptables-restore behavior.
Networking :: Set Iptables To Forward All On An Aliased Ip Address?
Apr 15, 2009I have three machines on three networks192.x.x.x10.x.x.x172.x.x.xThe routers are set to forward communication between 192. network and 10. network, and between the 10. network and the 172. network.However, there's not routing between 192. and 172.I want to fix that by using a machine on the 10. network to forward communication between the other two networks.The machine has one etherent connection eth0 whose address is 10.1.1.11I set up an aliased ip address eth0:0 to be 10.1.1.12 using Quote:ifconfig eth0:0 10.1.1.12Then I tried to set forwarding rules the 10. machine such that 10.1.1.12 address will provide access to the machine 172.1.1.55 as followsQuote:# iptables -t nat -A PREROUTING -d 10.1.1.12 -j DNAT --to-destination 172.1.1.55The default policies for all chains is ACCEPT.I then try to access 10.1.1.12 from 192.1.1.20 expecting it to actually access 172.1.1.55 ; it does not work
View 3 Replies View RelatedNetworking :: Iptables Forward Port To Another Host?
Nov 15, 2010Lets say i have two machines on public ips. If i get incoming traffic on machine #1 on port 55242 i would just like to forward it to machine #2 on port 35000.I would just like to use machine #1 same way as a dns server works. It just redirects the traffic and tells the client where to go.
View 6 Replies View RelatedFedora :: On Boot: Mdadm Failed To Start Raid: Input/Output Error?
Jul 31, 2010I have a strange issue with my RAID5 array - it worked fine for a month, a couple days ago it didn't start on boot with mdadm reporting "Input/Output error" - I didn't panic restarted my computer, same error. Then opened a Disk utility and it reported State: Not running, partially assembled - don't know why, I've pressed Stop RAID Array and started it again, voila - it reported State: Running - I've checked components list and there was nothing wrong with it. So I run Check Array utility, waited almost 3 hours to finish it and it worked since than, till today's morning - I've started my computer, and here we go, same error.
See screenshots:
This is an initial state just after computer startup:
This is after I stop and start RAID5:
This is a components list:
I can see nothing wrong there yet not sure why mdadm fails on boot. I do not really like the windows solution I guess, when I check my array again, it will work fine again, but it then can fail in the same way without known reason.
Networking :: Forward Multiple Public Addresses With Iptables?
Jun 3, 2011iptables and multiple public-facing IP addresses. With the current setup I have a public-facing firewall with iptables which will then forward traffic to a LAN IP. I will hopefully be allotted 1 private IP per public IP, which I hope will make this much more simple. For example, I have server A with the LAN IP of 10.0.0.1 which I would like to have traffic forwarded from 5.0.0.1, the public IP. I also have server B with LAN IP of 10.0.0.2 which I would like to have forwarded from 5.0.0.2, the second public IP. From what I have read and understood, this should be a simple task, however I would just like to double check to make sure that it is in fact possible, and if so, how would it be recommended that I go about doing so. Essentially, I need to forward each public IP to a corresponding LAN IP with all ports.
View 3 Replies View Related
