General :: Block All Ports Except SSH / HTTP In Ipchains And Iptables?

Jun 15, 2010

How can I block all ports except

ssh (port 22)
httpd (port 80)

using iptables and iphains?

View 1 Replies


ADVERTISEMENT

OpenSUSE Network :: Block All Ports But Port 80 With Iptables (DMZ)?

Jun 25, 2010

I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.

So now I'm struggling a bit with Iptables. Basicly what I'm looking for is how to block all ports but 80 in this last subnet with iptables.

View 5 Replies View Related

Ubuntu Security :: Block All Ports Except Pop And Smtp In NAT Through Iptables?

Jan 20, 2010

how to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3

View 2 Replies View Related

Server :: ProFTP Masquerading Setup Uses IPChains Convert To IPTables

Jan 25, 2011

How to Nat. I wanted to be able to resolve something like
ftp.myfirstdomain.com to 192.168.0.2
Then ftp.mysecond.com to 192.168.0.3

Just as a random example, I know these cannot be done using name based virtual hosts like in Apache. But I got this working internally using my LAN connection and the 2 IP addresses above, with Bind DNS pointing the dns's to those 2 ip addresses respectively. This worked, yet when I tried connecting from my work place to transfer some files, it kept going to the default user's home directory. Just wanted to get this project finished, 2 domains and one public facing IP address.

View 3 Replies View Related

General :: Configure Iptables For Only HTTP And HTTPS Traffic

Aug 11, 2011

I am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:

Code:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:

Code:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

Code:
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?

View 4 Replies View Related

General :: Block And Allow IP Using Iptables In RedHat 4.0?

Aug 3, 2009

I have blocked below IP by using iptables command in RedHat Linux 4.0.

Code:

iptables -A INPUT -s 192.168.0.85 -j DROP

It's now totally blocked and can't get access into web or internal network. how I can un-block that IP, so that it can again starts it's normal operation.

View 2 Replies View Related

General :: Block Some Ipaddres In Iptables (Ubuntu)?

Aug 3, 2010

Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.

Output of iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

[code]....

Now i want to block some ip address and port ways i tried lot of things in internet when i type iptables -A INPUT -s 192.168.1.150 -j REJECT (i found in internet it will block that ip address for getting internet and any access through my sys)

Now th Output

Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT all -- 192.168.1.112 anywhere reject-with icmp-port-unreachable

[code]....

it will block icmp protocol only I want to know how block ipaddress and port address ways...

View 1 Replies View Related

General :: Block UDP Protocols In Iptables - Ubuntu ?

Aug 5, 2010

Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet

Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.

Now i have problem with blocking UDP protocols i tried lot of things in net iptables -A INPUT -s 192.168.1.0/255.255.255.0 -p UDP -j DROP

But it's not blocking UDP protocols (i change UDP to ICMP Protocols then icmp is blocked every ip address)

View 9 Replies View Related

Ubuntu Networking :: How To Block Ports

Dec 16, 2010

I was following the directions over on the page How to watch Hulu overseas without a proxy server and got to the section about blocking ports, which I need to block port 1935. I figured this would be easy, as the mac instructions are

Code:
sudo ipfw add 0 deny tcp from any to any 1935
sudo ipfw add 0 deny udp from any to any 1935
and the Windows instructions are practically a book in itself. Since this page was lacking instructions on how to do it in Ubuntu, and ipfw seemingly doesn't exist in Ubuntu, how do I block the ports

View 2 Replies View Related

Security :: UFW Block On Legitimate Ports

Jun 30, 2010

I enabled ufw yesterday, and am finding log entries like:

Jun 30 13:07:51 xxxx kernel: [15702368.296557] [UFW BLOCK] IN=eth1 OUT= MAC=00:22:19:5e:8f:23:00:0c:db:fc:8b:00:08:00 SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=47632 PROTO=TCP SPT=58875 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0

What is puzzling is I did the command: ufw allow 80.

View 5 Replies View Related

OpenSUSE Network :: Internet Freezes \ It Allows Only Connections To Dst Ports Tcp 80 (http), Udp 53 (dns) And No Frags?

May 19, 2010

I have troubels with internet, on different Linux x64 systems on my laptop(Lenovo ThinkPad sl510), but if I load WindowsPE all is OK ( what coud it be? where to search?There is an hardwere firewall/nat/gateway in my local network, it allows only connections to dst ports tcp 80 (http), udp 53 (dns) and no frags, no icmp, deny in and etc. But Windows Internet (the same Firefox) works fine , and under Linux sites doesn't loding full or "connetion timed out"...But if I have can start downloading any file it would be downloaded full (I have downloaded DVD iso of SuSe)Dns throu nslookup responce not evry time...Decreasing of MTU to 1372 didn't help (( Deactivating ip v6 also....What coud it be? What is different betwin Windows and Linux in DNS clients is any alternative dns client in SuSe? Is the trouble only in DNS?

View 1 Replies View Related

Security :: Drop Inbound Traffic To Port 80 (http) From Source Ports Less Than 1024?

Feb 1, 2011

I'm simply trying to make a little restriction on www packets under two rules:

1. Allow inbound/outbound www packets (works!)

2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)

Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)

And this is my iptables rules in shell-script so far:

#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"

[Code].....

View 1 Replies View Related

OpenSUSE Network :: Block HTTP Requests From Other Computers?

May 30, 2011

My computer shares an internet connection using an ADSL router.There are other three machines.I have set up a Apache server for learning purpose and I want it to be inaccessible from anywhere else including the PCs in the network.When I enter my ip-address assigned in the network (192.168.1.1xx) from other computer,I get my ppages and I dont want that.

How can I block HTTP requests from other computers?

View 6 Replies View Related

Networking :: Cant Open Any Ports In Iptables?

May 14, 2009

Since there was no response on my other post which i spent about a hour writing, ill go for something simpler. I run this on my server

Code:
# set default policy for the NAT table
iptables -t nat -P PREROUTING ACCEPT

[code]...

View 9 Replies View Related

Networking :: Forwarding Ports With Iptables?

Dec 23, 2010

I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also. However, the only port that gets successfully forwarded is port 22. The other two appear closed. here is what the script looks like:

Code:
#!/bin/sh
#

[code]...

View 2 Replies View Related

Security :: Anyway To NOT Log Dropped Ports 137 / 138 In Iptables?

Mar 30, 2011

We do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.

View 4 Replies View Related

Ubuntu Security :: Delete Builtin Ufw Rules / Block The FTP Ports?

May 6, 2011

How do you delete ufw rules which you didn't make?

I want to block the FTP ports (20 & 21) but even if I put in DENY rules, it appears that these rules are letting traffic through

Code:
9 400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED

How do I delete these rules? I've tried.

Code:
sudo ufw delete allow 20
sudo ufw delete proto tcp from any to any 20
but I get "Could not delete non-existent rule".

Since I didn't make those rules I have no idea what OpenBSD's PF syntax (what ufw uses) is for them.

View 2 Replies View Related

Software :: Block HTTP Requisitions With Invalid Reference Field?

Oct 18, 2010

How can I block HTTP requisitions with invalid/blank http reference field through a gateway server? I am using Debian 5 with iptables enabled.

View 2 Replies View Related

Fedora Networking :: Iptables On Bridge Ports?

Apr 21, 2011

I'd like to pass all traffic between bridge ports via the FORWARDING chain, so I changed following sysctl parameters:

Code:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

[code]...

View 1 Replies View Related

Networking :: Set Any Ports On Iptables For One Specific Host Only?

Feb 16, 2011

I like to set in iptables to allow access from one host to my server on any ports.

Currently the iptables have been configured to deny all and to allow access only to those I've specified.

Can anyone advice on the command to achieve this?

View 1 Replies View Related

Networking :: Iptables - Portforward To External IP And Ports?

Jun 30, 2011

I want to portforward client connections from an ubuntu lts server to another external server. btw i am a noob on iptables. i have tryed using the basic commands for iptables with no success. For example:iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j DNAT --to 91.23.45.67:7878iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j ACCEPTso basically i just want a rediraction for from one ip to another. Example: A client tries to connect to ip 123.45.67.89 on port 7878 and the server forwards him to ip xx.xx.xx.xx on port 7878, meaning that xx.xx.xx.xx is the actual server with services. Server with ip 123.45.67.89 is only forwarding the client to external ip... how can this be done in a simple command?

View 7 Replies View Related

Software :: Configure IPTABLES To Allow Certain IP Ranges To Ports 25 And 465?

Feb 16, 2011

I have a mail server with IPTABLES enabled.I want to allow access to:

41.0.0.0/8
58.0.0.0/8
61.0.0.0/8

[code]....

View 7 Replies View Related

Software :: Open Ports Using Iptables From Shell?

Sep 18, 2009

I am trying to open VNC ports(5901,5902) on my RHLinux machine using iptables. I am able to do it from GUI system-config-security. Go to the Administration > Security Level and Firewall, then select "other ports" at the bottom and enter the portNum 5901 to open and select tcp, then click OK and OK again to save your settings. From my windows m/n iam able to open vncsession using vncviewer on 5901 port.But when I am trying to do it from command line:#iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPTThis command added the entry in /etc/sysconfig/iptables and listed in iptables -L command.Then I saved and restarted the iptables.#service iptables save
#service iptables restartWhen I am trying to open the VNC session from vncviewer, it is giving me error and session not opened.Is there some thing I missed here? where can I check the logs for this? I definetly need

View 3 Replies View Related

Ubuntu :: IPTables Configuration Just Allow Outgoing To HTTP / DNS

Nov 18, 2010

Rather new to Ubuntu. I was wondering for advice on a basic iptables configuration blocking all incoming/forward and just allowing outgoing to http(s) and dns of course.

View 5 Replies View Related

Ubuntu Servers :: Iptables Allow Ports To A Specific Ip Or Domain Name?

Jul 23, 2010

How to configure iptables to allow only 22,80,3306 ports for only a dynamic public ip/dyn dns domain name on a ubuntu server?

View 9 Replies View Related

Ubuntu Networking :: Set Any Ports On Iptables For One Specific Host Only?

Feb 15, 2011

I like to set in iptables to allow access from one host to my server on any ports.Currently the iptables have been configured to deny all and to allow access only to those I've specified.

View 2 Replies View Related

Networking :: Configuring Iptables To Locally Translate Some Ports?

Apr 27, 2011

Because my ISP is blocking every IP port under 1000, I'd like my local nat'ed server to be able to translate incoming and outgoing traffic from some port above 1000 to the default server port locally.Example :

To connect to my IMAP server (default port : 143) from the outside,I'd connect to my public IP, port 1143 (opened and nat'ed to the right server on my router) and the server would translate this port to 143 on the same machine.I wish I could simply configure my router to do that but sadly Linksys doesn't permit such setting... I also could modify the listening port of my server but I prefear to keep the default port inside my network.I think that iptables is the right tool to do that and I never used it and I must say that this tool is not so easy to configure at first sigh

View 5 Replies View Related

Security :: Iptables To Block Ip From Ftp?

Mar 6, 2010

Is this how I would do that?

iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP

This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.

View 1 Replies View Related

Networking :: SQUID Intercept IPtables - Whitelisting Ports And Sites

Jul 6, 2011

I'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this:
Clients <-> Proxy Server + DHCP Server <-> Internet

With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).

For Iptables I used:
Code:
iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP

Squid3 config:
Code:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl Safe_ports port 80 # http
acl whitelist dstdomain "/etc/squid3/whitelist"
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny !whitelist
http_access allow localhost
http_access allow all
http_port 3128 intercept
hierarchy_stoplist cgi-bin

View 2 Replies View Related

CentOS 5 :: Edit The Iptables To Include Some Ports/ip For Openfire Server?

Jun 16, 2010

I am trying to edit the iptables to include some ports/ip for openfire server. The problem is the computer is very locked down with permissions...I logged in as ROOT with ID 0.Now the iptables has ROOT for permission BUT ID 1 which reflects BIN.As root i cant edit or chmod/chown the iptables. Here is what i tried:

1. change password of BIN - successfully changed with no errors BUT still cant su BIN with the new password...

2. tried changing the ID of ROOT to 1 but I dont have permission to use the command....

so anything i can do here??? I dont have permission with Shadow either...

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved