General :: Implementation Of IPTables And Netfilters?
Oct 20, 2010I am trying to understand the implementation of iptables and netfilters. Any good links or docs.
View 1 Replies
ADVERTISEMENT
General :: Web Panel To Manage Iptables And Tc / Secure Implementation Of Changes
Mar 19, 2010Subject of my school work:"Web interface for managing firewall and band on the access server (Linux)"I have a big problem because I do not know how to safely implement the change in the system and show the logs on the Web page.Unfortunately, the number of solutions for today is enormous and it is increasingly difficult to me to decide on the right.They are:
1. Launching a web server with root privileges (the default mode of miniserv'a Webmin)
2. CGI scripts on apache SUID (mode webmin on "foreign" server)
3. suPHP or suexec
4. Cron implements changes to the root
5. Daemon in C "periodically" implement changes in the configuration files created by PHP
6. Daemon in C to implement the changes requested in the configuration files created by PHP
7.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password in the DB)
8.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password, enter manually)
9. Like the above so that the use of sudo and user rights only to the necessary shell commands
10. Add the user apache in the /etc/sudoers can perform all the necessary applications shell commands
11. Seize the opportunity to command: shell_exec ( `sudo php-f / home /example/script.php`), and /etc/sudoers
Ubuntu Networking :: How To Use IPtables For Different NAT Implementation
May 6, 2010IPtables, implementing each type of NAT
-Full Cone NAT
-Restricted Cone NAT
-Port Restricted Cone NAT
-Symmetric NAT
using IPTables.
Explanation:
Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Restricted Cone: A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.
Port Restricted Cone: A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.
Symmetric: A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.
On the netfilter mailinglist, Pedro Goncalves suggested the following:
192.168.2.170 is "public" address and 10.0.0.1 is "private" address
/-"Full Cone NAT", with the following rules:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1
/-"Port Restricted Cone NAT", with just a single rule:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
General :: Wireless Implementation In Ns2?
Feb 5, 2011not able to solve an error when i try to do a wireless scenario in ns2.
num_nodes is set 3
warning: Please use -channel as shown in tcl/ex/wireless-mitf.tcl
INITIALIZE THE LIST xListHead
General :: Optimize Implementation Of DSR Algo In UBUNTU 9.1 Using NS 2.34 ?
Feb 25, 2010I need to optimize the implementation of DSR algo using NS-2. Now i need to identify the first of all "the parameters which i can change and which are effective in optimization point of view." I want to get into the c++ code as well as header files which are used to implement DSR algo.
View 4 Replies View RelatedGeneral :: Find A Leach Protocol Implementation For Ns2.34?
Aug 11, 2011I am trying to find a leach protocol implementation for ns2.34 but all links available are dealing with ns2.27 Are the instructions valid for ns2.34?
View 4 Replies View RelatedGeneral :: Linear Hashing Implementation In C Language?
Dec 7, 2010I'm looking for linear hashing implementation in C language. PS: I have to implement this on Ubuntu 10.04 Linux on 64 bit machine.
View 2 Replies View RelatedProgramming :: General Implementation SIP Client Software Using C' Language?
Sep 15, 2010I am new to this forum and to Networking as well. I have chosen to implement:
1) SIP Client using C' language
2) Platform: Windows
3)Its going to be on command line
my problem is that I need some reference like books, material or website where I can learn how to write the code from scratch or port the code according to my requirements. My implementation should serve the purpose like two SIP clients should communicate with each other for exchange of Audio data.
General :: Firewall Rule Implementation - Facebook - Give Only 2 Ips To Get Its Access?
Aug 1, 2011My network diagram is internet<---->dansguardian proxy(centos5)<--->my network i have blocked facebook for my network but now i want to give only 2 ips to get its access & i do not want to enter these ip in exceptioniplist as if i doo so then they will be able to access all the sites that i have blocked. and if i am giving this entry [URL] in bannedsite list it is also not working.....
View 1 Replies View RelatedGeneral :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?
Sep 17, 2010I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
Programming :: Implementation Of RSA Algorithm In C / C++
Aug 2, 2010Can I know the implemention of RSA(Encryption and decryption) algorithm in C / C++.
View 1 Replies View RelatedProgramming :: MD5 Algorithm Implementation
Apr 27, 2011I have a copy of the MD5 algorithm and I'm taking a look at the source. It's pretty interesting but there are a few things that I'm curious about and I was wondering if anyone a bit more intuitive than I could help me out.The function declarations in the MD5 files are a bit unfamiliar to me. There is a macro used called PROTO_LIST, which I'm still not sure as to what this thing is doing exactly, but it's littered everywhere throughout the source.The signature here isn't too unfamiliar to me with the exception of the position of the PROTO_LIST macro. So here is a function with an unnamed argument of type MD5_CTX*.To me, this resembles an initializer list found in C++ with constructors but I certainly don't think that is the case here. So my questions about this are (1) how is this legal code in C and (2) what functionality has the PROTO_LIST macro provided for the function?
View 3 Replies View RelatedOpenSUSE :: Wine Installation And Implementation?
May 11, 2010i have done everything that all the documentations have said and i still cant get this bloody thing working. some one give me the exact commands that removes all traces of all wine packages. and then can someone give me the exact commands to install.
which user i must be doing this under and exactly what i must configure in the config files. all that i want too accomplish by this is to successfully play games on my pc.
Networking :: Implementation Of Network Protocols
Apr 10, 2009How to implement Network Protocols.
View 1 Replies View RelatedNetworking :: Implementation Of TCP/IP Applications Over SCTP?
Dec 9, 2010Have any of the below TCP based applications are implemented over SCTP in Linux ?
1. ftp
2. telnet
3. HTTP
Or any other applications ?
Networking :: Practive For Implementation Of A Failover Server?
Jan 20, 2011I'm in need of some advise from you guys. I'm currently running a live production serverA, and last week it went down for a couple of hours which was really bad to say the least.
I've been thinking about building a mirror serverB that will rsync my data nightly. Now I don't want to load balance here, I just need to be able to switch to serverB when serverA goes down for any reason.
Would the best solution for this is to change my main nameserver entry when I want to switch ? I'm just curious if it will be a few hours or an instant change.
I thought I'd ask before attempting this live.
Programming :: Proper Implementation Of POSIX Threads
Apr 6, 2011I've implemented a program URL... which reads digital IF data from a radio receiver through a named pipe, measures power levels, and sends the result to stdout. The program is interactive; there is a thread that reads from stdin to watch for commands, a thread that constantly either reads data from the named pipe or throws data away, and an array of processing threads. The program uses GTK+extra to plot the signals. The IF data stream bandwidth exists at the limits of today's technology (is very very fast).
Problem Statement:The program works fine with a few bugs. I've learned since I've made it that using global state variables to coordinate threads isn't a good way of doing it. I also only had knowledge of mutexes and polled the state variable instead of using other methods.My reimplementation will use the following:
- One "Stdin Command Monitoring" thread
- One "Get data from named pipe" thread
- One post-processor thread
- N Processing threads
All threads are alive during the life of main()There are N buffers. Data will come in from the named pipe, and the "Get data" thread will write the data to an "available" buffer. When the buffer is full it will be marked as "full". There will be N processing threads, one for each buffer. When a processing threads' buffer is full, it will process the buffer and save the result to a final buffer. At the end of a number of averages, the post-processor thread will perform a final process on the final buffer and send the results to stdout.
General :: Save Iptables When Iptables-save Doesn't Exist?
Apr 14, 2011I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
Red Hat / Fedora :: Implementation Of Kernel-based Virtual Machine
Jun 9, 2011I'm Redhat 5 user, and I want to implement Kernel-based Virtual Machine. I tried too much search in google but I cant find the perfect instruction regarding it.
View 3 Replies View RelatedSecurity :: Implementation Of Distributed Firewall In A Local Area Network?
Apr 6, 2011I want to know the details about the implementation of distributed firewall in a local area network
View 5 Replies View RelatedProgramming :: C Coding Hacking / Ssh Dynamic Local Port Forwarding Implementation?
Feb 3, 2010From this thread I've decided to try add a feature of removing local port forwardings in ssh.Here are some very ugly and not-yet working hacks what I made so far:
* Patch for channels.c
* Patch for channels.h
* Patch for clientloop.c
I was clearly expecting this to work without any troubles-everything seem to be logically correct, but I made a programming mistake somewhere: don't know where, maybe you will point me to this?Many sites say there is a WAY AROUND with -D param(starting socks proxy as a tunnel-generator), added since 5.2, but I don't need that way around. I need a way through. I use exact ports for exact services and if I want to change it runtime I'd like to have ability to do so.If you have other ideas or points instead of coding this, please share them here & here(original question).
Slackware :: Errors - Warning: Unsupported SASL Client Implementation: Cyrus
Mar 17, 2010My problem is to get postfix working with a smarthost, to send mails from home with dynamic IP, and which needs authentication. I did exactly the same with Slackware 12.2 (postfix 2.6.2) and it worked. Now I tried to do with 2.6.2 (actual running version is 2.7.0 with the same problem) on Slackware 13 64bit. Following error message occurs around every minute in the maillog:
[code]...
Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading
Nov 26, 2010I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedUbuntu :: Try `iptables -h' Or 'iptables --help' For More Information - ' Not Found.4.4: Host/network `98.200.58.73
Nov 3, 2010I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
Fedora :: IPtables Creates An Error During Startup - Applying Firewall Rules: Iptables-restore: Line 21 Failed
Jul 17, 2010IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
Ubuntu Servers :: Setup Iptables Rules In /etc/if-up.d/iptables?
Apr 16, 2011I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
CentOS 5 :: Custom Iptables: Remove The Existing Iptables First?
Apr 28, 2009To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedRed Hat / Fedora :: Best Book For IPTABLES Contains Everything Of Iptables
Jun 18, 2011I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies View RelatedGeneral :: Using DNS In Iptables?
Aug 16, 2010I need to use hostnames in my iptables. When I go to restart iptables, it works fine but when I am rebooting the Linux server it fails during startup since the name service is started up after the iptables. Does anybody have recommendations to get around that? Should I set up a script to run the iptables after everything the server comes back up fully?
View 1 Replies View RelatedGeneral :: Bind Ip And Mac In Iptables?
Jul 28, 2010I want to bind ip and mac in iptables and the script i gathered and working on is as under:
#!/bin/sh
IPTAB = "/sbin/iptables"
macadds = "xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy zz:zz:zz:zz:zz:zz"
ipadds = "aaa:aaa:a:a bbb:bbb:b:b ccc:ccc:c:c"
[code]....
When i run the above script, i get an error as "Bad argument yy:yy:yy:yy:yy:yy try iptables --for more information"
