General :: Adding Firewalls Nat Rules / Internet Is Totally Blocked On Eth1?
Oct 4, 2010
I have a centos5.3 server. I want to configure it as transparent squid proxy server. Internet is connected to eth0(192.168.0.100) and lan is connected to eth1(192.168.200.0/24) and eth1 ip is 192.168.200.1 .
I have configured it as dhcp,squid and its working fine.
Now I want to configure it as a transparent,so that no one has to manually configure in browser.
I am using a kernel of version 2.6.32 . I installed iptables of version 1.4.2 and it got installed successfully. but while adding some rule to the iptable i faced an error like the following iptables v1.4.2: Couldn't load target `standard':/usr/local//libexec/xtables/libipt_standard.so: cannot open shared object file: No such file or directory
i basically want to add a rule like the following iptables -A INPUT -p icmp -j QUEUE
one more thing i would like to add post is tat i did not find a library called libipt_standard.so in iptables folder(/usr/local/libexec/xtables) instead i found a library libxt_standard.so
i tried renaming libxt_standard.so to libipt_standard.so but even then i found the same error.
I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
In my Ubuntu 9.04 installation, just a few days ago, I lost my usage of the internet. I still had internet access. Firstly though, there was a problem with the router, so I tried a friend's router (both Netgear DG834) and the friend's one worked. But in Ubuntu, I could not access any web pages or email. Skype works.
I tried using my netbook and that could access web pages okay. So then I booted my main PC into the old installation that I kept there of Ubuntu 8.04, which I am using now. And in this the internet works just fine, I can access websites and download and send email.
But in Ubuntu 9.04, it seems like something is blocking my access. I do not recall installing anything new, although something may have been updated recently. I can see the DNS servers from Ubuntu 9.04 and it gets an IP address from the router. What is the likely cause of the Internet being blocked for websites and email (but not Skype)?
I am using Ubuntu 10,04 with a gnome interface on an ASUS K70IJ. It all works well, just the internet connection is sometimes blocked or very slow. I have tried it on several places (offices, hot spot, friends) with wireless lan and ethernet. I thought it might be a problem with the pilot for the internet connection. Can anybody tell me where I could find such a pilot and how I do to install it?
I have a bit of a "unique" situation here. I have myself plugged into two networks - since we run two networks here at work (long story, we merged and never combined them due to two different companies) and want to block ALL internet access off eth1, and only have it off eth0. I only want traffic from 192.168.67.1-192.168.67.255 allowed on eth1, but everything allowed on eth0. Or is there a way for the internet/applications to be on eth0 instead of eth1? Would I use iptables or something?
im a linux noob dont get techy ill die of brain fry im running a craft bukkit minecraft server on my 11.04 ubuntu server. however the server uses my only 10m Ethernet cable that i normaly use for my ps3 (i will NOT go wireless. i hate it (or dont like it)) therefor i found an old PCI NIC in an old computer, its a 10/100 realtek one. ifconfig detects it (after two commands:
Code: ifconfig eth0 up dhclient eth0 )
now i need to send the internet to my ps3 too.i know the connection wont be blazing fast but isnt it okay?it musnt interrupt the minecraft server. if you need info just ask. ill try and provide them.
A couple of days ago I Obtained a spare computer and installed fedora 14 on it, just to try it out. I only have experience with microsoft windows so I'm new to this system. The OS seems to work fine but I can't browse the internet with firefox. I'm using a speedtouch 546 v6 modem with adsl(wired). The network manager indicates that the wired connection "auto eth1" is active. The previous OS was windows xp. I was able to browse the internet whit this OS. I removed it because it was crashing all the time (illegal version).
I need to setup two ethernets in my Centos box. OK no problem both ethernet and 1 virtual works perfect. eth0, eth1 and eth1:0. I'm trying to set up diferent routes for eth0 and eth1/eth1:0 I need eth0 has a 192.168.1.1 gateway and eth1/eth1:0 192.168.1.100 gateway.I think I've tried almost every thing but always get one gateway for all the eth.These are my config..
/sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:XX:XX:XX:XX:XX inet addr:192.168.1.168 Bcast:192.168.1.255 Mask:255.255.255.0[code]......
I have a Fedora 11 system and cbq.init-v0.7.3 in it. Now I want to restrict upload speed from my ftp server to Internet (eth1). According to docs I've made a simple file /etc/sysconfig/cbq/cbq- 00.inet_upload_restrict:
So as you can see I want to limit outbound traffic on eth1 from my ftp port 20 to any to the 800Kbit/s (100Kbyte/s). Now I do cbq start, it says: find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments. but it starts and works. Now I check the speed and it is...
I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf
Our company had a vendor doing some data transformation work for us that we recently decided to take in house. They were good enough to transfer all their processes to a pc we gave them and it's running great. Only thing is that its a linux OS and I have no idea how to do anything other than what to click on to run programs.
Its OS version 2.6.34.8-68.fc13.i686.PAE. KDE SC version:4.5.5
I know that at the bottom left where there would be a windows button on a Windows PC there is a blue K button. That's ALL I know.
First thing I'd like to know is how to totally back up this system OS and all so that if something happens I can load it onto another PC. I'm pretty panicked because it IS an old pc it's on. Then, I'd like to know what is this exactly and how can I learn what I have here
I want to start totally from scratch on Linux server I installed the other day. No dual boot, no personal files, etc... on it.
Fdisk -l shows the following:
Disk /dev/sda: 320g 255 heads, 63 sectors/track, 38913 cylanders units = cylanders of 16065 *512 = 822...bytes
[code]....
All the info I have found has multiple steps, but in my situation is there just 1 easy command to do this? If not, can I just reinstall from CD and it will reformat and let me customize more? If I have to use the several steps to reformat, can you explicitly type out exact commands for me? I am completely new, have to learn all this, and all the referece books/materials kind of scatter the info around.
I try to generate a server client code. What i try to do is sending video streams from eth0 and eth1 to the other server programs' eth0 and eth1. In order to do that, i decided to use SO_BINDTODEVICE. But the code is not working. Am i misunderstood the usage of SO_BINDTODEVICE.
1-Defining two ports 2-Defining two sockets 3-Assigning host ips on them
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
In a performance test, I want to bypass the influence of cache of linux system (including page cache/inode cache and so on). I have tried O_DIRECT flag, but it's turned out that direct I/O is still "enjoy" the effect of some cache.Is there a thorough way to close the effect of system cache?
I got this printer HP Deskjest 1000 J110a and I have been trying to download their program for Linux Ubuntu 10.10 but I can't figure out what to do next.I am totally new to this. I have a ASUS Eee PC laptop and I don't have Windows because the trial ran out.
A friend lent me their Ubuntu book but I can't understand it and could not find anything about the sound suddenly going from the speaker on Monday night. I went to Sony Ericsson's site to check something on my account and loud music suddenly started blaring out so I pressed the Fn button and End which muted it. However, I forgot to take it off before closing down for the night and as of Tuesday morning I have no sound. Would me leaving mute on all night have screwed something up or has it just suddenly gone? I am so upset as I cannot afford to get another laptop as not working and this is my last resort since my original Compaq one died.
I appreciate any "Helpful" solutions. Not in techy but layman's terms please as I won't understand. Also if you do reply, I am in the UK and also don't get notifications so I am not being rude if I can't get back to you quickly. I will be going to bed now.
I have an acer aspire one with Linpus Lite. Copied a document into OO yesterday and got a message OO had crashed. OO window wouldn't close etc. Emails and internet still worked ok. When closing down, emails & internet closed ok. Tried Ctrl, Alt Del to close the crashed OO file - didn't work. Eventually turned machine off at main switch. Today when turning machine on, goes past the screen advertising Acer Aspire one, but then nothing else happens, no icons. Black screen with a cross as a cursor. Cross is a diagonal cross, thicker than an ordinary x. Nothing like I have ever seen before.
I have an Acer Aspire 6930g with an nVidia GeForce 9300m GS which has a broken screen. I have been using an external monitor for some time using Linux Mint, without issue.
I initially set this up with great difficulty using the small parts of the screen that would still display an image at the time. Now, however the screen is totally dead, I have since disconnected the laptop monitor in order to not cause issues.
The issue I am currently having is trying to use live distros.
I'll give you example: I boot ubuntu 9.10 32bit and it gets to the initial boot menu. I choose "Try Ubuntu..." It shows the loading screen. Screen goes blank when going to desktop
I tried Ctrl+Alt+F1 to get to a terminal, but the screen stays blank. The same thing happens with both Knoppix and Backtrack 4 as well. The display goes blank upon switching to the desktop.
I'm new to Ubuntu and Linux and still trying to figure things out. Are UFW and iptables the same, or are they two different firewalls? The reason I ask this is that I can load up Firestarter, (which, from what I've read controls iptables), then go into a terminal mode and run "ufw status", and it shows disabled. What I'm ultimately trying to do is to open up a port so Vuze and/or Transmission Bitorrent will work, but have not had any success.
I have a problem with my wireless internet, my chipset went into the kernel in 2.6.38 and my kernel is version 2.6.37. I know what I have to do, which is add the repository from Index of /repositories/driver:/wireless/openSUSE_11.4 there. Then I have to go into Yast and get the compat-wireless-kmp-desktop-2.6.38.2_k2.6.37.1_1.2-2.1.i586.rpm I do believe. From then, I can do the 'sudo/sbin/modprobe -v rtl8192ce' command my wireless should be availabe.
However, with no internet connection, I'm not sure how to add a repository. I'm a bit of a noob to Linux but I'm just unsure of a way. I tried just going in and downloading the compat-wireless-kmp-desktop-2.6.38.2_k2.6.37.1_1.2-2.1.i586.rpm file and putting it on my external harddrive and trying to install it that way. But it said something about there was no dependency so it couldn't install the file.
Am I missing something here or is there another way I can do this without the use of internet in OpenSuse?
Btw, before anyone says use wireless, it's not possible at the moment, but I'll make it happen if it's a last resort.
Other than Firestarter, how safe is it to use an iptables firewall for Linux if you know the basics of iptables but not the details and not exactly what you're doing with iptables? I want to be very secure without configuring iptables myself if possible or doing as little as possible. If you don't think iptables is safe if you don't really know what you're doing, which firewall you can use (Slackware specific, preferably) that is the easiest to install and configure? Are there any that work like free Windows firewalls, other than Firestarter? I've looked around and looked at slackbuild and can't find a Firestarter package, I searched this site also and saw something about the reason there isn't one. I'm concerned with my security and I don't want to write my own iptables firewall - I don't fully know what I'm doing.
I am using CentOS LiveCD i386 without internet access. I would like to make the application sys_basher, but make is not installed and I cannot find how to add packages without yum.
I have several Windoz machines in a peer-to-peer network and now two SUSE machines, one 11.1 and another 11.2.I have a network printer accessible now to all the machines.My next step is to be able to share files between all the machines and several network drives. I know how to set this up between the Windoz machines, but the only way I can get the SUSE machines to see the network (and be seen) is to shut down their firewalls, and I don't think that's how you are supposed to do it?Can someone point me to what it is that I need to read, or is there a FAQ somewhere to help get me started?
I think that this has something to do with Samba and I installed Samba (client or server? I forget) on the 11.1 and 11.2 seems to have it already built-in, but I don't know how to set it up with the firewalls on the two Linux machines so that it is all seamless (as if anything can be seamless).
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
