I have configured iptables in my system and is working. But I cant find iptables kernel folders such as iptables/extensions/Makefile to make a utility Where to locate them? or how to download and install?
View 11 RepliesI'm looking to use Linux (Ubuntu 9.10) as a network bridge between two subnets. I can configure iptables to permit all traffic on eth0 (subnet 1) to pass to eth1 (subnet 2) but before transmitting that traffic I want to perform further analysis. Is it possible within iptables or via a third-party product such a pyroman, to write a "hook" that then directs that traffic to another application installed on the same host?
View 2 Replies View RelatedI am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:
Code:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:
Code:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
Code:
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?
It's been a while since I bothered, so I decided to download and compile my own kernel. When I got to the configuration part of the process, I realized why I haven't bothered in so long. Is that the best way to configure a kernel? A single window with a 100 page option tree containing 50,000 options where you have to go through practically every module and driver ever created? I mean, there's obviously some hardware detection going on. How else would the kernel know which modules/drivers to load and which to ignore? Why can't it be taken a step further and have the modules used be compiled right into the kernel when it's installed?
Some things like USB devices and other peripherals, it makes sense to leave them as modules and have them loaded/unloaded as needed. But processor options? Sound and video drivers? Hardware sensors? I realize that the modular approach is the best way to go for Live CDs, since you never know what mix of hardware someone is going to drop that CD into. But once you click the install button, shouldn't there be a higher level of customization taking place? Has anybody taken any steps to automate this process? Why isn't the kernel configuring itself at installation time?
On the other side of the coin, I know you can copy your current kernel config with the command "cp /boot/config-`uname -r` .config" to give you something to get you started on. Is there a way to have all your loaded modules (shown in lsmod) selected to be compiled right into the kernel, and any other conflicting modules discarded? For example, why have ATI, NVidia, Intel, and a host of other video card driver modules compiled and available externally when usually only one set is needed? Why have modules for every sound card under the sun, when each system usually has only one sound card?
I've got a machine on my network that's just running default Ubuntu 9.10, but I was considering setting up a network dhcp service on it to manage my machines. As such I was just wondering about configuring the iptables for it.
Reading about, I believe all incoming connections are dropped by default in a standard installation of Ubuntu anyway. If so, is it simply a case of enabling UFW and using it to allow the appropriate port for the dhcpd service and not touching anything else and everything should remain secure?
I am trying to figure out how I can configure IPtables to only allow VNC traffic to an internal server over SSH.
My configuration is WAN < --- > Gateway (Ubuntu 9.10 Server) < --- > Internal Server (that I want to control with VNC over SSH)
can i configurfe iptables except using terminal ? like 32-bit interface application
View 1 Replies View RelatedI need to configure 60000 lines in iptables. I am using script to create a file and iptables-restore to configure them.
I am getting error on commit and I see that if the file size if larger than around 39000 it failed.
Is there a limit to number of lines in iptables ?
I am encountering problems to configure my firewall (through iptables) to allow apt-get features, like update and install.I have the latest debian server running in a virtual machine in my windows xp and therefore I have two interfaces in this debian server:- NAT Interfaceinet: 10.0.2.15- Host Only Interfaceinet: 192.168.56.101So far my iptable rules drop all packets for default, in exception icmp and ssh that I allow to ping and connect from my windows xp. Both of them I use only the Host interface (192...) to connect to another 192... interface on my windows.
Those are working fine, but apt is not. I know, in this very moment it shouldn't. But I made a lot of attempts trying to configure the iptables allow connections through the 80 and 21 ports from/to NAT and Host. I think I made all possible combination (or not, because it didnt work). But I'm wondering if someone more experient can help me solve this problem.
I have a mail server with IPTABLES enabled.I want to allow access to:
41.0.0.0/8
58.0.0.0/8
61.0.0.0/8
[code]....
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I am using centos 5.3 , and also using webserver in local network
Here is all configuration
1, server
eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1
2, webserver
eth0 10.0.0.2
I want set iptables on server 1 , to acces webserver from other city ,
How to configure iptables
I'm working on my iptables rules on a debian 8 vps and I tried to install iptables-persistent but I was told "Unable to locate package"...
Where can I get this so that I may save my rules for reboot?
When there is an exploit in the kernal, can the iptables firewall get bypass? If yes,how do you know? Otherwise how can you find out.
View 9 Replies View RelatedI was just wondering if using a non-smp kernel would be ok on a older p4 system with no x. I am wondering due to some functionality in IPTABLES that is broken in the SMP kernels ( -m owner --sid.pid,cmd-owner).
Could someone that is running a NON-SMP kernel advise as to whether the support for -m owner --cmd-owner is working in iptables with those kernels? Also, could someone advise me if running a NON-SMP kernel is even advisable? The machine will not have x.
Here is my problem:
I need to enable the statistic module in iptables.
I had Fedora 13 32 bits, iptables-1.4.7-2 and kernel 2.6.18
But kernel 2.6.18 does not support statistic module.
So, I upgraded from Fedora 13 to Fedora 14.
Now I have Fedora release 14 (Laughlin) and Kernel 2.6.18
I did this to upgrade: url
Also, I did this too.
# yum update kernel
No Packages marked for Update
How can I ugrade to newer kernel?
installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
View 4 Replies View RelatedI have a few mail servers (CentOS 5.5) that are running OSSEC Active Response (2.5.1) on Iptables (1.3.5-5.3.el5_4.1). We are currently having a problem where we get loop hook errors:Jan 24 04:15:03 servername kernel: iptables: loop hook 1 pos 464080 00000022 this is the firewall-drop.sh we are currently using:
Code:
#!/bin/sh
# Adds an IP to the iptables drop list (if linux)
# Adds an IP to the ipfilter drop list (if solaris, freebsd or netbsd)
# Adds an IP to the ipsec drop list (if aix)
[Code]...
I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
I have Ubuntu 10.10 Server installed on a 32 core machine(quad AMD Magny Cours 6128 ), and I was wondering what kernel configuration would optimize its performance?So far, I have only found the obvious configurations that are checked off:
1) Processor type and features ---> Support for big SMP systems with more than 8 CPUs
2) Processor type and features ---> Maximum num of CPUs
3) Multi-core scheduler support
Is there anything else I should consider?I plan on running multi-threaded programs with moderate amount of inter-processor communication, shouldn't there be some options related to the shared memory?
I want to learning and developing the kernel on the practice(not kernel module). What are some ways to boot the test kernel on the same system(with stable kernel) where I`m building a test kernel for debugging purposes.
How to configure and use the host to boot a test kernel then I can boot the system(with stable kernel) and fix the test kernel.
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI wanted to give Ubuntu Studio a try, for music production purpose, as a musician and composer-writer. So I started with a Ubuntu 10.10 generic install then processed with the installation of Ubuntu Studio packages, including RT kernel at last. Everything ran smoothly until I installed this RT kernel...The problem appears to be LILO and its config, as well as fstab. I fear all of this is far above my abilities, this is why I submit my problem to the community. Here's what I've discovered when trying to configure LILO: $ sudo liloconfig
[Code]....
I have installed Linux SuSE 10.3 on a PC (Lenovo Thinkstation A58). However, when I start the computer I get the following error message:
"No valid Host_ID or host-name found."
I then use YaST to set up the network. I get the following error message:
"Unable to configure the network card because the kernel device is not present."
The computer has Windows 7 installed and everything seems to work fine. The LED on the Ethernetplug is blinking when using Windows, but not when using Linux. I guess this means that there is no driver for the Ethernet card (Marvell Yukon 88E8057). I have not found any driver for the card and am considering buying a new one. Which PCI card works with SuSE Linux 10.3?
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedWhen trying to install the nvidia graphics driver I get the following error-message:
ERROR: The kernel header file '/usr/src/linux/include/linux/version.h' does not exist. The most likely reason for this is that the kernel source files in '/usr/src/linux' have not been configured. How do I configure the kernel source files?
I have tried to install and configure Hudson in centos distro version 5.Installed hudson with tomcat by deploying .war files.after configuration was completed, builded a project.It displayed build was completed successfully.but I was not able to download output of build.
So I rechecked configuration,found that i havent set artifact file pattern to archive. how to set artifact file pattern and how to get build output. how to manage hudson by using configure system and configure options.what is the correct way to configure public hudson?.