I have samba running on 192.168.100.209 and I am trying to open samba ports only for hosts in 192.168.100.0/24 network.. I have added following rules to iptables. But still I am not able to connect from machines from 192.168.100.0/24 network
Code:
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 445 -j ACCEPT
What's wrong with the above rules ?
tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies View RelatedHow to open port at iptable?
My box is centos 5.4.
I wanto to open UDP 177 and TCP 6000~60010.
I can connect my box through putty now.
I configure IPtable on RadHat as firewall and i want to allow for IP Phone using SIP protocol.I already allow port 5060 for IP Phone using SIP Protocol and I can call out.The problem is:
1. I can call out and in but when they pick up my call they hear what i'm saying but i can't hear they are saying.
In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.
View 5 Replies View Relatedi'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies View RelatedI need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
This is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
I have installed squid as my proxy server in ubuntu 10.04 standalone system..Why i have installed squid in standalone sytem is, my friends used to access my system to browse sites and download files..So i have installed squid to block porn sites and downloads..But they simply bypass the proxy by disabling it..I know there is some way to force all browsers to go through proxy using iptables..But how to acheive it..? Is the below command suits my need..?If not what modification should i do..?
Code:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
i have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
I set up a vnc connection to my machine the other day and while doing that checked out any open ports.To my astonishment my ftp port is open, although I double checked the firewall and there's no check in the checkbox for the ftp port. I didn't add a "other ports" rule or anything as well.So, how would I be able to fix that?
View 5 Replies View RelatedI have problems with iptables :
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#
I need stopping a SYN ddos attack... but iptable rule don't work...
Did a fresh install of Ubuntu Desktop 10.10 64-bit on my Dell D630.
I installed the Samba and used GADMIN-Samba to configure. The networking area is as follows:
But I'm am unable to attach to the SMB share. When I do a port scan on the PC network address it shows the port for SSH open along with the random high number ports for web connections but not the port for SMB (445). If I port scan 127.0.0.1 it shows SSH, netbios-ssn, and SMB open.
I've tried adding a rule to UFW and disabling UFW but it makes no difference.
I'm able to connect to SMB shares off of my Windows Desktop, so I know my home router isn't filtering any internal traffic.
I'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :
Rule 1 : Mark all packet coming from 192.168.2.0/25 with number 1
Rule 2 : Drop all packets which has been mark with number 1
I am running lmgrd on CentOS5, but it returns Failed to open the TCP port number in the license. The port is 27000, how can I open that port?
View 5 Replies View RelatedI'm running IPF on solaris 10 Note :i believe the idea will be the same it doesn't matter either its linux or solaris
Code:
bash-3.00# ipf -V #display ipf version
ipf: IP Filter: v4.1.9 (592)
[code]....
I am new to iptables. The setup tool on a VPS doesn't work. So, I am learning to insert rules. I have inserted so many and some of them show as duplicates now.
1- I want to know how to remove the duplicates. Is there a file that these rules are store in so I can go in and easily edit it?
2- Is there any other utility that handles firewall in Linux that I am unaware of? or is the iptables the ultimate door guard? This is a plain install of CentOS.
3- Since I believe I opened port 5090 but I think it still might be blocked, could SELINUX be the problem? How can I get my way around setting it to permissive or disable if I don't have access to "setup" command?
4- What is the order of iptables reading? does rule #1 supersede all other rules? or does the last rule supersede all rules prior to it?
5- Do the rules below make a fairly safe system? (except for the duplicates which should be remove) I understand that a safe system is dependent also on the applications that are allowed in this category and I am not talking about those. I am talking about dropping all other inquiries and in general is this how iptables are setup? This is what I currently have:
[root@tel ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
[Code]...
I have a trayless SATA hotswap bay that is really terrific for quickly attaching and removing SATA hard drives. I'm trying to write a udev rule to create a symbolic link to the device node for the drive that is attached through the hotswap bay (/dev/bay -> /dev/sdX). This eliminates any ambiguity when performing destructive tasks (fdisk, etc). I'm running squeeze amd64. I've read through several tutorials and have it working somewhat. Here's the output of udevadm info for a drive attached via the hotswap bay.
looking at device '/devices/pci0000:00/0000:00:11.0/host7/target7:0:0/7:0:0:0/block/sdb':
KERNEL=="sdb"
SUBSYSTEM=="block"
DRIVER==""
ATTR{range}=="16"
ATTR{ext_range}=="256"
ATTR{removable}=="0"
ATTR{ro}=="0"
ATTR{size}=="156301488"
ATTR{alignment_offset}=="0"
ATTR{capability}=="52" ....
Here is my udev rule
DEVPATH=="/devices/pci0000:00/0000:00:11.0/host7/*", SUBSYSTEM=="block", SYMLINK+="bay%n"
This produces the desired behavior and gives me an fdisk-able device node. The problem I am having is that the "host" component of the DEVPATH varies from bootup to bootup. I'm just using on onboard SATA, host2-7, specifically host7. There is also onboard PATA, host0-1. It seems to just be random which "host"s are assigned to which controller. For example, the next time I boot the system, the onboard SATA will be host0-5 and the onboard PATA will be host6-7. In this simple case, I could just write 2 rules, one for each possibility and it would still be correct because of the different PCI addresses of the two controllers. But on systems with more SCSI (uh... libata, actually) controllers, a "host" file can point to different physical ports between bootstraps. This would be bad. Does anyone know of a way to write a rule to tie a device node to a specific physical SATA port on the motherboard/hba?
how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies View RelatedI hear that it's a bad idea to edit iptables by hand.
I want to open 443. Quote: iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
Since I'm not at the box, I can't use the nifty GUI.
How might one do this via terminal?
OS: CentOSv5 (RHELv5)
i have centos5.3 installed with iptables firewall, i want to open port 5222 as i want to access application which uses port 5222 from internet.
View 14 Replies View Relatedfrom my windows box at work i can only connect to some ports (pop3, telnet, web)also, i can connect to port 1234 (as an example)everything else is blocked.I'm trying to connect with Microsoft Terminal Service Client to my linux box (cant install any vnc)but haven't found a way to make Gnome remote desktop to listen to the port i need (1234).I'm using fedora 13.anyway, i would appreciate any advice on what software to use or hot to configure my Linux box get remote connections from windows box on that certain port.
View 5 Replies View RelatedIf I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
View 4 Replies View RelatedQuestion (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
Made some network and hardware changes, and now I can't get the mailserver to work. It seems that sendmail can't loop to itself on 127.0.0.1. When I nmap localhost, I find that port 25 isn't open.
Naturally, nothing has changed on my system except for different routing, interfaces, etc.
So the question for sendmail gurus,is where should I be looking?
I want to open 177 port of remote server for mypc.com.
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 177 -s mypc.com -j ACCEPT
I wrote this at iptables, but I could not connect mypc.com with remote server.
Kindly let me know what I am wrong?
I want to open port 2700 on my firewall but I don't know how I try with Code:iptables -A INPUT -i eth0 -p tcp --sport 2700 -m state --state ESTABLISHED -j ACCEPT But the port is not open I see the firewall configuration with the command setup . I use CentOS 5.3 here a screen of my configuration :http://upbg.net/out.php/i3537_sshot3.pngCurrently my firewall is off because I don't know how to turn on 2700 when the port is open I will turn on firewall .If I write 2700 in other ports field will 2700 be open ? Before 1 month I try but the port was not open . I have only 1 last question will firewall reduce the load of the my server now mysql use many CPU % and I just don't know why
View 14 Replies View RelatedI wonder how can I only open 1 port out of this two on my CentOS Machine:
Code:
[root@389-ds ~]# netstat -pant | grep "ns-slapd"
tcp 0 0 :::389 :::* LISTEN 7956/ns-slapd
tcp 0 0 :::636 :::* LISTEN 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.142:4806 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.142:4805 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.146:1699 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.47.177:4986 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.146:1698 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.146:1697 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.47.177:4985 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.146:1701 ESTABLISHED 7956/ns-slapd
tcp 0 0 ::ffff:10.209.37.91:636 ::ffff:10.209.37.142:4808 ESTABLISHED 7956/ns-slapd
[root@389-ds ~]#
I have Fedora DS Installed and when I a trying to access through the client ldap:// is working but not ldaps://
I am trying to open the telnet port on my system with port 4100 and for the same i have inserted the entries in iptables file using below command./sbin/iptables -A INPUT -s 132.186.208.83/24 -p tcp �-dport 4100 -j ACCEPT.
View 1 Replies View RelatedHow We can Open PORT 2095 IN linux
View 3 Replies View Related
