General :: Iptables Restrict Ssh Session By Mac Address?

May 24, 2011

I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.I've followed the instructions outlined in this guide and ran the following two commands:

/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
root@xxxx:~/#: iptables --list

[code]....

View 3 Replies


ADVERTISEMENT

Security :: IPTABLES - Restrict Internet Access Based On Time Of Day And MAC Address

Feb 6, 2010

I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.

Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.

Code:

Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.

Code:

Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?

I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.

I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.

View 7 Replies View Related

Ubuntu Servers :: Restrict User Session Numbers And Allow Resuming Previous User Session?

Jun 30, 2010

I am currently in a project to set up an LTSP server with 10 thin clients. I am using Ubuntu 9.10 (Karmic).

Installing server and booting clients are working fine. Now, according to the need, I have to restrict user session numbers and allow resuming previous user session.

I have achieved to do the first one, but still could not able to setup the second one. As per requirement, if some thin can have power failure, the same session should be restored back. I am confused here, if I need to focus on saving xsessions or saving gnome sessions. I am looking for a concrete solution as I am running out of time.

View 1 Replies View Related

Security :: Restrict Telnet Session To Users ?

Oct 22, 2009

I want restrict telnet session to users.

That means the client login one user at a time. not multiple login.

For example:

I want restrict this. How to restrict one user to use multiple login.

View 4 Replies View Related

Networking :: Using TC And IPtables To Restrict Download Speed

Sep 17, 2010

I'd like to use tc and iptables to restrict the download speed. I understand this is know as policing. Are there some resources I could use to learn how to do this? I want to restrict on a per ip basis.

View 1 Replies View Related

General :: Allow Access To Server From Only 1 IP Address Using Iptables?

Aug 3, 2011

I have a server located remotely that I'd like to protect by allowing access to only my IP address (on any port). Currently anyone can access the server using ssh, http, and any other services that my server is running. (The reason I need to protect it for now is that it's a test/development server and really only needs to be accessed by me.)

The downside of doing this is every time my desktop IP address changes (from where I access the remote server), I would need to update the iptables configuration. (This could be a hassle, but based on my limited knowledge it seems to be the best way to allow access from only myself.)

Could anyone share how to allow access to my server using iptables from only my IP address and on any port?

View 4 Replies View Related

SUSE :: Restrict Users Open Session Via XDMCP - Xmings XLaunch - From Windows PC

Feb 17, 2010

I have one Linux PC installed with Suse 11.1. In this I have created three users to get access.

Users able access their login from Windows PC via some utilities.
1. Putty
2. Xming

Users able login using both. With Putty there is no GUI. But with Xmings XLaunch they are able to get similar session as Linux Host PC. At this point of time the host linux PC will become too slow in perfarmance.

How to retrict the users not to open similar session by enablin/disabling some setting in Linux PC?

View 2 Replies View Related

Ubuntu Security :: Restrict Root Logons To The SSH Server To A Single Ip Address?

Feb 26, 2010

Is it possible to restrict root logons to the SSH server to just a single ip address (or maybe a range?) I have other users connecting to the server daily so restricting ALL access to a single ip i cannot do. I need root enabled (for my own reasons) but want to lock it down a bit more.

View 9 Replies View Related

Debian Configuration :: Apache Config - Restrict The Access To Local Web Server By IP Address?

Jul 29, 2010

I want to restrict the access to my local web server by IP address. Im in a LAN (192.168.200.xx) so i have this:

[code]....

But when i try to connect from 192.168.200.4 it says i don't have permission to access

View 1 Replies View Related

Security :: How To Rate Limited IPTABLEs Treat A Screen Session On Ssh After Disconnection

Nov 3, 2010

Take this scenario If I have rate limited the connections to 4.(i.e if you attempt 4th connection you wont be able to login for some time.) If in a minute I get disconnected 3 times while I was already logged in on the server with a screen session, will I be able to login or I need to keep quite for a minute?

Quote:

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

View 5 Replies View Related

Networking :: Add Ip Address In IPTables?

Nov 11, 2010

How can I add ip address which is multiple of 3 and to 255? That is I want to block ip address which is coming from multiple of 3 to 255.

As an example 192.168.0.3,192.168.0.6,192.168.0.9,192.168.0.12 etc.

View 4 Replies View Related

Debian :: Banshee - Dbus Session Bus Address Not Set

Jan 12, 2011

I use Debian Squeeze with Banshee 1.6.1 and I'm having a problem with some commands in Banshee via terminal:

$ banshee --play
$ banshee --stop
$ banshee --next
$ banshee --previous

Instead of changing the playback, these commands open a new Banshee window, and then I get 2 banshee processes running. I tried to get some help in Banshee's forum, and they said it's a problem with Dbus, more specifically, the variable DBUS_SESSION_BUS_ADDRESS is not set. If I run the following command, I get an empty line:

login@host:~$ echo $DBUS_SESSION_BUS_ADDRESS
login@host:~$

I searched in google and I found some solutions that worked for other distros, but in Debian they are not working.

View 2 Replies View Related

Ubuntu Security :: Use Address Not Ip In Iptables?

Jul 24, 2010

i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?

View 7 Replies View Related

CentOS 5 Networking :: Restrict User "admin" To Login To The Server From A Specific IP Address?

Jun 9, 2009

i am using openssh 5.2-p1, i want to restrict user "admin" to login to the server from a specific IP address, for this purpose i have tried the following blocks in sshd_config file.Following is the part of the sshd_config file which i have modified

#The following commands will only allow specific IP to login to ssh.

#AllowUsers admin user1 user2

#AllowGroups

# override default of no subsystems.Subsystem sftp internal-sftp

Match Group sftpgroup
ChrootDirectory /home
AllowTCPForwarding no[code].....

i want to restrict admin user to login to the server only from 172.16.100.221 IP which can be done by using AllowUser line, but i dont want to use AllowUser line,

View 1 Replies View Related

Networking :: Set Iptables To Forward All On An Aliased Ip Address?

Apr 15, 2009

I have three machines on three networks192.x.x.x10.x.x.x172.x.x.xThe routers are set to forward communication between 192. network and 10. network, and between the 10. network and the 172. network.However, there's not routing between 192. and 172.I want to fix that by using a machine on the 10. network to forward communication between the other two networks.The machine has one etherent connection eth0 whose address is 10.1.1.11I set up an aliased ip address eth0:0 to be 10.1.1.12 using Quote:ifconfig eth0:0 10.1.1.12Then I tried to set forwarding rules the 10. machine such that 10.1.1.12 address will provide access to the machine 172.1.1.55 as followsQuote:# iptables -t nat -A PREROUTING -d 10.1.1.12 -j DNAT --to-destination 172.1.1.55The default policies for all chains is ACCEPT.I then try to access 10.1.1.12 from 192.1.1.20 expecting it to actually access 172.1.1.55 ; it does not work

View 3 Replies View Related

Security :: Blocking An Ip Address Range Within Iptables?

Mar 30, 2009

I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:

Code:

$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP

What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?

View 4 Replies View Related

Networking :: Unwanted Blocking Ip Address And Session Log Out In Ubuntu 10.04 Server

Jun 29, 2011

I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:

1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying.
2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:

View 9 Replies View Related

Red Hat / Fedora :: Changing Outgoing DNS (port 53) IP Address With Iptables?

Mar 31, 2009

I need to know what the Iptables "code" is to change the outgoing/Incoming IP for port 53 (DNS). I'm running CentOS on a dedicated server. I very familiar with Putty and SSH. So I don't need much details, I just can't figure this out. I asked my server providor but they deleted my ticket and didn't answer me.I tried this but am not sure if this correct of working?

View 5 Replies View Related

Networking :: Stop IPTables To Resolve Source Address?

Oct 25, 2010

Here is a glimpse of my IPTABLES
http://pastebin.com/WvHAC46A
I see in the column of sources the addresses being resolved to domain names is there a way I can stop this?

View 4 Replies View Related

Ubuntu Networking :: Redirect Network Traffic To A New IP Address Using IPtables?

Jun 19, 2011

how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.

View 2 Replies View Related

Fedora X86/64bit :: Create A Script To Show The Last Time Iptables Had Seen A Given IP Address?

Jun 20, 2009

i was trying to crate a script to show the last time iptables had seen a given IP address (contained in the ipt_recent kernel hook -- my user-defined table name is 'iplist'). The ipt_recent table yields the following information (IPv4 addresses masked for paranoid reasons):

Code:

src=www.xxx.yyy.zzz ttl: 114 last_seen: 9355600126 oldest_pkt: 1 9355600126
src=www.xxx.yyy.zzz ttl: 109 last_seen: 10020040763 oldest_pkt: 1 10020040763
src=www.xxx.yyy.zzz ttl: 111 last_seen: 8106864077 oldest_pkt: 3 8103790647, 8106530788, 8106864077
src=www.xxx.yyy.zzz ttl: 109 last_seen: 9937861664 oldest_pkt: 1 9937861664
src=www.xxx.yyy.zzz ttl: 115 last_seen: 8244867102 oldest_pkt: 1 8244867102

The attempted command used was:

Code:

cat /proc/net/ipt_recent/iplist | awk '{print ($1 ,system("date -d @" $5));}'

Such command yields the following (I'm willing to live with the trailing zero):

Code:

Wed Jun 20 05:48:46 EDT 2266
src=www.xxx.yyy.zzz 0

[code]....

I presume the ipt_recent table uses the standard UNIX epoch timestamp. Am I using the date command syntax incorrectly, is this a 32-bit vs 64-bit break, or it is something else? Please note that I am using FC10, and I have double-checked my system clock settings (both BIOS and OS). The system has only been running during 2009 (no reboot yet).

View 2 Replies View Related

OpenSUSE Network :: IPv6 Getting A Global Address Takes A Long Time - Possibly Only After Starting A KDE Session

Jul 8, 2011

My ISP offers the service of native IPv6. So my ADSL router provides me with a local and global IPv6 address. However after a reboot it takes minutes to finally see the global address when using "ifconfog eth0". During that time I can't do a ping6 to an external server, which seems logical. So I waited several minutes, but no global address. After that I started a KDE session, went back to the console(<Ctrl>+<Alt>+F1) and now the global address was there. Is this normal behavior or should I file bug report?

View 6 Replies View Related

General :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?

Sep 17, 2010

I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,

[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

[code]....

View 6 Replies View Related

Networking :: Iptables Can't Port Forward (PAT Port Address Translation)?

Feb 20, 2010

I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.

iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21

When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.

The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..

Here i my iptables script:

#flush table
iptables -F
#input regler

[code]....

View 6 Replies View Related

General :: Session Timeout - What Is Considered A Idle "session" ?

May 11, 2010

Info about session timeout.

I use tmout = 15 min in my /etc/profile (along with readonly tmout). i have some issues i need to address, looking for ideas.

1. what is considered a idle "session" ?

2. if i & a process to the background and do nothing is this a idle session?

3. if user uses su to a higher level, are there now two sessions? is the tmout for user suspended until su user time outs or leaves su session?

4. i have some users who will run long sql queries. is there a workaround to have the session remain active until process has finished?

View 3 Replies View Related

General :: What Is Production IP Address And Management IP Address In Servers

Jul 20, 2011

what is Production IP address and Management IP address in Linux servers? What is the significance of these two? When to use what?

View 3 Replies View Related

General :: Virtual Memory Address To Physical Address?

Apr 13, 2010

How can I get the physical address corresponding to a virtual address in linux by using /proc file system

View 1 Replies View Related

General :: How To Restrict Use Of A Computer?

Nov 22, 2010

Suppose that some person is insomniac because of a bad habit of chatting on the IRC every night until 3AM. That completely ruins this person's life because he is unable to wake up on time to attend his exams, because he will be fully exhausted everyday and will feel depressive.

That person is conscious of this bad behaviour, and would accept any help including installing a software on his own computer granting me admin privileges to install it.

Do you know of such a software that ideally would: Would prevent use of the computer at certain time ranges, let's say 11PM — 6AM Would gracefully shutdown the computer at the beginning of that time range (not killing all the applications brutally), and shutdown it if the user attempts to switch it back on Would warn 10 minutes beforehand Could occasionally be disabled if I give a one-time password to that person?

That person uses Linux, and I am curious of knowing what is available for that purpose. It is kind of a parental control, but not for a child.

View 2 Replies View Related

General :: Use Where Save For The Physical Address Going Towards The MAC Address

Jul 19, 2010

im REALLY new with linux and ive downloaded and installed Ubuntu...now heres the question.how do i set up WLAN internet use? ive tried using ipconfig/all on windows command but im not sure which info to use where save for the Physical Address going towards the MAC Address info

View 14 Replies View Related

General :: Restrict A Program's R/w Rights To Nothing?

Sep 15, 2011

Under Linux, I would like to be able to launch anything from command line in a "safe" environment, i.e. be assured that it can't read or write any file on my computer, and even better if it couldn't access the network.I thought about creating a user with reading rights only in the current folder (and nowhere else), and su to this user to launch the command, would this work ? And what about the network ?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved