I've been trying to get nfs working, and afer struggling for a little while, I think I've almost got it. I believe the only thing holding me back is iptables (when I disable iptables, I can connect without any issues). I'm running Fedora 11 on the server. Here is my /etc/sysconfig/nfs:
[Code].....
1: Did chkconfig --level 12345 iptables off (and ip6tables too)
2: Did system-config-firewall and unclicked enable
3: Rebooted:
Dang the stuff is still there:
--
# /etc/init.d/iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
[code].....
I am using Fedora. I want to disable Linux iptables permanently. Normally when I reboot my pc the iptable service is on. how can I disable even I turn reboot the pc.
View 6 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I'm trying to open up some ports to connect via vnc to a server running Centos 5.5. I've edited /etc/sysconfig/iptables everything *looks* fine, but I still can't seem to get access to the port I've opened (I added some newlines for clarity between commands):
[Code]....
I have Ubuntu 10.04 with Gnome. Whenever I put in a blank CD/DVD an icon on the desktop appears named "Blank CD/DVD" and a window appears asking me what I want to do with it. How do I disable the window and the icon from the desktop?
View 2 Replies View Relatedhave had a problem with my ubuntu system recently in that it will only let me connect to the Internet through Firefox if I switch network.dns.disableIPv6 on. How do I do the equivalent in Ubuntu to enable me to use Ephiphany etc which are not working anymore
View 2 Replies View RelatedI'm running Ubuntu in VMWare for a side project. I noticed when I boot up, it doesn't let me access anything externally. I have to disable network manager and re-enable it. Once done, I can hit everything fine. I'm using a static IP in network manager.
View 1 Replies View RelatedI'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
When I go out of town I normally take my Acer Netbook to travel light. I ran into a problem over the weekend which I have seen before and couldn't find the cause. I used the wifi at the house I was staying at and could connect to the router via Wicd and ping outside IP addresses, however, I could not connect to any websites with Iceweasel or Midori. I receive the generic error that the browser is unable to connect. Now that I am back at my house I cannot repeat the problem, but have found a couple threads about disabling ipv6 protocol. The symptoms sound like a browser setting, but I couldn't find any settings that looked unusual.
View 2 Replies View RelatedI have a minor problem with Knetwork-manager. When I boot up, it won't connect to my wireless router automatically. I have to right-click the taskbar icon, disable wireless, then enable wireless, then it connects fine.It remembers the password fine and once it's connected, it's flawless. It's just the minor issue of having to effectively 'switch the internet on' rather than it just being connected when I turn on my laptop.
I'm using Opensuse 11.2, KDE 4.3.1 (didn't have this issue with 11.1). I've tried the latest Kubuntu (9.10) and knetwork-manager worked flawlessly but I didn't like the rest of the OS so I came back to Opensuse If I restart, suspend or hibernate it usually connects okay, it just seems to be when I boot from 'cold'.
I've tried nm-applet but same problem. I also tried wicd but it didn't really like my system. I've changed my wireless router recently as well with no change, so I don't think it's that. As I say it's a minor problem, it's not really an issue for me to turn it on each time but it would be nice to clear it up. I've googled and searched since 11.2 was released but haven't found any answers and my linux skills are still a bit lacking.
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies View RelatedI need to use hostnames in my iptables. When I go to restart iptables, it works fine but when I am rebooting the Linux server it fails during startup since the name service is started up after the iptables. Does anybody have recommendations to get around that? Should I set up a script to run the iptables after everything the server comes back up fully?
View 1 Replies View RelatedI want to bind ip and mac in iptables and the script i gathered and working on is as under:
#!/bin/sh
IPTAB = "/sbin/iptables"
macadds = "xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy zz:zz:zz:zz:zz:zz"
ipadds = "aaa:aaa:a:a bbb:bbb:b:b ccc:ccc:c:c"
[code]....
When i run the above script, i get an error as "Bad argument yy:yy:yy:yy:yy:yy try iptables --for more information"
Going by a tutorial found here ( see below quote ). Quote: Owner match The owner match extension is used to match packets based on the identity of the process that created them. The owner can be specified as the process ID either of the user who issued the command in question, that of the group, the process, the session, or that of the command itself. This extension was originally written as an example of what iptables could be used for. The owner match only works within the OUTPUT chain, for obvious reasons: It is pretty much impossible to find out any information about the identity of the instance that sent a packet from the other end, or where there is an intermediate hop to the real destination. Even within the OUTPUT chain it is not very reliable, since certain packets may not have an owner. Notorious packets of that sort are (among other things) the different ICMP responses. ICMP responses will never match.
Table 10-24. Owner match options
Match--cmd-owner
Kernel2.3, 2.4, 2.5 and 2.6
Exampleiptables -A OUTPUT -m owner --cmd-owner httpd
Explanation
This is the command owner match, and is used to match based on the command name of the process that is sending the packet. In the example, httpd is matched. This match may also be inverted by using an exclamation sign, for example -m owner ! --cmd-owner ssh.
I tried to add a rule for my torrent client with Code: iptables -A OUTPUT -m owner --cmd-owner transmission -j ACCEPT However, iptables kicks it back with Code: iptables v1.4.4: unknown option `--cmd-owner' Try `iptables -h' or 'iptables --help' for more information. The mode isnt even referenced in the iptables man on my system. Am I missing something?
I am trying to do a NAT forward in iptables but get the following error:Quote:[root@server88-xxx-xxx-198 openvpn]# iptables -t nat -I POSTROUTING -i tun0 -o eiptables v1.3.5: Can't use -i with POSTROUTINGAny ideas on what to do?I have an OpenVON server running and I need the client to use the ports on the OpenVPN server
View 8 Replies View RelatedI'm using a 3G modem whilst o2 transfer over adsl. trouble is no websites load but I can resolve domains. I enabled masquerade on the PPP0 ( modem) interface. added the server as default route for all workstations.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
net.ipv4.ip_forward = 1″ to /etc/sysctl.conf
I get today a server with CentOS.. and someone told me to block access to port 22 for all IP's except my.. so I did
Code:
iptables -A INPUT -p tcp -s my_ip --dport 22 -j ACCEPT
and after
[code]...
I have blocked below IP by using iptables command in RedHat Linux 4.0.
Code:
iptables -A INPUT -s 192.168.0.85 -j DROP
It's now totally blocked and can't get access into web or internal network. how I can un-block that IP, so that it can again starts it's normal operation.
I want to block all the outgoing ssh form my machine, i.e my machine will not be able to ssh to any outside machine using iptables. The distro is RHEL, I added the following entry in the iptables but unfortunately it didnt worked, -A OUTPUT -p tcp -m tcp --dport 22 -j DROP
View 13 Replies View Relatedi used the angry ip scan software and found alot of the public ip addresses on our network are accessable from outside when they are not suppose to, For eg printers/ pcs etc. to make a start on locking down the network i was wondering if anybody knew th iptables command to add a rule which blocked all incoming traffic to specific ip adresses on the network and to a range of ip addresses.
View 7 Replies View RelatedI have configured iptables in my system and is working. But I cant find iptables kernel folders such as iptables/extensions/Makefile to make a utility Where to locate them? or how to download and install?
View 11 Replies View RelatedI am trying to understand the implementation of iptables and netfilters. Any good links or docs.
View 1 Replies View RelatedI need to setup my iptables rules for my computer to allow request and respond to HTTP, this is what I have so far. Does this look right?
View 4 Replies View RelatedI ran iptables save but on a server reboot it just loads the default firewall config. how I can get it to load and flush my custom iptables script on reboot?
View 1 Replies View Related
