General :: Services Work Nicely With Connection Tracking - Port Range For Centos?
Dec 18, 2010
On my CentOS 5.4 box I run dns, ssh, and smtp servers. This box also has to be able to resolve and browse websites. So basically it needs iptable rules for
TCP 22 25 80 443
UDP 53
My question is, which of these services work nicely with connection tracking? I'm a little confused about how connection tracking works. For example say this iptables rule for smtp
Code:
iptables -A INPUT -s 0/0 --sport 513:65535 -d $myip --dport 25 -j ACCEPT
versus
Code:
iptables -A INPUT -s 0/0 --sport 513:65535 -d $myip --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
So with connection tracking what exactly does it do that my first iptables rule does not do?
Also for centos is that port range correct? 2.6 Linux kernel randomly chooses a port 513-65535 when it connects to an external smtp server or say browses a site.
View 10 Replies
ADVERTISEMENT
Apr 20, 2011
I do not believe the firewall connection tracking is enabled. I have Centos 5.6 with 2.6.18-238.5.1.el5.centos.plus kernel. I went into the kernel .config and I see CONFIG_IP_NF_CONNTRACK=m. But when I do a lsmod I do not see this module.
View 2 Replies
View Related
May 13, 2011
When I have video running and the video stops, I see that the connection is destroyed in about 5 seconds, which is what I want. If, rather than stopping the video, I pull the plug, I have seen it take 350 and 380 seconds before the connection is destroyed. Why is there such a large difference in the time to destroy a video connection between stopping the video and pulling the plug on it when using net filter connection tracking? How can I shorten the time for the connection to get destroyed when pulling the plug?
View 3 Replies
View Related
Apr 12, 2010
I'm trying to stop all the services on port 80 by I'm not entirely sure how.Infact, I don't really know what's running on port 80... I tried throwing a netstat -a in a prompt but I don't see port numbers anywhere so I can't figure out which PID to kill.Any ideas on how I can figure out what's running on port 80, and stop it?
View 14 Replies
View Related
Jul 10, 2011
i want to performance a test of a network, without using connection-tracking.
how to disable connection-tracking,
i used the following iptables commands to disable connection-tracking,
iptables -t raw -A PREROUTING -p tcp -j NOTRACK
iptables -t raw -A OUTPUT -p tcp -j NOTRACK
but it is not working, when i see /proc/net/ip_conntrack, this file shows the existing connections.
View 3 Replies
View Related
Dec 10, 2010
On Kernel 2.6.33.4 I get this from /proc/net/ip_conntrack:
tcp 6 431557 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=44242 dport=993 packets=128 bytes=9267 src=X.X.X.X dst=X.X.X.X sport=993 dport=44242 packets=85 bytes=53950 [ASSURED] mark=0 use=2
On Kernel 2.6.36.2 I get this from that same file:
tcp 6 431665 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=4640 dport=8082 src=X.X.X.X dst=X.X.X.X sport=8082 dport=4640 [ASSURED] mark=0 use=2
It's missing the data on bytes and packets transmitted through that particular connection. I had written a program that uses this information. Was this pulled out of the kernel on purpose or did I miss some option when compiling the new kernel for my box?
View 1 Replies
View Related
Sep 12, 2010
I have become convinced that rsync for CentOS 5 is broken. I'm trying to set up automatic backups between 2 servers in 2 different countries using rsync under CentOS 5.I can get manual backups to work between the 2 servers by doing two things I shouldn't need to do, but automatic backups fail and I see no solution.Here are the problems I am encountering: According to the instructions I've read everywhere, I am to set up two configuration files:
/etc/rsyncd.conf
/etc/rsyncd.secrets
When I run rsync from root, it apparently just totally ignores these two files. No custom greeting, no log, no password used.
Even when I specify --password-file=/etc/rsyncd.secrets in the command line, it still ignores it. I am prompted and I must enter the password manually. Let me back up a moment. After first installing rsync, when I ran any command to access the root server, I get this error:
ssh: connect to host 111.222.33.44 port 22: Connection refused
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(463) [sender=2.6.8]
I read everywhere that rsync uses port 873, not port 22 which is used for SSH. Why is rsync on CentOS trying to use port 22?I have SSH switched from port 22 to another port (let's call it 5432 here) and block port 22.So, I have added this to the command line:
--rsh='ssh -p5432'
Then I get a connection ...
... but it prompts me for my password. It doesn't matter that I have my username and password, same one, in /etc/rsyncd.secrets on both servers. It still asks.And it rejects my password!The only way I can get it to connect is by creating an SSH user on the remote server for this.Even then, rsync STILL prompts me for a password, even though:
1. the username and password are specified in the /etc/rsyncd.secrets files on both servers
2. I've added the command line parameter --password-file=/etc/rsyncd.secrets Therefore, it is totally impossible to use an any cron job or other automatic synchronization, under CentOS 5.
rsync -av --password-file=/etc/rsyncd.secrets --rsh='ssh -p5432' sourcefiles* rsyncusername@111.222.33.44:httpdocs/rsync
rsync -av --password-file=/etc/rsyncd.secrets --rsh='ssh -p5432' sourcefiles* 111.222.33.44:httpdocs/rsync
rsync -av --verbose --progress --stats --password-file=/etc/rsyncd.secrets --rsh='ssh -p5432' sourcefiles* rsyncusername@111.222.33.44:httpdocs/rsync
Yes, I have made sure that I have the latest rsync. I have run yum update for everything.Yes, I have double checked, triple checked, and quadruple checked my config files.
View 2 Replies
View Related
Jul 4, 2009
I have a fresh installation of CentOS 5 I'm using for a server, and I'm having issues with port configuration. I have iptables running, and it started with no /etc/sysconfig/iptables file. I added a few basic rules (port 53, port 10000 for webmin), saved the file, and restarted the service. I tried connecting to webmin, scanned ports, and traffic was blocked. I set iptables to allow all traffic and restarted the service, and it still showed basically every port as being blocked. It seems port 80 and port 22 work for some reason, even when I tell iptables to block all ports.
I'm not sure what's going on here. Iptables is reading the /etc/sysconfig/iptables file, and if I use lynx localhost:someport it responds as it should according to the file. However, if I try connecting by IP, it's like there's some other firewall or something running that does whatever it's configured to do.....
View 2 Replies
View Related
Jan 8, 2011
I had been running "Etch" and upgraded to "Lenny". Now my mouse is NOT tracking correctly. When I move the mouse and then press and release the 'ctrl' key to show where the mouse pointer is the circle indicators are not where the pointer is. I therefore cannot make any selections from menus as 'lenny' thinks the mouse is somewhere other than where the pointer is. Also are there keyboard hot keys that i can use to access the menus?
View 1 Replies
View Related
Feb 11, 2009
I'm trying to connect with my server via telnet, but when i sent the command (telnet xxx.xxx.xxx.xxx Port) doesn't works and shows then follow error: Unable to connect to remote host: Connection refused, It happens with any port. Is strange but my telnet services works (telnet xxx.xxx.xxx.xxx), In addition, i tried with firewall enabled and disabled and the problem still happens. My centOS run on virtualbox.
View 3 Replies
View Related
May 18, 2010
I add one serical card which is extended to 4 serial ports to my host, but in centos 5.4, only 3 (In my machine, is ttyS1, ttyS2 and ttyS3,ttyS0 is another serial port) of my host can be used, and /dev/ttyS4 doesn't work.
$ sudo cat /dev/ttyS4
cat: /dev/ttyS4: No such device or address
The card info is as follows:
Host> lspci -vvv
03:01.0 Serial controller: Oxford Semiconductor Ltd OX16PCI954 (Quad 16950 UART) function 0 (Uart) (prog-if 06 [16950])
Subsystem: AFAVLAB Technology Inc Unknown device 2150
[code]....
View 3 Replies
View Related
Jan 26, 2010
I have a script from which i want to disable unwanted services. I wanted to have the list of unwanted services in the same script file. I tried the following, but it is not working...How do I mention list of services in the same file and still make the script work ?
Code:
#/bin/bash
#List of services, modify list between SERVICES tag
service_list=$(cat <<SERVICES
acpid
apmd
avahi-daemon
[Code]...
View 1 Replies
View Related
May 16, 2011
I am currently running Debian 6. I would like to know if there is a way and how i would go about blocking a certain IP range from connecting to my server within a certain port range. Say for example.
i want to block ip range 123.123.123.* from connecting to my server on the ports 33000 - 43000. But, i want to allow them to connect on any other port range, and i want to be able to allow connections from my server to the blocked ip range on those same ports. so, blocking incoming only on the above port range.
using iptables.
View 1 Replies
View Related
Sep 13, 2010
How can Vsftpd services & Xinetd.d services can be differentiated?
View 5 Replies
View Related
Jul 15, 2011
i want if a port (exp. 1001) have 20 connections that the next new connection forword to an other port (exp. 1002).
View 2 Replies
View Related
Apr 6, 2010
i am running ncat (netcat's new version from nmap) on centos . I am listening on different ports. My question is , is it possible that when a connection is received on a port say 123, i redirect this connection to a different port and use the 123 port again for listening connections. ncat has an option -k which u can add with -l , it will force fully listen on the port. It can accept multiple connections on a single port but i want that once a client connects on to 123 port, he is forwarded to some other port and no longer on 123.
View 4 Replies
View Related
Mar 21, 2011
i have two PCs A and B, both are connected via LAN PC A Configuration is
IP Address 10.102.6.232
Broadcast Address 10.102.6.255
Subnet Mask 255.255.255.0
Default Route 10.102.6.2
Primary DNS 144.16.192.55
[Code]...
I am trying to connect B from A using command shh -X devendra@144.16.205.236, and facing error like ssh port 22 connection timed out.
View 13 Replies
View Related
Aug 30, 2010
i have an embbeded hardware that uses bootp for booting from a Network Managemnt Host (NMH)on the same ethernet. The embedded hardware has both kind of ports i.e ethernet as well as E1/T1. I would like ask, what do i require to establish a communication-link between the embedded hardware and the NMH throuh E1/T1 ports of embedded hardware, so as to make it boot through from E1/T1. Further, NMH possesses only ethernet port. Just to refine my questions i'd like to know what additions do i need to do on my NMH , like may be i have to put an E1/T1 port or is it possible that the E1/T1 port can be directly connected to an ethernet port on the other host.
pardon me if i am not making absolute sense here as my knowledge is limited on Layer 1 and layer 2.
View 3 Replies
View Related
Apr 14, 2010
i want to secure the USB port by any external device connection. so i need the code of detection of an external device when plugged in the USB port.
View 1 Replies
View Related
Jun 20, 2010
I was recently looking into using tail -f to monitor some text files like so: tail -f /var/sometext However, when I did some testing, it doesn't seem to work. What I did was I created a new file and ran: tail -f /home/name/text Then, I opened the log in vim and did some editing, saved it, and it seems that tail is not "seeing" the change.
The weird thing is, running echo "hello" >> /home/name/text seems to work fine (tail sees the change). I read somewhere this has something to do with file descriptors and new inodes being created when saving a file.
View 3 Replies
View Related
Dec 27, 2010
Can anyone tell me what command can be used so that the Linux Centos Server starts mysqld, httpd and ftpd services at boot time automatically?
View 2 Replies
View Related
Apr 27, 2011
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies
View Related
Jun 4, 2009
i would like to establish a VPN connection which can hold either 'two' hosts..and secondly if that's done i would like to go for more number of users..Can i do it using IPSec services??if yes then how?
View 9 Replies
View Related
Feb 18, 2010
Fresh install of debian lenny / mostly default load
VLC 1.0.5 install
cd rom
dvd rom
vlc plays cd (no audio but can see tracking of song) but not dvd
fstab (cannot edit -permissions and don't know how to effect the proper permissions)
fstab
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/hdb /media/cdrom1 udf,iso9660 user,noauto 0 0
someone recommended changing to
/dev/cdrom1 /""
Don't see how that would fix audio but anyway cannot change fstab.
checked advanced input / codec in VLC
dvd = dev/hdb
cd = dev/hda
Totem -plays the dvd but quality / volume is not there, prefer VLC. Soundjuicer plays the audio with sound nicely. Just would like VLC to do it all.
View 6 Replies
View Related
Apr 3, 2010
I am trying to copy the file on remote server, but I am getting error " ssh: connect to host 172.28.21.14 port 22: Connection timed outlost connection "My two server are bastion10 and newlink, I want to copy file from newlink to bastion10 buet unable. I am able to ping, when i run " lsof -i :22 " command on link3new server I am getting
link3-new:lsof -i :22
sshd 6992 root 4u IPv6 11878 TCP *:ssh (LISTEN)
while on bation10 it is ( ESTABLISHED ) ..
View 3 Replies
View Related
Dec 18, 2009
I need to copy files over from a Solaris 2.6 box to my machine running Centos 5.3. I have to use RCP since the Solaris box is so old that is the only inter-machine copy command available.How do I enable rshd services on my centos box? Detailed explanation would be apperciated since I am from the ssh generation.
View 5 Replies
View Related
Mar 22, 2010
Having trouble visualising how IP-Based Virtual Host (with SSL) would work. Here is my vhosts.conf file:
Code:
#Define Name Virtal Host
NameVirtualHost 10.10.0.54:80
#Used to replace the main server host. The log file will reside in /var/log/httpd/error_log
[Code]....
How will it work? I will need to forward port 443 to the 10.10.0.55 interface right? Without doing that, there is no way this is going to work... is there? And that means that I can't run more than 1 ip-based SSL virtual host on one machine because I can't forward 443 to two different interfaces.
Also, do I use internal ip address or external ip address in the <VirtualHost > tag? I only have one static public ip.
View 5 Replies
View Related
Sep 16, 2010
I've just finished installing Centos 5 on a dell server. Reboot after install - it goes through the motions and gets to the point of loading the GUI. At that point screen goes out of range. I've tried 3 different monitors...
View 1 Replies
View Related
Jun 23, 2009
get me understand the short range and the long range links from routing (and routing protocols') point of view.
View 6 Replies
View Related
Apr 24, 2011
I want to plot a set of data in only one plot.The problem is that some points of the data should be better plotted in a linear scale (lets say 0 to 100,000) but there are other data points that, exceding the value 100,000, would be better plotted in a logarithmic scale, as they goes in the range 100,000 to 500,000,000. Let's say the data is:
Code:
X Y
0 100
10000 80
20000 75
[code]....
Is there a way to plot all these points in the same plot in only one X-axis showing two different ranges in that axis: linear: 0-100,000 logarithmic: 100,000 - 1,000,000,000?The axis would be read, for example, as:
Code:
|-----|-----|-----|-----|-----|-----|-----|-----|-----|
0 20k 40k 60k 80k 100k 1M 10M 100M 1G
(The abbreviations k-M-G are not the important point. Just shown for clarity)
View 2 Replies
View Related
