Networking :: Cannot Login Using Ssh (iptables Not Working As Expected)

Jun 20, 2010

On the computer on which I have to login, Shoreline is installed.I know I can add rule to /etc/shoreline/rules but I decided to manually enter an iptable rule by typing:

Quote:

/sbin/iptables -A local2fw -s 10.100.98.74 -p tcp -m tcp --dport 22 -j ACCEPT

Then why am I not able to login using 10.100.98.74... I get connection refused error...

View 3 Replies


ADVERTISEMENT

Security :: SSH Login Without Password Not Working As Expected?

May 5, 2010

There is this one server running CentOS5.4 Final which has certain application like Bugzilla. I have setup ssh on it and setup is for password less authentication. Have also setup PasswordAuthentication to no. So with password authentication should succeed. But it is. Though password less authentication is working fine, but I am also able to login using password.

Code:

RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no

View 4 Replies View Related

Networking :: Setting Up Network Card / Eth(n) Pairings, Not Working As Expected?

Mar 12, 2010

I haven't done a great deal of networking with Linux so bear with me if the solution seems obvious.I've got four machines with two Ethernet cards each; one on-board and one PCI. I'm trying to get it set up so that the PCI card is eth0, then the on-board eth1. This.. isn't going as easily as I would have thought. I expected I could just go to network configuration, switch to the "Hardware" tab... change the on-board card to be device eth1, change the PCI to be device eth0... then go to the "Devices" tab and change the nickname to match the device.

This has decidedly not worked at all. Additionally, on some of the machines that I haven't messed with, the device name for the PCI card isn't ethn, it's something like "Intelnnnnn" (some string of numbers that I don't have in front of me). Something more specific to the card I'm sure, but while I can assign that device a nickname, I can't use it.. I can ping -I Intelnnnn ip.add.re.ss, but I can't ping -I eth3 ip.add.re.ess.

Where am I going wrong here? I've looked at a few tutorials online but they look extremely more complicated (read_device_bus_id? qeth device?) than should be necessary for just what I'm trying to do

View 7 Replies View Related

Networking :: Telnet Is Not Working With Iptables?

Sep 29, 2009

i want to open specific port using iptables i.e 3159 Whenever i tried to telnet it generates the following error

Code:

# telnet 172.16.4.100 3195
Trying 172.16.4.100...
telnet: connect to address 172.16.4.100: No route to host
telnet: Unable to connect to remote host: No route to host

but when I stopped iptables

Code:

# service iptables stop

Its working fine

i added the ports in iptables i.e.

Code:

#iptables -A INPUT -p tcp --dport 3195 -j ACCEPT

for safe side I also added telnet port

Code:

# iptables -A INPUT -p tcp --dport 23 -j ACCEPT

but result was same.... In short telnet works without iptables but with iptables it generates the error mentioned above

View 10 Replies View Related

Networking :: Old Iptables Script Not Working With New Install?

Jun 10, 2009

I have an old iptables script (?) that I got from iptablesrocks.org, which works fine with my antique Fedora 4 system. I transferred it to a brand new RHEL 5.3 install, but when I go to use 'iptables-restore < firewall_script' it throws a 'no command specified' error at the very last line of the script, which I have never seen before. The script works fine on Fedora 10 and RHEL 5.1, I am pretty sure it even works fine on RHEL 5.2. Could it be that the fact that I am using 64-bit Linux for the first time, and need to do something different? Here is the script: [URL]

View 5 Replies View Related

Networking :: Iptables Port Forwarding Not Working?

Jan 28, 2011

I've used iptables since it replace ipchains, and I've never had a problem like this.The problem is, as you can see by the title, that port forwarding simply does not work.

network topology:
Slackware Linux Server:
eth0 - LAN (192.168.0.0/25)
eth1 - DSL Static IP
eth2 - cable Static IP

eth1 is our standard office connection; it handles all of our default traffic (web browsing for the staff, email, etc). eth2 is our VPN connection, as well as use for all incoming connections (www, etc). Behind the linux box I have a series of Windows Server 2008 R2 boxes that are used to run our office software, website, etc - I don't care how nice they make their products these days, I simply don't trust any MS box open to the net.
Therefore, this leaves me with having to port forward port 80 from eth2 to the internal IP address of the web server.

My ruleset is as follows:

$WWW - ip address of the web server
iptables -A FORWARD -d $WWW -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to $WWW

Running ip route shows that I have routing entries for all 3 networks, and I can ping, ssh, etc to any of the addresses without issue. OpenVPN connects across eth2 as well, and all 15 of my VPN tunnels work fine. However - and here's the kicker - if I delete the default route and replace it with the route for eth2, port forwarding works fine.

If we accept that my networks are as follows:

192.168.0.0/25 - eth0 net, gw .1
1.1.1.0/29 - eth1 net, gw .1, eth1 ip .2
2.2.2.0/30 - eth2 net, gw .1, eth2 ip .2

then ip route reveals the following:

2.2.2.0 via 2.2.2.1 dev eth2
2.2.2.0 dev eth2 scope link src 2.2.2.2
1.1.1.0 dev eth1 scope link src 1.1.1.2

[code]....

View 7 Replies View Related

Networking :: Iptables Postrouting SNAT Not Working?

Aug 9, 2009

trying to alter the source IP of my outgoing http packets through iptables. This should be simple enough, right? Regardless, I'm cracking my head trying to understand what I am doing wrong. Wireshark shows that the outgoing packets do not have the source IP modified at all. I want this to happen for TCP packets sent on Port 80 (http traffic). I am using the nat table in iptables to attempt POSTROUTING. I've tried several different rules at separate times:

iptables -t nat -A POSTROUTING -p tcp --dport 80 -j SNAT --to-source 172.16.8.50 <--- Still sends out TCP packets as originating from 172.16.8.100
iptables -t nat -A POSTROUTING -s 172.16.8.100 -p tcp --sport 80 -o eth0 -j SNAT --to-source 172.16.8.50:80 <--- Still sends out TCP packets as originating from 172.16.8.100

iptables -t nat -A POSTROUTING -d 172.16.10.71 -j SNAT --to-source 172.16.8.50 <--- This rule was a last-ditch effort. It is supposed to rewrite the source IP for ALL packets going to the single client machine. Still doesn't work - the packets have the source IP unchanged.

I have another server - let's call it serverB/172.16.8.50 - that forwards all http TCP packets on port 80 to serverA/172.16.8.100. This part works. But when ServerA responds, it responds with its source IP for ServerA. I need it to respond with the source IP of ServerB. Otherwise, the client gets confused and ignores the packets (because the client sent an HTTP request to ServerB, but the response comes from ServerA).

View 14 Replies View Related

Networking :: Putty Not Work When IPTABLES Is Working?

Jan 18, 2011

I am using putty in my windows machine to access my Linux server terminal.

Code:

Putty works fine if I disable my Linux IPTABLES. My Windows machine IP is 192.168.1.249
Linux server IP address is 192.168.1.200 I don't know how to allow it through IPTABLES.The port which putty is using is 22.

View 3 Replies View Related

Networking :: Iptables - Forwarding On Router Doesn't Appear To Be Working

Sep 12, 2009

For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:

Code:

# /etc/network/interfaces
# Loopback interface
auto lo
iface lo inet loopback

[code]....

From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:

Code:

iptables -A INPUT -j QUEUE
And then to forward traffic, I did:

Code:

iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.

View 7 Replies View Related

Networking :: IPTables Port Forwarding Using Prerouting Not Working?

Feb 18, 2010

I was trying to setup port forwarding on my setup. My network consists of:

Code:

[Server: xxx.xxx.xxx.15]
|
|
[ switch ]

[code]....

I ran the following 2 commands:

# iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.15:80
# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT

Yet I am unable to connect. Are these the correct commands? I am using IP Masquedering on the same box using the following commands:

Code:

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT

[code]....

I don't think there is a hidden firewall in the switch but if these commands are correct, then I may need to contact my ISP and see if they are blocking the commands. I just wanted to make sure I was not doing some stupid mistake before I try to contact my ISP.

EDIT: Also, is it possible to forward Port 80 requests to different servers depending on the hostname used to connect, so say [URL] redirects to server xxx.xxx.xxx.15 while hhh.com redirects to xxx.xxx.xxx.16?

View 3 Replies View Related

OpenSUSE :: Use Of Setfacl Not Working As Expected

Jun 4, 2010

I used setfacl to set permissions as follows:

As you can see all settings lead to permissions 777 but that's not what happens. What happens if I say, touch a file, I get: 666 as this shows:

Same for files that are not obviously scripts such as just a.txt.

My umask is 0022.

Does anyone know why this is? Is it changeable for specific directories?

This is a special world viewed directory required by a piece of software... in other words, no, I am not in a habit of setting file permissions to 777 so please no comments about you shouldn't be using such permissions.

Truthfully, I can probably get away with permissions 666 and will if I can but right now I just want to know why it's happening this way and how to control it.

View 4 Replies View Related

Red Hat / Fedora :: DST Change Over Not Working As Expected

Mar 24, 2010

I'm trying to test whether some software that I am using will behave as expected when DST change over occurs. I'm specifically testing it for the GB timezone when it enters British Summer Time (BST) and then reverts to GMT. From the information I have, BST starts: Sunday 28 March 01:00 GMT (02:00 BST)and ends: Sunday 31 October 02:00 BST (01:00 GMT )To do this test I wrote a shell script that sets the date, runs the program, checks some logs and then reverts the time.

Entering BST was fairly straight forward as all I had to do was the following: export TZ=GB
date 032800582010This set the date to be 28th March and the time to be 00:58 in the GB (GMT) timezone. As expected, the date then rolled forward to 02:00 BST. However, when I tried to do the same for coming out of BST into GMT, the time did not work out as expected. export TZ=GB
date 103101582010Setting the time as above put the time straight into GMT and not BST even though it was two minutes before the time should have rolled-over.

However if I put the following: export TZ=GB
date 103100582010the date was reported as BST!
How can I setup the time so that I don't have to wait for hour before BST ends?

View 2 Replies View Related

Ubuntu Networking :: Iodine Not Working Unless Iptables Firewall Turned Off

Sep 28, 2010

I have managed to get iodine working between my ubuntu intrepid box and my windows client with a caveat.

The firewall rules allows DNS queries inbound. The client tunnel endpoint gets assigned an IP address and the tunnel is established properly.

However when I try to ping from the client machine, the reply packets are not coming back.

I used TCPDUMP on the Ubuntu box and watch the dns0 tunnel interface, and noticed that the packets are reaching the Ubuntu box from the client, but I don't see ANY ICMP echo replies until I turn off the firewall from Firestarter.

I see that outbound access rule is to allow all.

View 1 Replies View Related

General :: Locale Adjustment Not Working As Expected?

May 13, 2011

On Slackware64 13.1 the as-installed en_GB locale gave Sunday as the first day of the week. This was not an issue until Xfce's Orage calendar was used when its display of Sunday as the first day of the week was offputting for someone used to Monday. A minor inconvenience but expected to be easy to fix.

At the command line:
Code:
c@CW8:~$ export LANG=en_GB <== same for en_GB.utf8

[code]....

View 2 Replies View Related

Programming :: Awk Computed Regex Not Working As Expected

May 31, 2011

So those of you that know me will agree that when it comes to awk I don't usually ask a lot of questions ... however this one has me stumped. I am guessing I have missed something obvious but for the life of me (and I have tested at great length) I cannot find it So the scenario is this: The following awk code should identify all versions of libgpg-error within the attached file (see below) and only show one for each version:

[Code]...

View 12 Replies View Related

CentOS 5 Server :: Openldap Acl Not Working As Expected?

Jun 22, 2009

CentOS 5.2. Openldap server-2.3.27-8.el5_2.4 I'm trying to get the server to do two things. One is allow authentication--that is, if a client is configured to use openldap for authentication, it should be able to access this server.

In other words, on machine_2, a client, doing getent passwd (as a quick test) will show the users in the openldap database. The more or less out of the box configuration works for this. However, as soon as I start trying to add ACLs, it stops working. For example, I want to restrict access to an address book which is also in the database. So I have

access to base.dn(changing base to subtree makes no difference) "ou=addressbook,dc=example, dc=com"
by users read by anonymous auth Now, even though this is just the address book, after that, an ldap client can no longer get the names of users in ou=People, and using the ldap server for authentication doesn't work.

I don't understand what I'm missing. ACLs are supposed to work first match wins. *IF* I add under that, access to * by * read, it will work, but the address book can then be accessed without a bind dn.

I am not sure what I'm overlooking. If I put in any sort of access control, the only way that clients can continue to use the server for authentication is adding that access to * (or to dc=example,dc=com"), by * read. I tried using access to ou=Group and ou=Peoplle by * read, thinking that would allow the clients to authenticate, but that doesn't work either, The idea is to allow any machine configured as a client to use it for authentication, but also to restrict viewing the address book only to those with a proper bind dn name.

View 4 Replies View Related

Ubuntu :: Folder View Screenlet Not Working As Expected?

Mar 4, 2010

I want to try out the screenlet called Folder View:[URL]I have downloaded and installed it fine. However, when I double-click on it (or use the Start/Stop button) there is a momentary flash and then nothing interesting. I have checked on the widget layer and on all desktops and I have tried various settings in Options all to no avail

View 2 Replies View Related

Ubuntu Servers :: Postfix+dovecot Not Working As Expected?

Nov 9, 2010

I have tried to find solution in existing posts but could not specifically find any with my kind of issues and hence a new post on oft repeated subject !! -- and apologies for a long long post here.Here is where I am ..On a AMD 64bit machine - I have ubuntu 10.10 desktop installed. I want this development machine to support virtual mailboxes so that I can use them from multiple apps and create real life deployment situations.I installed postfix + dovecot following the tutorials available here and current state is - I can send mails using telnet sessions and I see that the mail files are getting created in /Maildir form as I have directed in the conf files. I have configured Thunderbird mail client as well.

Issue #1: Mail sending works from Thunderbird but it always responds back with 'No mail on server' message when I try to receive mails. SMTP is configured with STARTTLS and POP3 with None (i.e. plain text password)Issue #2: Also, while going thru conf, logs and during testing - I found a few things which defer in this installation for authentication. I have given the session transcripts here.Issue #3: That being major issue - I also want to configure my virtual users to use TB client to access their mails - I did not find any tutorials or pointers towards that in my search for past few days. If I send mails to a non-Unix virtual user - the mail gets stored into /home/vmail/<domain>/<user>/new directory.Here are the conf files.main.cf for postfix

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first

[code]....

View 1 Replies View Related

General :: Bulk File Rename Not Working As Expected?

Jun 25, 2011

Y want to rename a bunch of files and directories to remove the space on the names, easy enough right?

Code:
for source in $(find ./); do target=$(echo "$source"|sed -e 's/ /_/g'); mv -f "$source" $target; done

Well, I thought that should have work but the problem is that $source comes up broken, when I run it with echo instead of mv I get the echo with broken names.

Code:
In this case "$source"="This is the file I want to rename"
$ echo "$source"

[Code]....

View 3 Replies View Related

Ubuntu :: Rsyslog Upstart Script Not Working As Expected?

Mar 13, 2011

Not sure if this is the correct area to ask this question as it pertains to Upstart but not necessarily to Ubuntu.

Anyhoo, I have made a small alteration (obviously the cause of error ) but not really sure why it does not work.

rsyslog.conf:
Code:
# rsyslog - system logging daemon
#
# rsyslog is an enhanced multi-threaded replacement for the traditional
# syslog daemon, logging messages from applications

[Code].....

View 3 Replies View Related

General :: Monitor Not Working As Expected With LiveDistros - Screen Is Totally Dead ?

Feb 27, 2010

I have an Acer Aspire 6930g with an nVidia GeForce 9300m GS which has a broken screen. I have been using an external monitor for some time using Linux Mint, without issue.

I initially set this up with great difficulty using the small parts of the screen that would still display an image at the time. Now, however the screen is totally dead, I have since disconnected the laptop monitor in order to not cause issues.

The issue I am currently having is trying to use live distros.

I'll give you example: I boot ubuntu 9.10 32bit and it gets to the initial boot menu. I choose "Try Ubuntu..." It shows the loading screen. Screen goes blank when going to desktop

I tried Ctrl+Alt+F1 to get to a terminal, but the screen stays blank. The same thing happens with both Knoppix and Backtrack 4 as well. The display goes blank upon switching to the desktop.

View 2 Replies View Related

Ubuntu Installation :: Preseed-file Not Working As Expected On Lucid Desktop Install - Read

Jul 30, 2010

I have a problem to get it to work. The installer seems to read the preseed-file alright, and some of the values defined in the preseed-file are taken into account. The questions regarding locale, keyboard layout and time zone are answered using the preseed-file, but in the user account creation-step the process goes wrong. The Full name-field is obtained from the preseed-file, but the login-name is generated by the installer and not read from the preseed. Also the password-fields are empty and not filled in. Also the script that I've defined with preseed/late_command is never run.

I tried searching the forums but no-one had exactly this kind of problem, so it makes me think that this has to be some trivial error I'm doing. Could someone take a look at these configs and see if there's something wrong with them? How should I continue resolving this?

[Code]....

View 1 Replies View Related

Ubuntu Networking :: Ethernet Not Reaching Expected Speed?

Sep 13, 2010

I have been doing a variety of speed tests on my ethernet connection in preparation for upgrading my service and found that the connection on my dell d630 is not getting expected download speeds. In fact, it is getting about a third of the expected speed. This machine is running Lucid. It also dual boots Windows Vista. Checking Vista a moment ago, the speed is fine. What could be the problem that is preventing the ethernet from working at 100%?

View 7 Replies View Related

CentOS 5 Networking :: Eth0 Unavailable - Different MAC Address Expected?

Jul 8, 2010

New to CentOS5.5 I'm experiencing some trouble in order to continue my configuration. I've just installed my vmware tools and configured my network card with system-config-network

Edit eth0 (eth0) - vmxnet3 -> with a static IP I rebooted my server and since then I lost my eth0. I still see it in system-config-network, but I can't active it anymore.:

/etc/init.d/network start Bringing up interface eth0: Device eth0 has different MAC address than expected, ignoring. [FAILED]

View 2 Replies View Related

Ubuntu Networking :: Expected Transfer Rate For Gigabit Ethernet

Sep 26, 2010

I have 2 10.04 machines connected through a switch, both with gigabit on board ethernet. Both machines show 1000 Mb/s connections.When I transfer large files (gig plus up to multi-gig) the maximum I get according to ftp 11472 kB/s.I did rough computer school math in my head and that seems low but I'll admit I know very little about network transfer rates.My question is what transfer rates should I expect to get between the 2?

View 9 Replies View Related

Ubuntu Networking :: Ping From A Specific Interface, Not The Expected Result

Mar 28, 2011

im trying to ping from a specific interface, I have a wired and a wireless connection both going into my laptop.

My wired adaptor eth0 is on the ip 172.16.109.75 my wifi adaptor wlan0 is on the ip 192.168.1.69

when I ping google with my eth0 unplugged with the following command

Code:
conneco@mcr-pc-29334:~$ ping -I wlan0 www.google.co.uk
PING www.l.google.com (74.125.230.115) from 192.168.1.69 wlan0: 56(84) bytes of data.
64 bytes from 74.125.230.115: icmp_seq=1 ttl=51 time=32.7 ms

[Code].....

View 1 Replies View Related

CentOS 5 Networking :: Active Directory Login Not Working

Jun 22, 2010

I am testing CentOS 5.4 on a virtual machine before deploying to a server.I am trying to get authentication through our Active Directory server, without actually joining the machine to the domain.I tried multiple tutorials, including this one: URL...Basically I enabled authentication through kerberos and modified my ldap.conf file.

View 1 Replies View Related

Software :: Add Rule To Iptables On Login?

Feb 23, 2010

I'm looking for a way to add a rule that would whitelist my ip address when I login with SSH. I can grab the IP out of the SSH_CONNECTION variable, however I'm not sure how I could add it into iptables with my non-root privileged user. I've got root access, but I want the process to be automatic. I considered sudo, however I don't want normal users to be able to modify anything about iptables, though perhaps there is a trick about it that I don't know which would only allow it in the /etc/profile or the like

View 3 Replies View Related

Security :: Block IP After Failed Login Attempt Using Iptables?

Aug 11, 2009

I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?

View 7 Replies View Related

OpenSUSE Install :: After Boot Restored Defaults In Login Screen Themes / Login Theme Not Working?

Jun 3, 2011

i am having a boot problem with opensuse.i installed a theme named suse-elegant under personal settings(configure desktop)-system administration-login screen.

i had also added vbox users(i ticked vboxusers) under yast-security and users-user and group management-edit-details to make virtual box work.

i want to check that installed theme so i restarted my laptop.after the restart opensuse taking too long time to boot

note:the login theme also not working.

after the boot i restored defaults in login screen themes.it is also not working.

i don't know which cause this problem(vboxusers or login theme).i am also seeing a root user has been added in my login area.i tried opensuse failsafe also.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved