Networking :: Getting Iptables New Not Syn Log Message More Time?
Jul 21, 2011
I having Iptables log message. It's coming more time. It's can't handle to linux squid.
Firewall -> 192.168.102.2 <iptables>
squid -> 192.168.102.2 <transparent proxy (port 3128)>
error ->
Jul 21 23:58:16 mig [559289.955344] New not syn:IN= OUT=eth0 SRC=192.168.102.2 DST=192.168.102.96 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=53063 DF PROTO=TCP SPT=3128 DPT=1638 WINDOW=11680 RES=0x00 ACK URGP=0
<This message getting all 192.168.102.0/32 network ip's>
getting above message more and move time. can't handle. full network getting slow .squid bandwidth not utilize. but internet slow.
View 1 Replies
ADVERTISEMENT
Mar 9, 2010
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. How can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
View 8 Replies
View Related
Mar 9, 2010
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
View 3 Replies
View Related
Nov 25, 2010
I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
View 4 Replies
View Related
Oct 17, 2010
I run a small home server (Debian 4), which acts as my gateway to the internet (ie, firewall) and runs a web server, dhcp, dns, and acts as a file server to the rest of the machines on my home network. Now I know it's never a smart idea to have all those services running on the same machine that is acting as a firewall, but I don't fancy running multiple servers just for home use, as it's mainly allowing me to learn system administration.
I noticed a few days ago that my internet had become unbearably slow, to the point where I could sometimes not load web pages. I spent a while searching through log files on my gateway, to try and find out what was eating up all of my bandwidth. When I came to apache's access.log file, I was confronted with this:
Code:
204.45.41.82 - - [17/Oct/2010:06:25:10 +0100] "GET http://vewice6.nightmail.ru/marriott-grand-cayma.html HTTP/1.1" 200 36921 "-" "Mozilla/4.0 (compatible; M$
204.45.41.82 - - [17/Oct/2010:06:25:11 +0100] "GET http://malaysiapodcaster.blogspot.com/2006/05/blog-post_11.html HTTP/1.1" 200 58681 "-" "Mozilla/4.0 (com$
[code]........
Multiple requests to my server, for totally random websites. I didn't even know it was possible to make those types of queries to a webserver. The only thing that is on the web server is a browser based torrent client. I have only shown a small snippet of the log file, but there are around 90k lines to different web addresses, from many different IPs. What I want to know, is what is happening? :S Why is someone querying MY web server, for web sites totally unrelated to it? And most of all, how can I stop it. My initial was to try and use iptables to block multiple requests from the same ip within a certain time frame, which I think would work as the server shouldn't really get many queries from external networks.
View 9 Replies
View Related
Jun 20, 2009
i was trying to crate a script to show the last time iptables had seen a given IP address (contained in the ipt_recent kernel hook -- my user-defined table name is 'iplist'). The ipt_recent table yields the following information (IPv4 addresses masked for paranoid reasons):
Code:
src=www.xxx.yyy.zzz ttl: 114 last_seen: 9355600126 oldest_pkt: 1 9355600126
src=www.xxx.yyy.zzz ttl: 109 last_seen: 10020040763 oldest_pkt: 1 10020040763
src=www.xxx.yyy.zzz ttl: 111 last_seen: 8106864077 oldest_pkt: 3 8103790647, 8106530788, 8106864077
src=www.xxx.yyy.zzz ttl: 109 last_seen: 9937861664 oldest_pkt: 1 9937861664
src=www.xxx.yyy.zzz ttl: 115 last_seen: 8244867102 oldest_pkt: 1 8244867102
The attempted command used was:
Code:
cat /proc/net/ipt_recent/iplist | awk '{print ($1 ,system("date -d @" $5));}'
Such command yields the following (I'm willing to live with the trailing zero):
Code:
Wed Jun 20 05:48:46 EDT 2266
src=www.xxx.yyy.zzz 0
[code]....
I presume the ipt_recent table uses the standard UNIX epoch timestamp. Am I using the date command syntax incorrectly, is this a 32-bit vs 64-bit break, or it is something else? Please note that I am using FC10, and I have double-checked my system clock settings (both BIOS and OS). The system has only been running during 2009 (no reboot yet).
View 2 Replies
View Related
Feb 6, 2010
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
View 7 Replies
View Related
Nov 13, 2010
Any time I watch a screencast dealing with notifications, there are always multiple of them on the screen. But when I have a program that uses them it always just allows one at a time.
View 10 Replies
View Related
Aug 27, 2009
Code:
Probing EDD (edd=off to disable) .... then the boot hang up for a few minutes with a flashing cursor immediately after the message and finally it booted the default OpenSuse 11.1 in the usual way. I tried to search LQ, Wikipedia, Google... but even if the message has been reported by many people, nobody gave the answer to the question running in my mind:
Code:
What is EDD? Should I start to think about the funeral for my beloved notebook? Should I consider to do an additional backup copy of the backup of my disk, just for sure?
View 2 Replies
View Related
Sep 6, 2009
- how to add the date/time to the email (message body)
- how to as the user to add a picture
- how add on an error page a button to send it back to the form so that the input does not get lost
Here the program so far:
<?php
/*
CHFEEDBACK.PHP Feedback Form PHP Script Ver 2.15.0
Generated by thesitewizard.com's Feedback Form Wizard 2.15.0.
[code]....
View 1 Replies
View Related
Aug 11, 2009
i'm heaving the following message at boot time: "Starting udev: udevd[114]: unknown key 'DEVTYPE' in /etc/udev/rules.d/70-cups-libusb.rules:6", i guess it's something about usb printing support but i am not sure, and i don't know how to fix it, does any of you guys know what this exactly means and how to fix it
View 6 Replies
View Related
Oct 20, 2010
In the right upper corner of your screen,you can see if you have a network connection or not.Most of the time I do not have one according to Networkmanager (?).So I have to enable my wired connection manually.I already tried a lot to change my settings so I would have a network connection at boot,but it doesn't seem to work....Firefox is in Offline modus when I logon..
View 2 Replies
View Related
Jul 23, 2010
I use Debian Lenny .I installed NTP server on my debian and take following changes to /etc/ntp.confserver 127.127.1.0fudge 127.127.1.0 stratum 10but when I try to sync time from clients I cant and I see following error message :no suitable server found for synchronization
View 1 Replies
View Related
Dec 14, 2009
My fedora 11 (2.6.30-102) spends a long time while initializing services on
"Starting system message bus:"
---------- Post added at 08:47 PM CST ---------- Previous post was at 06:33 PM CST ----------
Auth is LDAP.
There's a 3.5 years old bug in redhat bugs database, that's still not resolved,regarding dbus trying to use ldap auth, before ldap service is started.Workaround is to change ldap config to soft binding.
3.5 years for a bug that affect enterprise users - are you there redhat?
View 2 Replies
View Related
Jan 9, 2011
I recently decided to install ubuntu netbook remix 10.10 to my Toshiba NB200. I was using windows and I wanted to completely erase them. I burned the USB, I followed every single instruction the site had, and even though the installation seemed to work, and a message to reboot my computer appeared at the end, the installation finally fails. When I reboot, the only thing I get is a black screen with an underscore at the top left corner. I tried the installation four to six times and even tried older versions as well but all I get is the black screen.
View 9 Replies
View Related
Feb 11, 2011
I was running 10.04 LTS and had decided to stick to the LTS versions as I'm now running my machine as a server and don't want to be updating regularly.Every time I logged in via SSH I got a message telling me there where packages to update including a security update. So I did a search to find out how to perform an update on Ubuntu server from the command line.What I found was to do this:sudo apt-get updatesudo apt-get dist-upgradeAfter doing that I rebooted but now my machine gives me this message:
init: ureadahead-other main process (794) terminated with status 4Your disk drives are being checked for errors, this may take some timePress C to cancel all checks currently inprogressI'm not pressing C yet and leaving it alone to finish, but I noticed when the machine booted that one of the options for booting talked about Ubuntu 10.10, so I'm worried that I've updated from 10.04 LTS to 10.10 by accident?
View 8 Replies
View Related
Feb 5, 2010
Jim wrote: FC12-x86_64/KDE
trying to connect to a NXserver across internet, it won't connect.I'm getting to this point at "time out"
203 NXSSH running with pid:2163
285 Enabling skip of SSH config files
285 Enabling check 0n switch command
285 Setting the preferred NX options
If I do a "ssh tom@76.254.20.238" I can connect to Server and tom /home. In ~/.nx the only two directories there is Config and Temp and in Temp there is three files , numbered 3112 6900 6903.
6900, 6903 can be read by user
3112 can only be read by 'ROOT'
Each Runlog is listed below[code].....
View 4 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Sep 17, 2010
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
View 6 Replies
View Related
Nov 3, 2010
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
View 3 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Apr 16, 2011
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
View 2 Replies
View Related
Apr 28, 2009
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies
View Related
Sep 21, 2010
I speeded up boot time significantly. This was accomplished by using chkconfig off to stop unneeded services from starting at boot time and by reinstalling without LVMs
There are now just two remaining things that are slowing down boot time:
1- At boot time, I see the message "Setting up LVM" and after a while "LVM not found" Is there a way to keep Centos from trying to set up LVM? (I am not using LVM, that is why it is not found)
2- I am using a Lenovo Thinkpad and there is a delay at boot time as Centos setting up the built in mouse: "TPPS/2 IBM TRACKPOINT as class /input/input6"
I do not need the trackpoint (I use an USB mouse), Is there a way to disable the built in trackpoint (mouse) so that Centos doesn't spend unnecessary time install it at boot time?
View 3 Replies
View Related
Feb 5, 2010
Iptables manual page says:
Why doesn't it make sense for packets coming from a wireless interface?
View 1 Replies
View Related
May 7, 2010
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
View 3 Replies
View Related
Nov 11, 2010
How can I add ip address which is multiple of 3 and to 255? That is I want to block ip address which is coming from multiple of 3 to 255.
As an example 192.168.0.3,192.168.0.6,192.168.0.9,192.168.0.12 etc.
View 4 Replies
View Related
Mar 2, 2010
how to allow a specific hostname with specific ports in iptables?
View 1 Replies
View Related
Apr 24, 2011
We are stuck big time with IP forwarding where we have to use IP tables. Any advice will be appreciated.
Setup
Machine A --> Machine B -->Machine C
- Machine A connects with Machine B on "internal network"
- Machine B has 2 NIC (and two IP address) , one connected to Machine A (internal network) and one connected to Machine C (External Network)
We need all traffic coming from Machine A which flows to Machine B on port 60 to be directed/forwaded to Machine C (port 60).
Not allowed to configure Machine B as a gateway . Things work with rinetd program when we do a tcp redirect from Machine B port 60 to Machine C (port 60).
But just unable to make it work with IP tables rules. We tried following,but in vain
iptables -t nat -A PREROUTING -s Machine_A -d Machine_C -p tcp --dport 60 -j DNAT --to-destination Machine_C .6:60
/sbin/iptables -A FORWARD -i Machine_B -o Machine_C -p tcp --dport 60 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Any valued inputs?
View 4 Replies
View Related
Jul 26, 2010
pc need download file from internet ftp server, but can't now, how set iptables ?
iptables mod
[root@ad ~]# lsmod |grep ip
ip_nat_ftp 7361 0
ip_conntrack_ftp 11569 1 ip_nat_ftp
[code]....
View 4 Replies
View Related
