As soon as I add "iptables -A OUTPUT -j DROP" server lock me out and I have to reboot to be able log back. The ssh port is open in both INPUT and OUTPUT what's wrong?
I need to set OUTPUT to DROP, and add the outgoing traffic one by one, but I couldn't do it. My current config is as follows:
Code: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT :RH-Firewall-1-OUTPUT - [0:0] -A INPUT -j RH-Firewall-1-OUTPUT #previously ESTABLISHED,RELATED comm is ok -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #80 is ok from all -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
If I change OUTPUT to DROP in :OUTPUT ACCEPT [0:0], I don't get any response from a server running in that box. I am using RHEL 5.5. Now, asking Red Hat is not an option: I have the license but I don't have support license.
I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?
I have a config script for a particular software package that does... iptables-restore < /etc/sysconfig/iptables > /tmp/firewall.log 2>&1 The problem is, the output hangs after this. If the user hits a return, the rest of the output comes to the screen and the script finishes normally. But the script looks like its hung because of this odd iptables-restore behavior.
I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
Do I have to create a rule for: Code: $IPT -A fwalert -p tcp --tcp-flags SYN,ACK SYN,ACK -m conntrack --ctstate NEW $RLIMIT -j LOG $LOGLIMIT --log-tcp-options --log-level 4 --log-prefix to drop rather than log if my table has a default policy of drop with : Code: $IPT -t fwalert -P DROP
How can I drop or forward a incoming connection from a part of a host like *.alicedsl.de For example: The user is connection from *.alicedsl.de on port 12345 So how can I drop this connection or forward to google.com on port 80
I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP: # Set default-deny policies for all three default chains $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP
Then allow only some ports: #Accept inbound packets that are part of previously-OK'ed sessions $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED # Accept inbound packets which initiate SSH sessions $IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW # Accept inbound packets which initiate FTP sessions $IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW # Accept inbound packets which initiate HTTP sessions $IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW # Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH So my question is: - Does the IP tables take effect immediately after I input a rule? - Is there any mean to run this as a batch job (create a script and run all these rules one time). - My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
### flush / drop policy sets echo "[+] Flushing existing rules with DEFAULT of DROP [+]" echo "[+] IPv4 [+]" $IPT -F $IPT -F -t nat $IPT -X $IPT -P INPUT DROP $IPT -P OUTPUT DROP $IPT -P FORWARD DROP
echo "[+] IPv6 [+]" $IPT6 -F $IPT6 -F -t nat $IPT6 -X $IPT6 -P INPUT DROP $IPT6 -P OUTPUT DROP $IPT6 -P FORWARD DROP ..... ###OUTPUT rules: LOG rule $IPT -A OUTPUT -o ! lo -j LOG --log-prefix "DROPED OUTBOUND" --log-ip-options --log-tcp-options
I wanted to know how to allow certain applications through the outbound tables. For example, I wish to be able to use tools such as nmap,tracepath, and traceroute. However, I am not sure where to look to understand the ports to open. I was starting to think that maybe rather than ports to open it would need to be somehthing like tcp flags that would ned to be allowed. Any way, I have tried google and am still haing problems. I started wanting to use these tools due to getting ready for my network+ and security+ certs.
I have a fresh install of f14. Using an Intel dp55wb mobo w/ integrated nic. I have access to network. Have access to internet. When downloading large files (f14.iso or ..... vid) after ~35 secs, data stream drops to 0. Other computers on network do not have problem. F14 computer is wired into router. Have tried a Biostar mobo w/ integrated nic w/ same results. Have changed patch cable. Have changed MTU's both higher and lower from default of 1500, no change.
I am having problems with download speeds in Ubuntu 9.10. Downloads start at a healthy speed and then drop to almost zero. This affects apt-get install, Pan newsreader etc. With apt-get install if I terminate the download (with [Ctl][C]) and restart it I get another burst at high speed then again back to almost nothing. It makes updates a nightmare. With Pan newsreader I get high speed for most files but when downloading some of the larger files the speed drops right back to almost nothing after a while. I am on wired ethernet (no wireless). Typically I will get about 1.1MB before the speed drops - although I think it may be a function of time rather than data. I am talking to my ISP via a Netgear FWAG114 router and a NetComm NB5 ADSL modem operating in bridge mode. Although a number of users appear to have experienced very similar symptoms here I haven't found an answer that works.
I have been using Ubuntu 10.04 (32 bit) as a headless workstation, running a VNC screen. Worked perfectly for about 3 weeks, then suddenly, I lost the Drag and Drop capability, for all applications.
For example:
Dragging and dropping to move items on the desktop does not work. The item simply pops back to the original location. Dragging and dropping to move items from one folder to another does not work. Same behavior -- the item just pops back to the original location. Dragging and dropping Bookmarks in Firefox does not work. The attempted Drag and Drop is ignored. Copy and paste still works fine. The problem does NOT occur when using an attached monitor (primary display screen :0).
I suspected that the changed behavior was caused by an update (from Ubuntu Update Manager). I confirmed this with the following:
Reinstalled Ubuntu 10.04 fresh from the live cd. Configured minimal networking and installed VNC server. Tested Drag and drop -- works okay Applied pending updates (116) from Ubuntu Update Manager Tested Drag and drop -- not working
I am using vnc4server and openssh-server installed from the repositories using Synaptic.
I've been using Ubuntu 8.04 for about a year and the wireless has been fine but now it's gone screwy and I can't figure out why. This has happened on my laptop and wife's who uses Ubuntu Hardy also. The speed drops to almost 0 mb/s whenever the signal strength is less than 95%.
It isn't the internet connection as vista (I dual boot) works fine below 95% signal strength. To get the internet speed to be at a level that can load an internet page, I have to within 3 feet of the router!! Both of the laptops don't use ndiswrapper, the internet connected straight away from a fresh install.
I am running Ubuntu 9.10 on a Dell inspiron 1520 with intel 3945abg wireless card. I am fairly new to linux and just installed it earlier in the day. Everything so far has been easy to setup and get running as well as the networking or so i though...
I can connect to my network and browse we pages just fine. However, when I download a file the speed starts high, drops down to around 50kbps and then works its way back up to around 1.3 mbps before dropping right back down. I tested a file on megaupload and it seems to bounce between 50kbps and 1.5mbps nonstop.
The driver i believe is the iwl3945 if that is the default driver. I have tried disabling ipv6 and that didnt seem to change anything. I've looked around on google and the forums and havent been able to find anything on how to fix this.
Folks, I am running 10.10 with the Macbuntu addon (theming, if that makes a difference).I've noticed for a long time, when I play some videos, my network connection (on this computer only) drops. For instance, while posting this, I began to watch this video:
HTML Code: <iframe id="tsFrame55086" src="http://cdn.topspin.net/api/v2/widget/player/55086" style="width:400px;height:300px;border:none;" frameborder="0"/>
I bought a Cisco 1841 to study for a cisco certs. In iptables terms filtered packets are -j REJECT instead of -j DROP. To make things worse telnet and ping replies are on by default.
I am new to fedora, but not so new to linux. I've got f13 installed on my netbook, and the speed and overall beter-ness? of it made me want to get it going on my desktop. I've installed, and have updated the kernel, and network manager (Along with a few other things). My problem is this; after about an hour or two I get a drop out, unable to reconnect. Until I use 'ifconfig wlan0 down > ifconfig wlan0 up' then it works great for about 10 minutes, slows down, and eventualy drops out. i updated networkmanager in the hopes it may have been that, but it really made only a slight difference.
iwconfig : $ iwconfig wlan0 wlan0 IEEE 802.11bg ESSID: Mode:Managed Frequency:2.462 GHz Access Point: 00:1E:2A:0E:08:50 Bit Rate=54 Mb/s Tx-Power=18 dBm Retry long limit:7 RTS thr: off Fragment thr: off Power Management: on Link Quality=32/70 Signal level=-78 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
I am using a linksys wusb54g > chipset ralink rt2510? (don't quote me on that its from memory). I am also using WPA encription. I am currently messing with those setting to see if that helps.
I have a sh-tty B/G wireless card that does 500mw according to iwconfig. I also have a nice little panel antenna on this card that does 7dBi. This rig picks up a lot of signals and that is really great. However I am experiencing a problem. I am able to Internet browse on non-encrypted networks as long as the wireless manager shows a full four bars. However, if I try to connect to a three bar network, I will not be able to browse the Internet. I have a solid lower level 3 bars, I'm assigned an IP addy, but I get absolutely no throughput.
So, I think this has something to do with receiver sensitivity. In G mode, this card does a lousy -65ish or so at 54 meg. So what I'd like to do is drop to 5.5 or 11 meg B because at 5.5 meg or 11 meg B, the card does a much more acceptable 90+ sensitivity.Does anyone have the command string/app for this? I would like to force a card to operate in no better than 802.11B@5.5meg rather than having it auto select 802.11G@54meg.
I have (had?) ndiswrapper-dkms installed, and used it to get a wireless card working. After a kernel update, the card stopped working, and I tried to re-install it. Part of the directions included doing -r to about everything connected to the original install. Now I still show "Windows Wireless Drivers" in the drop-down menu, but when I click on it, it "flashes" for a split-second, and then disappears.'ve tried re-installing it from Synaptic, and doing "sudo apt-get install ndiswrapper-dkms" but it just returns saying that I already have the latest version.
I am running a test to determine when packet drops occur. I'm using a Spirent TestCenter through a switch (necessary to aggregate Ethernet traffic from 5 ports to one optical link) to a server using a Myricom card.While running my test, if the input rate is below a certain value, ethtool does not report any drop (except dropped_multicast_filtered which is incrementing at a very slow rate). However, tcpdump reports X number of packets "dropped by kernel". Then if I increase the input rate, ethtool reports drops but "ifconfig eth2" does not. In fact, ifconfig doesn't seem to report any packet drops at all. Do they all measure packet drops at different "levels", i.e. ethtool at the NIC level, tcpdump at the kernel level etc?nd am I right to say that in the journey of an incoming packet, the NIC level is the "so-called" first level, then the kernel, then the user application? So any packet drop is likely to happen first at the NIC, then the kernel, then the user application? So if there is no packet drop at the NIC, but packet drop at the kernel, then the bottleneck is not at the NIC?
I need to transfer 330G of data from a hard drive in my workstation to my NAS device. The entire network is gigabit and being run with new HP procurve switches. All machines have static IP addresses. The NAS is a Buffalo Terastation PRO which has the latest firmware, is set to jumbo frames, and has just been upgraded with 4 brand new 500G drives giving us a 1.4TB raid 5 setup. My workstation is a dual Quad core xeon box running on an Intel S5000XVN board with 8G of ram. My OS is Ubuntu 10.04 x64 running on a pair of Intel X25 SSDs in a raid mirror. The data drive is a 500G SATA drive connected to my onboard controller. The file system on the SATA drive is XFS. This problem was ongoing before I got my new workstation, before we had the GB switches, and before the NAS got new drives. When I transfer a small file or folder (less than 500M) it reaches speeds of 10-11 MB/sec. When I transfer a file or folder larger than that the speed slows to a crawl (less than 2MB/sec). It has always been this way with this NAS. Changing to jumbo frames speeds up the small transfers but makes little difference in the big ones. I verified with HP that the switches are jumbo frame capable.
I have a question regarding packet drops. I am running a test to determine when packet drops occur. I'm using a Spirent TestCenter through a switch (necessary to aggregate Ethernet traffic from 5 ports to one optical link) to a server using a Myricom card. While running my test, if the input rate is below a certain value, ethtool does not report any drop (except dropped_multicast_filtered which is incrementing at a very slow rate). However, tcpdump reports X number of packets "dropped by kernel". Then if I increase the input rate, ethtool reports drops but "ifconfig eth2" does not.
In fact, ifconfig doesn't seem to report any packet drops at all. Do they all measure packet drops at different "levels", i.e. ethtool at the NIC level, tcpdump at the kernel level etc? And am I right to say that in the journey of an incoming packet, the NIC level is the "so-called" first level, then the kernel, then the user application? So any packet drop is likely to happen first at the NIC, then the kernel, then the user application? So if there is no packet drop at the NIC, but packet drop at the kernel, then the bottleneck is not at the NIC?
I noticed this weekend that I began experiencing wireless issues with the NIC (Intel 5300) on my laptop. I have had no problems with the wireless using several Ubuntu versions. This began after I installed the packages associated with the Update Manager last Friday, which included the 2.6.32-25.43 kernel update. My wireless will drop out anywhere from 10 seconds to a couple minutes later after connecting to my router. Again, I have not have any wireless issues before. Below is the end of dmesg when I enable the device.
[ 1220.725229] Registered led device: iwl-phy0::radio [ 1220.725372] Registered led device: iwl-phy0::assoc [ 1220.725883] Registered led device: iwl-phy0::RX [ 1220.726422] Registered led device: iwl-phy0::TX [ 1220.749395] ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 1228.969542] wlan1: deauthenticating from 00:24:01:f5:b8:b0 by local choice (reason=3) [ 1229.008433] wlan1: direct probe to AP 00:24:01:f5:b8:b0 (try 1) [Code].....
