On my firewall I have DNAT for certain UDP streams. I have set up the DNAT and FORWARD rules:
Code:
#: Redirect port 6006 to TH2
$IPTABLES -A FORWARD -j ACCEPT -d $hst_stratus_th2 -p udp --dport $prt_mdi
[code]....
If I'll install this will it effect my files?
View 2 Replies View RelatedI have upgraded to 10.4 and and after try to install mac look in ubuntu.My screen start flickering, I found it this due to in system => preference => appearance => effect become no effect automatically (as each and every time I select extra effect)After some time.for changing this setting i need to turn off the computer and restart then after i can do it i.e. change effect to extra effect. Its done after following installation
[URL]
How to enable wooby effect (compiz desktop effect like ubuntu) in fedora 15.
View 1 Replies View Relatedi got driver and when i install driver and reboot computer I got just terminal and when I type startx I get error FLGRX and sam log file or something like that.
instruction i found here but some comands didn't worked openSUSE Lizards
I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf
View 2 Replies View RelatedHOW to Go about the Linux Programming of DATA FUSION. Need to Multiplex ( Mux ) two Data Streams broadcast over Wireless and then Demultiplex (DeMux )on the Receiving side and give output on Individual O/p Screens.
View 2 Replies View RelatedI got a server setup with three nics
eth0 = wan
eth1 = lan
eth2 = iptv (multicast)
When I have my IPTV inserted in the computer I am either having problems connecting to the internet or recieve the multicast streams from the iptv. I do get a valid ip on both the WAN and IPTV, but I am having problems getting them both to work at the same time.
eth0:
eth0 Link encap:Ethernet HWaddr 00:14:d1:1d:72:39
inet addr:94.xx.xx.63 Bcast:255.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2180753 errors:0 dropped:0 overruns:0 frame:0
[Code]...
I can't seem to get CBQ / tc working when I attempt to filter ip+port. It works when I just filter on IP though, I don't understand what the problem is. Here is my CBQ file.Quote:
DEVICE=ppp0,51200Kbit, 51200Kbit
RATE=512Kbit
WEIGHT=512Kbit
[code]....
I added a few rules to my /etc/iptables.rules file and then used sudo iptables-restore < /etc/iptables.rules but i got an error saying "iptables-restore: line 29 failed".But the only word on that line.
View 1 Replies View RelatedIm running several linux boxes, all redat enterprise linux. Versions vary between 4 and 5.
Since we have problems with our DNS servers, Im trying to lower the DNS resolve timeout to the minimum to avoid system hangs etc.
However, it seems that nothing I do have any effect. when Im running time nslookup whatever.com or time host whatever.com while my first DNS server is down, it always takes about 1.09sec as opposed to 0.09sec when the first server in the list is available. I tried playing with options timeout:X attemps:X but it simply doesnt seem to do anything, even if I set it to high values. Some internet posts suggested having timeout:0.5 or less, but that also doesnt seem to do anything.
when I use:
options timeout:0.3 attempts:1
- doesn't do anything.
options timeout:1 attempts:1
- doesn't do anything.
options timeout:10 attempts:3
- doesn't do anything.
It doesn't work when I put it in the first line of the file. It doesn't work when I put it in the last line of the file.
It doesn't work if I put it in "export RES_OPTIONS=options timeout:X attempts:Y"
I tried it on 2 different machines.
Even though I've set up HTTPS to be trusted, it still blocks my school's https site: "mnsu.edu/eservices" same with SAMBA and SSH.
If enter the GUI and authenticate as root, change anything and apply, then exit: it works fine and so does SAMBA. However, after restarting, everything stops working again.
yet secure firewall configuration that doesn't require any login or headaches.
Is it possible to apply a rule to a specific local IP? For example lets say I have a two IP's assigned to my server, 1.1.1.1 and 2.2.2.2.;.I want to deny all connections going to 1.1.1.1 only asides from a couple of trusted IP's I will define.
View 1 Replies View RelatedI need with some iptables rules. I've done all I can, Googling all over, to cover as many exploits as possible and the following script is what I've come up with. The current set up works and I've checked with NMAP. I just need some sort of confirmation that this is pretty much what I can do.
Code:
LAN="eth0 eth1"
RANGE=10.1.0.0/17
WAN=eth2
# Delete all existing rules
[code]....
Also, if I wanted a broadcast to be relayed to all subnets within a defined range, how would such a iptables rule look like? I need this in order to find a networked Canon MP640 printer.
I just install 1 firewall using Iptables.
Firewall includes 2 NIC:
NIC1 <IP PUBLIC>
NIC2 192.168.10.1
I installed 1 web server IP: 192.168.10.2
I have some PC IP range: 192.168.10.10->20
I set rules NAT on firewall and PC & web server can connect internet good, but I have problems:
When PC access to web server with IP 192.168.10.2 that ok, but PC can't access to web server when using IP Public. But outside internet, I can access to web server using IP Public.
Rules on IPTables
Code:
# Generated by iptables-save v1.3.5 on Sun Mar 7 21:01:16 2010
*nat
:PREROUTING ACCEPT [950:126970]
:POSTROUTING ACCEPT [89:5880]
:OUTPUT ACCEPT [19:1342]
-A PREROUTING -d 209.99.242.124 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.2:80
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT --to-source 209.99.242.124
*filter
:INPUT DROP [1599:157409]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [232:34452]
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d 192.168.10.2 -p tcp --dport 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT
I am building a router and I wonder if I have some rules like this and
/proc/sys/net/ipv4/conf/all/accept_source_route is 0 will it work.
Code:
echo 1000 TEST >> /etc/iproute2/rt_tables
iptables -A PREROUTING -s 192.168.2.0/24 -t mangle -j MARK --set-mark 1
ip rule add fwmark 1 table TEST
ip route add default via 192.168.3.5 dev eth2 table TEST
I am not quite sure is it source routed packages at all. And also even if it works with my router will next firewall drop such packages. I have mentioned before that some things like:
Code:
ip route add default via 192.168.3.5 dev eth2 src 192.168.2.0/24
do not work
For some reason, Ubuntu keeps assigning my network interface wrong MAC address. This happens only after fresh boot (I have dual boot with WinXP, if I start Windows first and then restart to Ubuntu without switching computer off, the MAC is correct). Contents of /etc/udev/rules.d/70-persistent-net.rules:
Code:
# PCI device 0x10ec:0x8136 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:22:19:ef:1c:3d", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x168c:0x001c (ath5k_pci)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:17:c4:78:f4:f8", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"
[code]....
EDIT: I made a workaround by adding
Code:
auto eth0
iface eth0 inet dhcp
hwaddress ether 00:f3:f5:ef:fe:56
to /etc/network/interfaces and it works. However, I'd still like to know why Ubuntu ignores my udev rules, regardless whether the workaround happens to work or not...
I have an existing unix user that some how didnt make it into the copy over to our LDAP server. How do I add an existing unix user to an existing LDAP directory? Will ldapadd work? I was under the impression ldapadd required an ldif file to work properly.
View 7 Replies View RelatedI am trying solve a strange problem which ocurred after upgrading many packages including kernel and iptables.This is a Fedora 10 PC acting as a small home-server I've been using over a year without problems. Recently, I've run a yum upgrade and after that, connections outside home wouldn't work. No changes in IPtables (firewall) rules have been done. But connection through local network is working.Symptom is.I've connected to my second PC at home and connected to the server. It works fine on local network. I restart network services (service network restart) and outside connections could be established.I have disabled iptables and ip6tables and after reboots it works fine. But PC is running without firewall.
View 5 Replies View RelatedHow do I get ufw to refresh firewall rules after accidentally running iptables -F
View 3 Replies View RelatedDoes anyone have tips about iptables rules for filtering network traffice?
View 2 Replies View RelatedI am working on a Fedora 13 iso that will be used on some of the PC's at my work, the computers will have a varying amount of Ethernet ports, at least two onboard and up to 6 external. In order to ensure that the same physical port on the back of the computer is always used for the internet connection I have written a script to rearrange the contents of /etc/udev/rules.d/70-persistent-net.rules. The script ensures that the two Ethernet ports on the motherboard are listed as eth0 and eth1, without it they could end up as any port in the eth0-7 range.
The script works well however when its run I need to reboot the PC for the ifconfig to load the correct port as eth0/eth1. I have tried placing calls to my function through the rc.sysinit/rc.5d/rc.local and so on however nothing seems to work.Is there a way to make ifconfig check the mac/eth configuration files for changes (There appears to no longer be an ifprobe command which sounds like what I need). Alternatively is there somewhere I can place the script after udev has created the persistent-net.rules but before anything else loads the information. I have tried chkconfig --level 2345 network off and loading the service later but it still uses the wrong information, only a reboot seems to get it to work
every now and then Firewall Builder fails to open rules (*.fwb)and I have to use some old backup. it does load 'object libraries' but the main 'currently editing policy' panel is empty.(in gnome, debian testing amd64)
View 1 Replies View RelatedI'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?
View 1 Replies View RelatedWhenever I add a rule to iptables, all of the policy counters reset. The counters for each individual rule remain intact, however, the main counter resets. Here's what I mean:
Code:
[root] ~ # iptables -vL
Chain INPUT (policy ACCEPT 65M packets, 83G bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 50M packets, 30G bytes)
pkts bytes target prot opt in out source destination .....
The following is my setup. wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3) as show above i have target board for that i have a wireless interface and a linux pc is connected to target board.now the ips are like this for linux pc 192.168.36.3 and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.but when i do the same from target board connected linux pc its not pinging from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1 .I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
Is there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.
View 1 Replies View RelatedI have a machine with 3 internet facing nics, all of which have static IP's. The IP's are all in the same subnet, and use the same default gateway.Using ip tables and rules, will I be able to make all three of these able to handle traffic?I have the following configured, but it doesn't appear to work:
# ip rule
0:from all lookup local
500:from 72.43.220.146/29 lookup 1
[code].....
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
I'm trying to build a firewall with IPTables: INTERNET <--------> (eth0) FIREWALL (eth1) <------------->FTP_srvI set all rules DROP by default.My rules for forwarding packet to FTP server:
#iptables -t nat -A PREROUTING -i eth1 -d $FIREWALL_EX_ADDR -p tcp --dport 21 -j DNAT --to-destination $FTP_ADDR:21
#iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]....
