I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
View 1 RepliesI am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies View RelatedInstalled Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
View 1 Replies View Relatedi've tried blocking ping requests with iptables.. and it didnt work Quote: iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
also tried editing sysctl.conf.. which worked perfectly but after i restarted the system i was able to ping my ubuntu machine from my lappy here is what i added to sysctl.conf and then executed it with sysctl -p
Quote: net.ipv4.icmp_echo_ignore_all = 1 here is another atempt to block.. this one worked too... but again after the restart i was able to ping my machine.. Quote: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
I was trying to write IPTABLES script to block the ICMP ping using the below mentioned command in OpenSUSE 11.2 Doing this in VMware.....
iptables -A OUTPUT -o eth0 -p icmp -j DROP
& then I tried to ping the different computer & it didnt allow me to ping.
Then I deleted using the command -
iptables -D OUTPUT -o eth0 -p icmp -j DROP
then I couldnt ping also. Another thing I found is my firefox is not connecting to the internet as well, but before writing the script, I can connect to internet.
I did a "dhclient" & iptables -F....
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
I run a linux box as a gateway behind a satellite modem. The internet link over the satellite modem is only 1mbit so the usage often reaches 100% when someone is downloading/uploading something. I am seeing my ping return time jump from 700ms to 6000ms if someone tries to upload a file (by sending a attachment in a email etc). The satellite operator is saying this is normal, but I have my doubts.
Has ICMP got a lower priority? Should I really be seeing this behaviour? I understand that if it was a TCP packet then it would just be queued until the previous acknowledgement has been received. And if it was a UDP packet then it would have been dropped, but how does ICMP deal with these situations during heavy traffic?
Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
View 2 Replies View RelatedWhy linux traceroute uses UDP protocol, we have basic ICMP protocol which is used in MS-windows tracert.Any specific use of traceroute using with UDP,TCP than ICMP?Windows is displaying all HOPs address but linux printing *.*.*
View 8 Replies View RelatedI have a C program which does.
1. Creates a UDP socket
2. Send the UDP Request packet to the TFTP server.
3. If the TFTP server is not listening in the 69 port, the remote machine send an ICMP ("Port Unreachable") message.
Is there a way to receive a notification from the Linux kernel on receipt of an ICMP packet to the created UDP socket.
icmp request from an ip that is in the same network as one of the local interfaces is not responded to, if the ping request is received via an interface in a different network. Is this some security feature?
Consider the below network
x.1|RTR1|-y.1---------y.2-|RTR2|-z.2------z.3-|LNX|-x.3
RTR - Router
x.1 -> 192.168.x.1
LNX - Linux machine
[Code]....
So im trying to get an icmp tunnel setup using ptunnel. When I run it under the same network and use to connect to RDP, it works fine, however when go outside my network and connect in, it does not get anywhere. I can confirm that I have forwarded ICMP packets to the server (if I ping the external ip it will show the status of the server if I unplug it) and that the server is showing signs of registering it.
On the client it just tries to resend the packet "Resending packet with seq-no 0" Over and over Firewall is off for testing so thats not the issue.
I need to block all BitTorrent access on my machine, ie blovk users from using Bittorrent. Is there a port range I can block or some sort of protocol?
View 9 Replies View RelatedFrom what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
View 6 Replies View RelatedI tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
Why firewalls does not allow ICMP echo request packets. Why are pings not allowed to certain systems?
View 1 Replies View RelatedCan any one tell me a network monitoring tool which can monitor remote connectivity and generate a comprehensive report about the link state like up/down, error timings, increase in latency and packet loss rate.
View 3 Replies View RelatedOn my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
View 1 Replies View RelatedA couple of weeks ago, I completed a system upgrade that was motivated because I have to deploy Windows 7. I have to deploy it because my Windows development environment is getting very long in the tooth, and I have to become current again for a project of mine that is underway. So, yesterday, I deployed Windows 7 Professional in VMware 7 hosted on Mandriva 2010. With my new upgrade, I have a very capable quad-core athlon system with an NVidia 240GT video card, and it runs Aero quite nicely in the virtual machine. I do have to say that Windows 7 looks nice and isn't too annoying to use, except - of course - when I need to dig into it to change some setting or another.
Now, on Windows, for many years I have used Zone Alarm firewall rather than the Windows firewall, because ZA monitors and controls outgoing connections. I have used this on both my Win2K development system (virtual machine) AND my Win XP laptop to keep microsoft applications (notably media player) from calling the mother ship when I didn't think they should. It has worked well. So one of my first actions was to download the newest copy of ZA free firewall and deploy it on Windows 7, after disabling the Windows firewall. Well guess what. ZA doesn't stop Windows from calling the mother ship. I have all settings on ZA set to "ask" before allowing anything to contact the net, but I've been playing with some multimedia things and the microsoft software has been talking on the internet as happy as you please, and ZA hasn't asked me a single time if it could do so.
Of course, when I ran a few tests with ping and tracert, ZA asked me. Also, I had to fiddle with ZA settings a bit to get the Windows 7 to successfully talk to my LAN. But when Windows 7 wants to talk to microsoft, it talks regardless of what ZA says. Well, when you get down to it, this is one reason I have Windows running in a VM...I WILL be in control, regardless of what microsoft wants. Does anyone know of a tool that I could use from Mandriva to prevent a VMware client from talking to a website? I'd like to be able to easily enable/disable it so that I can let Win 7 talk to microsoft when I need for it to do so, but no other time. I'm using bridged networking in VMware so all my virtual machines have their own IP addresses, but of course all of them (as well as my host Linux system) go through the same network adapter. It seems to me that iptables would have to work for this, but I'm not at all sure how to set it up to do it given the bridge.
I set up a static IPv6 address and a gateway in /etc/network/interfaces. However, a bad router in my network environment alway send wrong ICMP router discovery messages to me. So I have got extra (wrong) IPv6 address and gateway, and the routing is confused. On Windows Servers, I can use "netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disable" to disable ICMP router discovery. But I don't know how to disable it on Ubuntu 9.10. How could I disable ICMP router discovery for IPv6?
View 4 Replies View RelatedWhen I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
Struggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies View RelatedI have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
I'm setting up a Linux machine thet'll be shared by several users, some of whom will be admins. Is there a way to restrict access to a user's home folder (encrypt or block completely) for other regular/admin users?
View 3 Replies View RelatedI try to access my ubuntu machine via my Windows Machine (Samba Server on Ubuntu Machine). Anytime I try to access the machine it asks me for my password...I enter it but it says it is invalid....is there anyway to reset it? I have already tried to remove and purge everything Samba related and then tried reinstalling, but that still didn't do anything
View 2 Replies View RelatedI have an ubuntu kk laptop connected via wireless to my mixed network (xp, win7, other ubuntu), but i can not ping said machine or connect via ssh. Internet and smb-browsing ON this machine work, as does pinging FROM it. If this was a windows machine, I'd say a firewall is in the way, but since it's a vanilla karmic install, this should not be the case (or should it?).
View 2 Replies View RelatedIt seems whenever i create a folder it creates the folder as untitled folder, but i can't change the folder name it just says "you don't have permission to rename item" but yet i created the folder and it is there. One thing i have noticed is that once i enter a folder it won't even let me move the folder.
View 6 Replies View RelatedI have ubuntu-8.04.1-server installed on virtual machine. It works perfect. Now, I made copy of this virtual machine. I started that copied machine and it works fine, except one thing: network does not work!
I have several others VMs with freeBSD, openBSD or Windows on it, but only ubuntu machine hes network problem after coping. I tried some other VM with ubuntu on it - same problem! I downloaded VM with ubuntu - same problem.I take a look into /etc/network/interfaces file and it looks just as it should (same as before coping) but ifconfig command returns parameters for lo only (before coping there was eth0 and lo).
I have an issue with the manner in which Network Manager is configuring the network and short of ditching Network Manager I can see no solution.The issue : Getting a machine to update its machine name in the DNS serverSounds simple doesn't it I operate a FreeBSD based firewall / DHCP / DNS server, using a default Network Manager DHCP configuration the Fedora clients do not register their names with the DNS server when they obtain an address.
I have traced the communications with Wireshark and the Fedora clients are NOT supplying the PC's hostname as part of the exchange so this is NOT a DNS server configuration issue. If I uncheck the option 'Automatically obtain DNS information from provider' under the DHCP settings the Fedora clients DO register the hostname that is put into the Hostname (optional) databox. They do NOT however store the DNS server IP address or any other records defined by the DNS server.
Is there some hidden settings or is this a bug because it isn't acceptable 'DHCP' behaviour if it isn't possible to automatically set DNS server IP addresses and at the same time register the hostname during the DHCP negotiation. Before it is said I know I can use a fixed DNS IP address but am not prepared to long term, I am also not prepared to define the Fedora clients with a 'static' IP. I am similarly not interested in playing around with scripts or any other such 'frigs' to achieve what should be a standard activity - registering a host with DNS during the DHCP negotiation.
I am trying to establish the easiest way to share a folder from an Ubuntu machine to a Windows machine.In the past I have added things to smb.conf and that has all worked fine but what I am trying to do is to figure out what the "new user" way of doing this is so that when I am helping other people I know I am getting them to do the simplest thing.I completely removed samba and reinstalled it so that I didn't have any configuration. Right clicked on a folder and selected "Sharing Options" ticked the "Share this folder box" gave it a name and a comment and ticked the other two boxes.
When I went to the windows laptop then it kept asking for a username/password and nothing worked.Back on the ubuntu machine I did sudo smbpasswd -a [username] and created a blank password. Now from the windows machine I can access the shared folder.Is the smbpasswd step still required? It's very confusing for a new user as there is no suggestion that anything other than right clicking on the folder and choosing the options you want would be required. Is it something to do with the fact that this is an ubuntu machine that has gradually been upgraded through versions and this problem wouldn't have been there from a new install?