I am using putty in my windows machine to access my Linux server terminal.
Code:
Putty works fine if I disable my Linux IPTABLES. My Windows machine IP is 192.168.1.249
Linux server IP address is 192.168.1.200 I don't know how to allow it through IPTABLES.The port which putty is using is 22.
I'm trying to open port 8080 on my application server. I've included it in my iptables; however I still cannot access through ssh nor putty and it doesn't show up when I netstat either.Here is my iptables-config:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -s xxx.xx.x.0/24 -j ACCEPT
[code].....
i'm having a weird issue on 10.04. I have a bash script I wrote to drop incoming connections that are faster than a specified rate (6 per second in the example). I've been using the script successfully on 8.04LTS and CentOS for 2-3 year but it doesnt seem to work on 10.04
Code:
INTERVAL="2"
HITCOUNT="6"
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --set
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --update --seconds $INTERVAL --hitcount $HITCOUNT -j DROP
When I try something like, I get:
iptables -A FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
iptables: No chain/target/match by that name.
So I re-compiled the kernel enabling WAN Router, and all the subsections. Downloaded latest iptables, removed the RPM one, installed the iptables from source.. Guess what, same error!
PS: iptables -m u32 -h works, it displays a page of info.
my problem is following: I'm running a bridged OpenVPN on my Debian. If the service is running, everything works fine: local and Internet, ftp, mailing from in and outside etc. But, when stopping OpenVPN, sending mails from inside (LAN) fails: I cannot reach smtp (postfix) listening on port 465. And even reaching mailboxes using IMAP gets horribly slow eg. in Thunderbird. Here is my firewall.sh script.
Quote:
#!/bin/sh
echo "
IPTABLES FIREWALL inicializalasa - szures"
# Enter the designation for the Internal Interface's
INTIF="eth0"
[Code].....
i want to open specific port using iptables i.e 3159 Whenever i tried to telnet it generates the following error
Code:
# telnet 172.16.4.100 3195
Trying 172.16.4.100...
telnet: connect to address 172.16.4.100: No route to host
telnet: Unable to connect to remote host: No route to host
but when I stopped iptables
Code:
# service iptables stop
Its working fine
i added the ports in iptables i.e.
Code:
#iptables -A INPUT -p tcp --dport 3195 -j ACCEPT
for safe side I also added telnet port
Code:
# iptables -A INPUT -p tcp --dport 23 -j ACCEPT
but result was same.... In short telnet works without iptables but with iptables it generates the error mentioned above
I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:
Code:
# Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011
*nat
:PREROUTING ACCEPT [2443:347058]
[Code]...
Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.
I have an old iptables script (?) that I got from iptablesrocks.org, which works fine with my antique Fedora 4 system. I transferred it to a brand new RHEL 5.3 install, but when I go to use 'iptables-restore < firewall_script' it throws a 'no command specified' error at the very last line of the script, which I have never seen before. The script works fine on Fedora 10 and RHEL 5.1, I am pretty sure it even works fine on RHEL 5.2. Could it be that the fact that I am using 64-bit Linux for the first time, and need to do something different? Here is the script: [URL]
View 5 Replies View RelatedOn the computer on which I have to login, Shoreline is installed.I know I can add rule to /etc/shoreline/rules but I decided to manually enter an iptable rule by typing:
Quote:
/sbin/iptables -A local2fw -s 10.100.98.74 -p tcp -m tcp --dport 22 -j ACCEPT
Then why am I not able to login using 10.100.98.74... I get connection refused error...
I've used iptables since it replace ipchains, and I've never had a problem like this.The problem is, as you can see by the title, that port forwarding simply does not work.
network topology:
Slackware Linux Server:
eth0 - LAN (192.168.0.0/25)
eth1 - DSL Static IP
eth2 - cable Static IP
eth1 is our standard office connection; it handles all of our default traffic (web browsing for the staff, email, etc). eth2 is our VPN connection, as well as use for all incoming connections (www, etc). Behind the linux box I have a series of Windows Server 2008 R2 boxes that are used to run our office software, website, etc - I don't care how nice they make their products these days, I simply don't trust any MS box open to the net.
Therefore, this leaves me with having to port forward port 80 from eth2 to the internal IP address of the web server.
My ruleset is as follows:
$WWW - ip address of the web server
iptables -A FORWARD -d $WWW -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to $WWW
Running ip route shows that I have routing entries for all 3 networks, and I can ping, ssh, etc to any of the addresses without issue. OpenVPN connects across eth2 as well, and all 15 of my VPN tunnels work fine. However - and here's the kicker - if I delete the default route and replace it with the route for eth2, port forwarding works fine.
If we accept that my networks are as follows:
192.168.0.0/25 - eth0 net, gw .1
1.1.1.0/29 - eth1 net, gw .1, eth1 ip .2
2.2.2.0/30 - eth2 net, gw .1, eth2 ip .2
then ip route reveals the following:
2.2.2.0 via 2.2.2.1 dev eth2
2.2.2.0 dev eth2 scope link src 2.2.2.2
1.1.1.0 dev eth1 scope link src 1.1.1.2
[code]....
trying to alter the source IP of my outgoing http packets through iptables. This should be simple enough, right? Regardless, I'm cracking my head trying to understand what I am doing wrong. Wireshark shows that the outgoing packets do not have the source IP modified at all. I want this to happen for TCP packets sent on Port 80 (http traffic). I am using the nat table in iptables to attempt POSTROUTING. I've tried several different rules at separate times:
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j SNAT --to-source 172.16.8.50 <--- Still sends out TCP packets as originating from 172.16.8.100
iptables -t nat -A POSTROUTING -s 172.16.8.100 -p tcp --sport 80 -o eth0 -j SNAT --to-source 172.16.8.50:80 <--- Still sends out TCP packets as originating from 172.16.8.100
iptables -t nat -A POSTROUTING -d 172.16.10.71 -j SNAT --to-source 172.16.8.50 <--- This rule was a last-ditch effort. It is supposed to rewrite the source IP for ALL packets going to the single client machine. Still doesn't work - the packets have the source IP unchanged.
I have another server - let's call it serverB/172.16.8.50 - that forwards all http TCP packets on port 80 to serverA/172.16.8.100. This part works. But when ServerA responds, it responds with its source IP for ServerA. I need it to respond with the source IP of ServerB. Otherwise, the client gets confused and ignores the packets (because the client sent an HTTP request to ServerB, but the response comes from ServerA).
I'm trying to build a firewall with IPTables: INTERNET <--------> (eth0) FIREWALL (eth1) <------------->FTP_srvI set all rules DROP by default.My rules for forwarding packet to FTP server:
#iptables -t nat -A PREROUTING -i eth1 -d $FIREWALL_EX_ADDR -p tcp --dport 21 -j DNAT --to-destination $FTP_ADDR:21
#iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]....
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:
Code:
# /etc/network/interfaces
# Loopback interface
auto lo
iface lo inet loopback
[code]....
From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:
Code:
iptables -A INPUT -j QUEUE
And then to forward traffic, I did:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.
I was trying to setup port forwarding on my setup. My network consists of:
Code:
[Server: xxx.xxx.xxx.15]
|
|
[ switch ]
[code]....
I ran the following 2 commands:
# iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.15:80
# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
Yet I am unable to connect. Are these the correct commands? I am using IP Masquedering on the same box using the following commands:
Code:
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
[code]....
I don't think there is a hidden firewall in the switch but if these commands are correct, then I may need to contact my ISP and see if they are blocking the commands. I just wanted to make sure I was not doing some stupid mistake before I try to contact my ISP.
EDIT: Also, is it possible to forward Port 80 requests to different servers depending on the hostname used to connect, so say [URL] redirects to server xxx.xxx.xxx.15 while hhh.com redirects to xxx.xxx.xxx.16?
I have managed to get iodine working between my ubuntu intrepid box and my windows client with a caveat.
The firewall rules allows DNS queries inbound. The client tunnel endpoint gets assigned an IP address and the tunnel is established properly.
However when I try to ping from the client machine, the reply packets are not coming back.
I used TCPDUMP on the Ubuntu box and watch the dns0 tunnel interface, and noticed that the packets are reaching the Ubuntu box from the client, but I don't see ANY ICMP echo replies until I turn off the firewall from Firestarter.
I see that outbound access rule is to allow all.
Running Fedora 5
We changed ip's the other day and now ssh is not working. SSH/Putty was working fine before the ip change. Everything else is working fine on the machine. The sshd_config file has not been touched at all since I've been working on the machine.
var/log/messages shows this: Code: bind to port 22 on 0.0.0.0 failed address already in use netstat -an shows that tcp is listening on 0.0.0.0:22 with no port conflicts.
I am trying to setup a putty session to putty from one Ubuntu machine to another. I know how to setup to connect to the machine from Windows and I am using the same settings for the one I am trying on the Ubuntu machine but it fails to connect. It fails immediately so I believe that putty is not able to find ssh. Is there some configuring that I need to do.
View 7 Replies View RelatedToday I tried using PuTTY to set up a socks proxy on my local machine, a procedure I used to do when I was not using Ubuntu which used to work flawlessly and out of the box... however, apparently putty is not able to set up a port on my PC, but if I use ssh -Dport, everything works smoothly. Again, this used to work out of the box on other distros... any hints?
P.S.: This is the third problem I'm having with standard operations in Ubuntu: pinentry-qt4 does not work, the scanner needs manual setting to permissions, now this... isn't this distribution supposed to be user friendly? I'm resorting to the terminal more than I ever did.
I can log in when using the keyboard from the server no problems but when I try and log on from my laptop this morning using putty I can connect type in my user name but when I put in my password it says access denied now I also can not FTP and webmin does not connect to the server but I can get to the web pages no problem with a browser so can this be fixed or do I have to start from scratch again to get me logged in with putty and webmin somehow the password is not working in ssh.
View 8 Replies View RelatedI am downloading a big file on linux VPS, and I am connecting remotely via Putty to do it? Once I initiated the wget command to download the file, if I close the putty window, will wget continue to download the file in the background even though the session is technically closed?
View 11 Replies View RelatedI just started having a problem with my 10.04 laptop a few days ago, maybe Thursday, last week. When the computer is plugged into my home network (standard 192.168.1.1 sort of IPs) it works fine, but when I try to connect to my work network (130.15.90.XX) I am unable to pick up an IP. The router in my office is working fine, all the windows boxes can connect.
I've also noticed that when the computer is plugged in at work the notification icon for the networking indicates it is looking for a wireless connection (rather than the normal up/down arrows), even if wireless is deactivated
I can set a static IP in /etc/network/interfaces and everything works, so it seems to be a DHCP problem?
I've read a number of web pages on this and scoured a few forums, but I can't seem to get it to work. Here's the low down so far [don't know if this matters] server has a bridge interface
Edited /etc/ssh/sshd_config
X11Forwarding yes
X11DisplayOffset 10[code].....
The full text of the error or warning message cannot be safely formatted in this environment. You may get a more descriptive message by running the program as a non-root user or by removing the suid bit on the executable.xterm Xt error: Can't open display:
I am access my linux box remotely using putty. I ran some build process on the remote machine. I lost my connection and now I had to re login using putty. I dont know if my process has finished or not. How will I check that.
View 2 Replies View RelatedI've seen other posts on this issue, but don't know if they were ever resolved. I've tried some of the suggestions but none seemed to apply.Flavor - 10.10 Issue - Access via VNC after reboot
All in all, I have had nothing but success with Ubuntu, being that I'm no to it, but knowing what I need, I can usually find the solution. My problem is accessing via VNC after a reboot. The issue is the keys (keyring)
Router is setup for SSH on 22 for PuTTY to work, 5900 for VNC to work. If I am at the machine and login, VNC is possible from outside. Should I be running a different server other than the Remote Desktop that is included?
Is there a way to login via SSH to unlock the GUI to allow VNC access? I would not even bother with GUI, but I'm not there yet with the CLI To all that have suggested I learn it, believe me I'm working on it. All of us out there that have the Swindows syndrome have an uphill battle. I can't be the only one up against this. If anyone who has serious skills could take 5 minutes and peek. I can't think of any other information that I could supply. If there is,
I am trying to transfer a file from my work Win7 computer, to my Ubuntu home server. I can SSH into my server using PuTTY with no problems. The "Access denied" occurs after I type my password of course.I just want to push a file from my Win7 machine to my Ubuntu using SSH and PuTTY. PuTTY is what I have loaded on my work machine.
View 3 Replies View RelatedI am trying to play my audio files at work from my home computer over ssh. The computer I use at work is windows and so I use Putty to make that connection. However when I mplayer file.mp3, the file starts to play, but I am assuming it's playing on my home computer.....so, I am wondering, how do I forward the audio to my remote computer?
and no, can't use a CD... I work in a car with no CD player, and the computer is a Panasonic Toughbook with no CD-ROM... options are limited.
I have Debian installed in embedded PC which is in a vehicle . This PC collects information related to engine .This pc is connected to internet using Verizon USB 175 modem.i connect to internet uing Wvdial. On connection it gets dynamic IP and uing this Ip i planned to login through Putty.This whole system Is in US , when i was in US i had laptop which is connected to internet using verizonPCMCI modem. from that laptop i used putty and entered dynamic ip in Putty and i could successfuly login to the system in vehicle.But when i came back to India i tried to login to the system , here i have different ISP not verizon , i tried to ping that IP ( technician called from US and informed the new IP ) in the Vehicle and i was successful in doing that , i got echo to my ping. Now using that Ip in putty to login but i could not login ,it gives time out
View 7 Replies View RelatedCan you find my blind spot? I had PuTTY up & running untill I did a reinstall of Fedora13.I can ping 192.168.1.163 fine. SELinux is disabled. Firewall is default (SSH allowed on p22).I have just disabled the firewall with same result)
PuTTY reports:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.07.20 16:23:52 =~=~=~=~=~=~=~=~=~=~=~=
Event Log: Writing new session log (SSH raw data mode) to file: C:UserswimDesktopputty.log
[code]....
I am new to using Ubuntu but I have installed ubuntu karmic koala on my laptop and am dual booting ubuntu and xp on my desktop. I am wondering how I go about setting up putty so I can view my desktop from my laptop because I travel quite frequently.
View 2 Replies View Related