I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.
View 14 RepliesI have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
I've seen many posts about setting up VPN's but my doubt goes further. I just need access to the local network of my office from a Windows XP (which of course is outside the LAN). I would like this PC to have access to the whole LAN, but what I really need is it to access to an Ubuntu Server (e.g. 192.168.0.10). The router is a Netgear DG834, which has a built in VPN functionality. So, is it enough if I set it up? Do I need to install any VPN server in Ubuntu? What if I want to access to another computer in the LAN? Where should I start?
View 4 Replies View RelatedI want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies View RelatedLink 1 = my network [url]
My network:
Subnet 1
Subnet 2
When someone creates a network loop (a cat 5 cable is plugged into two ports on a switch), the 2 subnet get flooded and become very slow.
How can I prevent subnet 1 from getting flood if someone create a loop on subnet 2.
- eth2 go offline automatically until the network loop is canceled.
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedI'll state the issue and then give whatever extra details are needed. I'm running Ubuntu 10.xThe Linux box is connected to a router via ethernet. That Linksys router is bridged to an AT&T router.The bridging is working fine. The AT&T router's page shows the IP of the Linux box and lists it as a device. The Linksys page shows no errors with packet transmission and receipt. I can ping the Linux box from any client on the AT&T router, and can ping the AT&T clients from the Linux boxI had set the IP of the Linux box to192.168.1.201 while configuring that router, as I had set that router to 192.168.1.200 and it just seemed orderly.The network preferences show eth0 being set to auto dhcp, but the IP is still set to .201 so I don't know that it actually released or renewed.
View 5 Replies View Relatedhaving trouble connecting to many websites due to recent actions of the Iranian government on banning a lot of websites.That's why, I decided to make my computer act like a bridge for their computers, so that they can surf the web using my Internet connection in US. I have Arch linux running on my desktop. I tried to install OpenVPN based on the instructions at ArchWiki page, but I had no success. I guess OpenVPN is too much for what I want to achieve and ArchLinux repositories don't have all the necessary packages to configure it based on some posts I read.
View 3 Replies View Relatedi have successfully setup PPTPD on my server and I can open a VPN tunnel but my clients can only ping the server's IP, they don't have access to the internet through the VPN.
i have searched different forums and understand that I have to create a route on the server to route packets between the VPN interface and my internet gateway, but I didn't manage to get this work.
here is what my setup looks like:
Code:
root@r31495:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1c:c0:c7:13:35
inet addr:94.23.197.XX Bcast:94.23.197.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
got an asus wl500gp v2 and i just had to reflash it. Flashing went through fine, but while setting up the PPPoE connection I got stuck. Here is what the configuration looks like:ADSL Modem ---Ethernet--- Router ---Ethernet--- Laptop I set up OpenWRT to connect over PPPoE over the WAN port and the connection is established:
PAP authentication succeeded
peer from calling number XX:XX:XX:XX authorized
replacing old default route to br-lan
[code].....
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies View RelatedI have set up a FTP server in my home (FileZilla) and everything works how it is supposed to. I understand that port forwarding is required and can easily set that up. My question is what IP address do I use to connect to it when I am outside of my home network. Do I use the one my ISP gave me? And how do I figure out what that is? Could my ISP be using NAT that could be messing things up for me? Could there any other configurations that I need to perform ? Also do ISP's frown upon home ftp servers? (USA)
View 5 Replies View RelatedI have Facebook blocked in certain areas on my network. So certain machines cannot navigate Facebook. One other issue is chatting with 3rd party clients. How do I block that? Can I block a certain port on the firewall/router? I can't seem to find what Facebook uses.
View 1 Replies View RelatedI'm trying to give some windows users a permanent connection to a samba share behind a firewall over the public Internet. I know I can give them access with something like winscp (which they have done) but really I'd like to do it with a VPN so it seems seamless to the user. However I have no idea how to set up the server to support this and am finding the documentation a bit confusing. The samba share is on a Debian box and the firwewall is a Linksys WRT54GL.
View 1 Replies View Relatedi have the following ip assignments
fedora (iptables)
eth0 -private :192.168.1.1
eth1 -public : 186.117.50.6
squid proxy
192.168.1.10:3128
my clients range
192.168.2.0/24
how can i make my clients to browse internet only from proxy server my network is NAT 'ed. Please specify a iptable rule to allow internet access for my clients to browse ONLY if they come through proxy server.
When I enable my ufw it completely shuts me out and I have no internet connection. When I do:
Code:
sudo ufw status numbered
I get:
Status: active
To Action From
-- ------ ----
[ 1] 80 ALLOW IN Anywhere
[ 2] 80 ALLOW OUT Anywhere (out)
But I need to disable my ufw in order to reconnect back to the internet. Why is that? Doesn't the above rules indicate that I should have inbound and outbound traffic even if my firewall is up?
I have never seen this before but to connect to the internet either wired or wireless I have to connect to a broadband connection as well. I am currently using wireless; I connect to ISP with wireless but in order to access the internet I have connect to the wireless connection through my broadband connection(This is where I enter a user name and password.). I'm not sure why this is, I have always just plugged an Ethernet cable in and the computer just knew I guess.
I am using ubuntu-10.04-netbook-i386.iso that I had put onto a USB drive. It booted fine, but when I tried accessing the internet I couldn't. I was able to connect to the ISP, but I couldn't find any settings for a broadband connection. My computer is a Acer Aspire One Netbook 250
Intel Atom
CPU N270 @ 1.60GHz
1.60 GHz 1.99 GB of RAM
Network Adapters
Atheros AR 5B95 Wireless Network Adapter
Atheros AR8132 PCI-E Fast Ethernet Controller
I just received a 2 tb drive for my server to be. The pc is a P4 3.06 ghz with 4 gb of ram. I have found a number of posts on this forum, as well as on the net in general, about setting up a file/print server at home. What I want to be able to do is to access my server through the internet from my office computer (windows 2000) How can I do that? I have not yet spent much time trying to decide which distro I will use. It seems that a number of them are suitable for this purpose, so I just plan to try several from a live cd and then choose one.
View 1 Replies View RelatedI am new with IP tables stuff and i have a problem....i have a pc Contain a fedora OS and i want to make a small network (4 PCs Contain XP OS) and using the pc of fedora OS as a firewall i want to Prevent the ping (i think it called(ICMP)) in the privat network and prevent one of the PCs from Browsing internet(prevent port 80 and 81 as i think) and i still don't know how to make the internet go Through the firewall to the private network...
Note: WAN = eth0
LAN = eth1
How can I block access to a certain internet site using ufw? Let's say I want to block access to www.xxx.zzz (IP 1.2.3.4) to any program and user; using iptables I can do
sudo iptables -A OUTPUT -d 1.2.3.4 -j DROP how can I do that using ufw? if ufw can not do this, where should I put this rule to persist it over reboot, without interfering with ufw chains infrastructure?
I would like to access my NSA-220 Plus through the Internet without having computer turned on. I tried to set it up as a FTP server but I was not successful. I tried few tutorials but all allow me to access NSA-220 Plus only within my home network which is not what I want. Also I tried user manual which does not really tell you how to do this.
View 2 Replies View RelatedI'm in the situation where I'm trying to create 2 private networks using ESX server, all behind a NAT router (static ips are used). I used an openSuse11 vm as a router and was able to configure it so that a machine on one private network was able to access the public network. The problem I have now it that I need to be able to access a machine on the private network from the public network using a different set of IP's.
So if a machine in the private network has an IP of 10.1.0.222 I should be able to ping it using 10.99.0.222 or some other IP. I have never done this before and after reading up on iptables and linux routing I feel more confused than before. Is it possible to add IPs to eth0 (public) and have them mapped to machines on a private network eth1 or eth
I have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses.I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
View 9 Replies View Relatedis this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
I've searched the forums (250 thread limit) for a fix on this, but all the questions seem unanswered or unrelated. My situation is this: I'm running Ubuntu x64 10.10 'Maverick'. I have a cablemodem connection for my Internet access. I have home network running on DD-WRT with the dreadful Linksys WRT54G series router.
My DD-WRT router is 192.168.1.1, subnet 255.255.255.0.
My Linux box is 192.168.1.61, subnet 255.255.255.0.
I have a VyprVPN connection set up successfully on Linux. Mostly everything works great, speed's fine, latency is what I expect it to be. Except... I also run an SSH server to remotely admin the box at port 22, an Apache server running over SSL at port 7001, and a Transmission web client at port 7002 (only secured by basic HTTP realms auth). All of these things worked before I got the VPN working, I'm of course using NAT at the DD-WRT router.
The endresult I am looking for, is to have the security and protection of the VPN (even if it's only perceived) for everything I do on this machine -- EXCEPT on Apache, the Transmission web panel, and the SSH server, which I want to access from the outside world. I have no firewalls running or configured, not even iptables, not even the SPI firewall on DD-WRT. All connections to the aforementioned services from the outside world timeout coming in to the Linux box. They all work from inside my home network (182.168.1.0/24). In case it's needed, he's my routing:
[Code]....
How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies View RelatedIs there any way to find the time required for accessing a block
from disk?
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.