Networking :: Using Ip Tables And Rules, Will Be Able To Make All Three Of These Able To Handle Traffic?

Mar 22, 2011

I have a machine with 3 internet facing nics, all of which have static IP's. The IP's are all in the same subnet, and use the same default gateway.Using ip tables and rules, will I be able to make all three of these able to handle traffic?I have the following configured, but it doesn't appear to work:

# ip rule
0:from all lookup local
500:from 72.43.220.146/29 lookup 1

[code].....

View 5 Replies


ADVERTISEMENT

Ubuntu Security :: Redirect All IP Tables Rule To Forward UDP Traffic?

May 16, 2011

How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?

View 1 Replies View Related

Networking :: Error - Man/Makefile.am:11: `%'-style Pattern Rules Are A GNU Make Extension

Jun 24, 2011

I am facing an error when I run the following command.

Command: autoreconf -i
Error: man/Makefile.am:11: `%'-style pattern rules are a GNU make extension

[code]....

I'm using Fedora Core 11 on Dell Machine Precision 360

View 3 Replies View Related

Security :: Connection Between Traffic Control Rules & Chkrootkit Threat Notifications?

Sep 25, 2010

Two days ago we started to receive the following message:

/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?

View 7 Replies View Related

Security :: Opensuse Susefirewall 2 And My Own Rules - Block Ougoing Traffic Except Some Apps

May 1, 2010

I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...

1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2

2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook

3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80

I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom

How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!

View 4 Replies View Related

Networking :: How To Make Outgoing Traffic Show From Different IP Address?

Nov 4, 2009

I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.

View 4 Replies View Related

CentOS 5 Networking :: Configure Firewall - Allow And Forward All Traffic On Eth0 And Block All Traffic On Eth1 Except Ssh Ping

Sep 29, 2010

I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.

View 1 Replies View Related

Networking :: Server To Block All Traffic But US Only Traffic?

Mar 15, 2011

I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so

Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT

[Code]...

After seeing that i went digging in the code and figured it was something todo with memory allocation.

View 1 Replies View Related

Ubuntu :: Make Vlc Handle Divx Videos?

Oct 25, 2010

I want to view ALL videos with vlc, however, when I remove totem-mozilla divx videos won't play (And end up complaining)

How to make vlc handle divx videos?

View 3 Replies View Related

Server :: PPTP Traffic - Gre Traffic Is Being Generated During The Browsing / Reduce Traffic

Sep 27, 2009

Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:

Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT

iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.

When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.

So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?

View 3 Replies View Related

General :: Make Rules In A Makefile - Debug

Nov 17, 2009

Does anyone know if it is possible to make rules in a Makefile that would work like this:

> make debug module
or
> make module debug

where module can be any module that has a specific rule in the Makefile.

The thing I have is a Makefile with different rules that I compile like this:

> make module

What I would like is to add an option so I can compile whichever module with debug-information just by adding a debug to the make command. The debug-information I know how to do, the problem is how to make the Makefile work...

View 2 Replies View Related

OpenSUSE Network :: Make The Iptables Rules Permanent?

Apr 23, 2010

I set up a squid transparent proxy and I have a problem with an iptable rules. I have a rule to redirect all request to port 80 to go on port 3128. To do so, I'm using this iptables command :

Code:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

This command is working like a charm. The only problem is, for some unknown reasons, this rule will be dropped at some point. I did not manage to identify what is causing this to happen. It occurs during night, but I have nothing about that in my log files. messages / firewall / ...) The only way I managed to reproduce this 'dropping' is this one: I type the command like as root. The command is effective and working fine. I open yast, I go to the firewall module, the I do a simple "save changes and restart firewall" (without changing anything). As soon as this process is finished, the iptables rule is gone.

-How can I make this rule permanent ?

-Is there a place where I can launch a script executing this rule, after the yast firewall module is 'touched' or something ?

View 3 Replies View Related

Networking :: IP Tables With 2 Routers?

Sep 1, 2010

I have 2 routers both with 5 network cards (both different subnets). On both machines I have the following configuration: Eth0 is the internet conection, Eth1 is the conection to the other router and the other network cards are for the subnets.My current Ip tables script allows all the subnets of one router to see each other but not the subnets of the other router.

In the new situation I want not all but specific subnets to see each other (no problem here)The issue is that some of theese subnets are subnets of the other router. For example the subnet of eth2 router1 should be able to connect to eth 3 on router2. This is were eth1 comes in play. My plan was to configure iptables so that in above example eht2 would be forwarded to eth1, which will forward to eth1 on router2.Then the iptables configuration on router2 will forward it to the network card of the correct subnet.

eth2 (router1) -> eth1 (router1)
eth1 (router1) -> eth1 (router2)
eth1 (router2 -> eth3 (router2)

[code]....

View 5 Replies View Related

Fedora :: Make Rules To Move Each E-mail To The Inbox But Still All Incoming Messages Go Straight To Trash?

Apr 1, 2010

Recently did a fresh install of F12, previously used F11 without any problems. Now Evolution move ALL received messages to trash automatically. I have had to make rules to move each e-mail to the inbox but still all incoming messages go straight to Trash.

View 3 Replies View Related

Networking :: IP Tables Port Forwarding?

Jan 8, 2010

We have one linux machine in the office which happens to be an important firewall. I just know the basics and need to make one changeEssentially it is forward mysql traffic to another internal machine.This is the original rule (forward to 192.20.0.17) which is working

Code:
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT -

[code]....

View 2 Replies View Related

Networking :: Open Ports In IP Tables

Jan 30, 2010

I would like to open some port from IN to OUT pop3,smtp.whenever i tried to add some rules to existing iptables it gives me an error.Applying iptables firewall rules: iptables-restore: line 21 failed

View 7 Replies View Related

Debian Configuration :: Torrent Traffic Very Slow / Make It Up?

Jul 10, 2011

I am running on debian squeeze 6.0.2. I have been using it for the last id say 3 weeks and really am enjoying it.

I generally use transmission-gtk to share files over the internet. Normally I seed torrents at 110-160kb/s for hours at a time. However after messing around with firestarter my upload speed for seeding torrents rarely peaks over 70kb/s. I have purged firestarter with no success of my regular upload speed, and am very confused as to what happened. I also notice sometimes when it will get to about 70kb/s it will immediately drop down to the 20-30kb/s range.

For incoming bittorrent connections I use port 37294. I have set port 37294 to be allowed in my firewall, and forwarded in my router (since purging firestarter did not help I just reinstalled it).

I have also read allowing ports 6881-6889 is important, but I have never done that in my history of using torrents, and I have never experienced a decrease in UL speed like this.

Have I done something incorrect? I have never had this issue on other machines?

View 2 Replies View Related

Ubuntu :: Can't Create File /etc/udev/rules.d/70-android.rules?

Jun 19, 2011

I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf

View 2 Replies View Related

Ubuntu Networking :: Ip Tables Point To Website?

Jan 22, 2010

i have an AP set up and would like to have all requests for a website sent to a specific ip address.. and am trying to get this to work in IP tables

user-->AP-->google.com

no matter what site they try to goto it takes them to [URL] i want to use this to require people to login to my server when they connect to my AP before they can go any further.

View 4 Replies View Related

Ubuntu Networking :: Edit System Routing Tables?

Apr 3, 2011

Where and how can edit Linux routing table?

View 4 Replies View Related

Fedora Networking :: What Does 'BGP Default / Metro / Full Tables' Means?

May 24, 2009

Could someone please explain what does "BGP default / metro / full tables" means?I have to sign a contract with my ISP for BGP peering, and I have to choose between those three BGP tables... What does that mean? If I choose only metro, will my IP class (the one I'm gonna route through my ISP) have access to the whole internet or will I be stuck in the ISPs metropolitan network?

View 7 Replies View Related

CentOS 5 Networking :: IP Tables Comment Module Causes COMMIT Fail?

Feb 12, 2011

IP Tables Comment Module Causes COMMIT Fail

/etc/sysconfig/iptables:
*filter
:CHAIN_X - [0:0]

[code]....

View 10 Replies View Related

Programming :: Apache Rewrite Rules - How To Make "not Some String" Rule

Jan 26, 2011

I am trying to create apache rule which will redirect each request not ending with .php prefix to php prefix. I am trying to make such a rule for hours, but none of my works.

Example: I don't know syntax of rewrite rules, but I'd like to make something like this:

RewriteRule ^(.*)(NOT .php) $1.php

(so everything not ending with .php will end in everything with .php extension.

EDIT: Maybe better question would be "how to negate string group" or "is not equal to string"...

View 4 Replies View Related

Ubuntu :: Internet Traffic Flow Monitor - Track Traffic Of Each Device

Apr 27, 2010

We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.

I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.

I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?

View 3 Replies View Related

Networking :: How To Handle Unmanaged Switch

May 10, 2010

I have seen there are some tricks to handle transparents switches using Nagios. Does anybody know if it is possible to handle unmanaged switches connected in daisy chain?In my network I have some devices connected in this way [switch]--[dev_1]--[dev_2]--[dev_3]

where "switch" is a managed switch" and dev_i is a device with an unmanaged switch inside (no snmp available). All the devices have an IP address. Is it possible to get the network topology with Nagios?

View 5 Replies View Related

Networking :: Telnet - Handle Control C ?

Aug 22, 2010

I am trying to use telnet from linux to connect to the port specified by me and trying to handle control C. But once Ctrl C is pressed the output on the client side stops showing. The server sends data but client doesnt print the same.

View 2 Replies View Related

Networking :: Nagios - How To Handle Transparent Switches

Jan 26, 2010

I'm configuring Nagios at the moment, but I'm doubting my approach to transparent switches a bit. It seems from reading the documentation that Nagios wants me to ignore transparent switches, although I also doubt this interpretation of mine.

A little example, a VPN:
Code:
demarcation point
|
[router]
/
[switch][switch]
| / |
[7 clients] [switch] [switch]
/ |
[6 clients] [4 clients] [5 clients]

As you can see, there are 22 clients connected to the router. Since switches don't have an address, they cannot be measured. But if I ignore the switches, the schema is an oversimplified picture of reality. So what I'm looking for is a way to display the switches, even though they don't have an address. What I did was, I created the switches as where they proper fully featured ones, and listening to 127.0.0.1 as address. Luckily, this tricked Nagios. And it works, but it's not very elegant. Is there a better way to approach this pseudo-problem? Perhaps a build-in I overlooked?

View 10 Replies View Related

Networking :: Vpn Server - Handle Different Nets Each Separated From The Other

Apr 2, 2011

what kind of dist/software would you recomend to use for a a vpn server that can handle 10 diffrent nets each seperated from the other if i connect with user1 i get on net1 and user2 gets on net2 the vpn server is always connected to the other location at all time i just want to be able to conenct in to my the net i want to the reason i dont want to go Destination is that the vpn server is gonna handle otherstuff that the nets will be conencted to input

View 3 Replies View Related

Fedora Networking :: CBQ/tc Rules Not Working?

Aug 15, 2010

I can't seem to get CBQ / tc working when I attempt to filter ip+port. It works when I just filter on IP though, I don't understand what the problem is. Here is my CBQ file.Quote:

DEVICE=ppp0,51200Kbit, 51200Kbit
RATE=512Kbit
WEIGHT=512Kbit

[code]....

View 1 Replies View Related

Networking :: Can't APPLY Iptables Rules

May 22, 2011

I added a few rules to my /etc/iptables.rules file and then used sudo iptables-restore < /etc/iptables.rules but i got an error saying "iptables-restore: line 29 failed".But the only word on that line.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved