This is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies View Relatedi have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
I have problems with iptables :
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#
I need stopping a SYN ddos attack... but iptable rule don't work...
In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.
View 5 Replies View RelatedI'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :
Rule 1 : Mark all packet coming from 192.168.2.0/25 with number 1
Rule 2 : Drop all packets which has been mark with number 1
I've been trying to add a redirect iptable record but each time I add it, it appears to add successfully (meaning it doesn't throw me any errors); yet when I run 'iptables -L' I can't see it listed:
iptables -t nat -A PREROUTING -p tcp --dport 82 -j REDIRECT --to-ports 8081
I also tried to do a DNAT redirection but this too, executed successfully but did not show in the list:
iptables -t nat -A PREROUTING -p tcp --dst 0.0.0.0/0 --dport 80 -j DNAT --to-destination 10.10.10.10
Am I missing something or am I not applying the rule correctly?
I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
I have installed squid as my proxy server in ubuntu 10.04 standalone system..Why i have installed squid in standalone sytem is, my friends used to access my system to browse sites and download files..So i have installed squid to block porn sites and downloads..But they simply bypass the proxy by disabling it..I know there is some way to force all browsers to go through proxy using iptables..But how to acheive it..? Is the below command suits my need..?If not what modification should i do..?
Code:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
I have samba running on 192.168.100.209 and I am trying to open samba ports only for hosts in 192.168.100.0/24 network.. I have added following rules to iptables. But still I am not able to connect from machines from 192.168.100.0/24 network
Code:
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 445 -j ACCEPT
What's wrong with the above rules ?
tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies View Relatedfirewall server which runs on Debian and then theres windows 2003fileserver. On this machine runs as well SQL server. Letssay it listens to port 1000. From other windows machines I want to connect to this Sql server which holds library database for users. But the connection cant be made. Possible error that firewall Debian machine want let the packets through.So how to I add a rule into iptabels (what file to open and edit?) So that all localconnections to the server lets say which is 192.168.0.2 and the firefall machine is 192.168.0.1 go through! So the connections allowed would be 192.168.0.3-255. How is it safe to do and how will it look like? Sql server uses TCP/IP connection. Heres what I found from web, I think this may be the right rule, but how i modify it correctly.iptables -A INPUT -p tcp -s 0/0 --sport 1000 -d 192.168.0.2 --dport .........? -m state --state NEW,ESTABLISHED -j ACCEPT
View 1 Replies View Relatedi had 1 server and its hostname is resolving fine.
i purchased 1 vps and its hostname isnt resolving.
for server1 say hostname is server1.domain.com
and for vps i add server2.domain.com
and when i ping my server2.domain.com i get Host Unknown error.
do i add Hostname and make it resolve in VPS.
i want to use hostname like server2.domain.com.
i want both server to have common domain name but diff hostname.
I've got a laptop I use for various things. I have one SATA HD with a number of partitions on it. It looks like this.
sda2 = System Reserved (Flag=boot)
sda3 = Windows 7
sda4 = extended
sda5 = Ubuntu
sda6 = WinXP
I started off with Win7 on there and added Ubuntu. Everything went fine and Grub added Win7 and I could boot to both. Since then I had to add WinXP. That wiped out Grub which I read it would. I tried adding Grub back which was unsuccessful so I just reinstalled Ubuntu which re-installed Grub, but not Win7 doesn't boot from the menu when I select it. Since then I've been trying to add Win7 and WinXP back into Grub with zero success. In addition I add the following which did not work.
[Code]...
I'm running 64-bit 10.04, upgraded from 9.10. The problem I am experiencing is that any user accounts aside from my main account are problematic. This includes any accounts I add, as well as the GDM guest session.The specific problems that I have thus far experienced are as follows:
1. The desktop loads often improperly. In the latest instance of this the graphics on the right side top panel were randomly chopped-up, leaving parts of my clock on either side of the volume control, among other things. 2. If I make ANY customizations to the desktop at all, the desktop takes nearly a full minute to load on log-in. 3. Flash videos don't work properly on Firefox. Sometimes they only play after refreshing a page, often they will not load at all. Also, attempting to load or play a flash video will sometimes causes Gnome or Firefox to crash. 4. (And this is the one that REALLY has me stumped) Whenever I log into my main accountant after logging out of another account, the IBus control appears in my system tray.However, when I open the IBus preferences the associated check box is (and has always remained) unchecked.Not sure where to go with this one. More than anything, the IBus bug makes me unsure of where to even begin looking for the problem.
Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
I want to know how to add (ports to open)in firewall using command or scriptor any ather method
View 4 Replies View RelatedUsing iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
View 2 Replies View RelatedHere's my setup: Slackware 13.1 External IFace = eth0 / DHCP (assigned from comcast) Internal IFace = eth1 / 192.168.0.0/24 I've made it connect/authenticate, but I can't get anything to route through it..
[Code]...
Really wanting to try and get this setup to where all computers on my lan are forced through the VPN, i've tried most of all things I've googled, and no real luck.
My internet gateway is 192.168.1.1 with a 255.255.255.0 subnet mask. I have a router connected to it running ddwrt with an ip 192.168.2.1/24 creating a second subnet behind it. I have a tenant moving in that will be wirelessly connecting to the ddwrt router, so to the 192.168.2.0/24 subnet. What I am looking for is a rule that will pass internet traffic to and from this client, but restrict him access from the 192.168.1.0/24 subnet otherwise. The ddwrt router is connected to the 192.168.1.1 gateway through its wan port, btw. For example, the client would get an ip address of 192.168.2.100 wirelessly from the ddwrt router. I want him to be able to surf the internet through the 192.168.1.1 gateway, but not to have any other access to the 192.168.1.0/24 subnet (ideally not have access to ANYTHING besides the internet).
View 4 Replies View RelatedIs there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.
View 1 Replies View RelatedI configure IPtable on RadHat as firewall and i want to allow for IP Phone using SIP protocol.I already allow port 5060 for IP Phone using SIP Protocol and I can call out.The problem is:
1. I can call out and in but when they pick up my call they hear what i'm saying but i can't hear they are saying.
wrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?
View 2 Replies View RelatedThis is my first use of Ubuntu, but I have previous decent experience on Centos & Mandriva. I've just installed Natty 11.04 on a box that was running a mandriva 2010 - and the network is acting quite strange. When I define a static IP for eth0 through the gui, along with route & dns, it sort of works: ssh is fine, vnc too. However, I have an asterisk running on the box, and it is wild: some packets get lost in the box.
An ngrep shows the packets reaching the interface, but they dont show in asterisk !!! I've done a ufw disable, iptables is empty (why cant I service iptable restart btw ?). ip route list show decent routes (eth0 default); When I switch to DHCP, it is better, but unstable... If i plug a wifi usb stick, it seems to be better... Is there some known issues that could explain this behaviour ? The nic is a: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller
i'm new in linux world i would like to know how can i add the rtp protocol to my iptables rule for Netfilter firewall,but without installing the asterisk server
View 1 Replies View RelatedUnsure about IP tables lingo, so excuse me for not looking this up:I have a server, running IP tables, that I do not want to allow any type of outgoing traffic to 192.168.1.21
View 3 Replies View RelatedI'm trying to set my network interfaces so that they don't get random every boot.(eg assign eth0 to a network interface with a given MAC addr, and eth1 to the other one)I trew in a udev rule (in fact just modified the rules that was automatically generated and set the ethX in it) but the system ignores my udev rule.What am I missing ?Here is all the info :
Code:
$cat /etc/udev/rules.d/70-persistent-net.rules
# This file maintains persistent names for network interfaces.
[code]....
I have 2 LANs in my network. They are:
LAN 1: 192.168.0.0
LAN 2: 192.168.1.0
Both LANs, communicate with each other. And both have an application server. In LAN1, I can access the web server, internal and external. At LAN2, only works on the internal network.The rule that I'm using is as follows: iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.1.254:80
This rule works for LAN1, but not for LAN2. Anyone know what that is can be lockin access?
Loaded up Centos 5.5 final. Configured iptables to block regions of the world based on networks. An example would be:
-A INPUT -s 139.82.0.0/16 -j DROP
My /etc/sysconfig/iptables file contains about 10k entries like this. If I use this, the machine lags hardcore network wise.
I've setup ufw rules on my system but noticed that the rule i created to allow traffic from my local network is still dropping some RST packets.here's part of the output of dmesg
[43627.361500] [UFW BLOCK] IN=wlan0 OUT= MAC=00:16:ea:03:9c:3a:00:1f:a7:3d:d5:eb:08:00 SRC=192.168.0.4 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2210 PROTO=TCP SPT=59521 DPT=9000 WINDOW=0 RES=0x00 RST URGP=0
[code]....
