Networking :: Block Multiple Port From Lan Going Out The Net?
Aug 21, 2010
how to block multiples ports from my internal lan going out to the internet?, I want to prevent LAN user's in accessing this kind of ports for example port from 1500-10000.
im making a personal firewall script, im just testing it for just curiositie's sake.
will i use the foreward chain policy?? to drop all packets, like port 1500:10000
note '#' stands for root
#iptables -A FORWARD -s 192.168.0.1/24 -p tcp --dport 1500:10000 -j DROP
#iptables -A FORWARD -s 192.168.0.1/24 -p udp --dport 1500:10000 -j DROP
Recently I discovered that we were accidentally running a POP server (port 110), when we only should have been running the encrypted version thereof (port 995). This wouldn't have been a problem if the port was blocked in the first place. I had wrongly assumed that any port NOT specifically listed in one's firewall rules (CentOS 5 with default iptables installation) would be blocked. I thought you had to add a rule to /etc/sysconfig/iptables in order to open up a port. Apparently this is NOT the case. So is it true that if I install some random software that starts listening on any number of ports that I have not specifically mentioned in /etc/sysconfig/iptables that it will not be blocked - it will work right away?
Anyway, I guess two questions: 1) What's a generic way to block a specific port? I use rules like this to "open" ports (although is this not needed if they're open anyway?) -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT What's the analog of this kind of rule to *block* a port? 2) Is there a better way to configure iptables to block all ports that are not mentioned in its configuration? Is that dangerous? (will it block things that I don't want to block?)
I have a system running 9.10 configured with Firestarter acting as a router. We have multiple Xbox 360's on the network. Unless some ports are forwarded, the Xbox has a NAT type of "Moderate". I have been able to set an Xbox with a Static IP and forward the necessary ports for that IP, which allows the Xbox's NAT to become "Open." My question is, how do I do this for multiple Xboxs? If the follow the same procedure for additional Xboxes, only one Xbox at a time can have an "Open" NAT type, and the rest would be "Moderate". The ports the Xbox uses cannot be changed via the Xbox.
I am unable to create above vsftpd site with port '21'. Below is the problem,
# vsftpd vsftpd-site1.conf & [1] 14448 500 OOPS: could not bind listening IPv4 socket
I wonder, i can able to create above FTP site with another port (example, listen_port=60001 ). In Linux(vsftpd), can i use default ftp port '21' for multiple FTP sites?
In SuSE firewall0. I do have a openSuse 11.4 and multiple IP addresses on eth0 interface
I run (trying to/have to) multiple TOMCAT servers.
I am trying to have each tomcat instance listen to on separate IP address for example:
What i am trying to do is to redirect
a) tomcat 1 -
a) tomcat 2 -
And so on.
I know that it has to be possible.
I do have just eth0/
Is is it possible. Do I have to create "vittual interfaces"? eth0:1, .......... and do redirection ?
"Server" has got just single interface - just 1 ethernet calbe goes to that server. I am planning to have 10-15 tomcat's on that server (I have to unfortunatley) and each has to run on port 80
Is it possible to "grant" permissions to normal users to run app on port 80 - that would solve me lots of problems if impossible to redirect.
I tried to setcap 'cap_net_bind_service=+ep' /path/to/tomcat ...... but no luck
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused while nc -v -w2 -z localhost BBBB
I run SSH on a publicly open server and see following attempts in /var/log/auth.log which I was told by some one could be port scanning attempts.(Not sure though)
Code: Nov 18 23:50:19 server sshd[21716]: Did not receive identification string from 186.0.80.197 Nov 19 00:05:57 server sshd[24056]: Did not receive identification string from 85.108.110.66
I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.
So now I'm struggling a bit with Iptables. Basicly what I'm looking for is how to block all ports but 80 in this last subnet with iptables.
I would like to allow incoming and outgoing connections when I'm connected to a wired connection, but drop it otherwise. I noticed that ufw can't block outgoing traffic because of will I give iptables a try. I'm unsure if dropping packages that are outgoing will work, the rule after the block rule will allow all outgoing connections.
This what the rules are intended to do, unsure if that is actually the case. Allow all loopback traffic. Allow ping replys Allow incoming on port 12345 if eth0, deny otherwise. Allow outgoing on port 12346 if eth0, deny otherwise.
Code: iptables -A FORWARD -j DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p icmp --icmp-type 0 -s -m state --state ESTABLISHED,RELATED -j ACCEPT
I had installed opennms im getting email alert when all port are getting down and i also getting pop and imap messaage to whn th eport get dwn i want to stop asap mesage of pop3 and imap..whether its poasssible to block partilar imap and pop3 port .
tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
I am running a ubuntu server 10.10 with SSH, and OpenVPN. I use it mainly for the VPN, but I have seen log in attempts such as:
Mar 22 14:52:53 UbuntuSvr sshd[2397]: Invalid user support from 85.217.190.69 Mar 22 14:52:55 UbuntuSvr sshd[2399]: Invalid user student from 85.217.190.69 Mar 22 14:52:57 UbuntuSvr sshd[2401]: Invalid user transfer from 85.217.190.69 Mar 22 14:52:59 UbuntuSvr sshd[2403]: Invalid user user from 85.217.190.69
[Code]...
Is it possible to make it so when some one has tried logging in 5 times with an invalid user/pass that the ip is banned for 10 minutes? I have password auth set to no and am using keys.
can we block email address in a way that a user cannot login into multiple systems simultaneously, so that if a user logs in into a system (with ip address 192.168.1.22)and if he tries to login to into another system at the same time(with ip address 10.0.0.5) his previous system(i.e 192.168.1.22) has to logout automatically. Is there any predefined scripts for this.
I am having a web server (apache) and 3 sites are hosted in it, named as www.web1.com,www.web2.com and www.web3.com. I need to restrict www.web2.com to Internet users and allow only to local network. At same time I need to allow www.web1.com and www.web3.com to both Internet and LAN users.
I run a small home server (Debian 4), which acts as my gateway to the internet (ie, firewall) and runs a web server, dhcp, dns, and acts as a file server to the rest of the machines on my home network. Now I know it's never a smart idea to have all those services running on the same machine that is acting as a firewall, but I don't fancy running multiple servers just for home use, as it's mainly allowing me to learn system administration.
I noticed a few days ago that my internet had become unbearably slow, to the point where I could sometimes not load web pages. I spent a while searching through log files on my gateway, to try and find out what was eating up all of my bandwidth. When I came to apache's access.log file, I was confronted with this:
Multiple requests to my server, for totally random websites. I didn't even know it was possible to make those types of queries to a webserver. The only thing that is on the web server is a browser based torrent client. I have only shown a small snippet of the log file, but there are around 90k lines to different web addresses, from many different IPs. What I want to know, is what is happening? :S Why is someone querying MY web server, for web sites totally unrelated to it? And most of all, how can I stop it. My initial was to try and use iptables to block multiple requests from the same ip within a certain time frame, which I think would work as the server shouldn't really get many queries from external networks.
I have suspicious requests in my haproxy logs from multiple sources to the same target. I could deny them in /etc/hosts.deny, but there are too many to keep track of. Is there a way to deny all requests to a specific target either in haproxy or through iptables?
Here's an example of the request: Apr 12 15:11:37 127.0.0.1 haproxy[28672]: 41.105.42.150:27072 [12/Apr/2011:15:11:37.315] web_servers frontend_farm/######## 3/0/1/1/169 404 1073 - - --NI 3/3/2/1/0 0/0 "GET /images/comment_icon.gif HTTP/1.1"
I've commented out my amazon instance id for security purposes. The request is for comment_icon.gif which does not exist. All requests go to that. The source IPs are from different countries as well. Blocking a certain country won't work either. Basically, if there was a way to send all requests for comment_icon.gif to /dev/null or something it would work.
I have 2 xbee explorer USB boards hooked into my Acer Netbook running 10.04.e successfully mapped the /dev/tty/USB0 and set it up as com2 to use with X-CTU XBee software. It works. WHen I try to have a 2nd USB explorer board and do the same mapping thy both show as the same manufacturer so the same address(006). Even though the second reads as /dev/tty/USB1. Has anybody ran into this situation as well
A deamon say ssh will be listening on port 22. when a new connection is requested by the client, it will be authenticated and a new connection gets establihed with some port say 1025. And ssh will continue to listen on 22 for new connections.If I am correct then in my machine I observed following connections are establised to ssh port 22, As per my understanding connection should be established on a different port other than 22.
Is there any limitation to the number of transactions through a single port if so then if we assign multiple port to that particular service then the performance is increased (what i suppose)
so: Is there any way to assign multiple Ports to a single service. like for a web server the main service is httpd or some thing like that to be running on the server and now if we assign multiple ports to that service then the performance increases.
I'm attempting to write an application that needs to read and reply to messages that will appear via 3 different methods:
1) Standard serial communications 2) TCPIP over serial via PPP 3) TCPIP over Ethernet
The problem is that I'd like for the application to be able to receive packets from any and all of the three interfaces simultaneously. I shouldnt have much trouble with performing #1 and #3 at the same time, as I think I can just get a file descriptor from termios and another for a socket and then use select to wait for data. But #2 is problematic.
First I dont know how to set up a socket that uses PPP as the data link layer. And secondly, (here's the big one) this PPP data is coming over the same port that the serial data is. There's no chance for data collision, and I am guaranteed not to receive another packet until I respond to the last one (in the same protocol at that) but incoming packets may or may not be PPP/TCP/IP framed.
My app will act like the PPP client, so I was just thinking "somehow" that I could run a standard termios application on the serial port which would begin to interpret the packet. If its PPP framed then it would have to get passed to a PPP client, which would be listening to my application rather than a physical port. And I have no idea how to do that. Is there an API available that will help me with the PPP packets?
How hard would it be to write a device driver that simulates a serial port. The device can listen on a real serial port, interpret its contents to an extent, and then distribute the incoming data to multiple "virtual" serial ports, which the main application can then listen to for incoming traffic.
everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:
ssh user@ssh_server -R 5500:localhost:5500 -p 22
I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...
Exim: Is there away to block command when someone telnets to exim's port? Email won't send out unless they authenticate, but if there a way to total block them from typing all together, but still allow the server to receive email? IE, to block this:
I was having trouble setting up a db connection from my local machine to a db server that was configured to only accept connections from machines behind its own subnet. I had trouble setting up a multiple hop tunnel for chaining port forwarding through my firewall machine on the same subnet as the db. My first attempt involved two port forwards, on localhost and on the firewall machine, which didn't work for me. This approach I found at URL... involved constructing an end to end connection to the db via the firewall machine.
I have forwarded ssh and rdp protocols in the router which is in remote location. And i aslo configured dhcp reservation for my windows server's ipaddress. I have added that reserved ipaddress of windows server in the RDP port forwarding ip. And i connected to windows server through remote desktop with the ipaddress of the router because i needed a public ipaddress to connect. And now i am going to add my linux servers ip also to dhcp reservation and forward ssh port and give that reserved ipaddress. can i connect to linux server with same public ip that i used to connect for windows server?
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
I make an application on GNU/Linux which listening on a MULTICAST stream, so I open my unconnected socket, bind it on a MULTICAST address and a port, join the multicast group with the "setsockopt (IP_ADD_MEMBERSHIP)", then I receive datagram on my socket.
Now I've two different instances of the same application that run with their own MULTICAST address and port. And what I found strange is that, after a misconfiguration, I switch the ports, for example:
Emitting on 225.0.0.1/23451 and 225.0.0.2/23452 Receiving on 225.0.0.1/23452 and 225.0.0.2/23451
And my receiving part doesn't care about the MULTICAST address, it looks like the socket is listening on the port number only! I mean that the receiver [225.0.0.1/23452] take its datagrams from emitter [225.0.0.2/23452] and vice-versa!
