Link 1 = my network [url]
My network:
Subnet 1
Subnet 2
When someone creates a network loop (a cat 5 cable is plugged into two ports on a switch), the 2 subnet get flooded and become very slow.
How can I prevent subnet 1 from getting flood if someone create a loop on subnet 2.
- eth2 go offline automatically until the network loop is canceled.
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.
View 14 Replies View RelatedI am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedI need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies View RelatedFriends i have an idea to broadcast few local TV channels to the world via internet.But friends i can't directly broadcast from my country because of bandwidth.friends is there a way to do this through a remote server server? i just need to input my stream to a remote server and then broadcast it from the server.I can stream channels to the server from my country through a 10mbbs connection.
View 2 Replies View RelatedHow I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies View RelatedI've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?
Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.
I want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies View RelatedI launched my website. At the moment the site has an firewall (iptables) enabled with very simple rules. All incoming traffic is blocked, except for the ports http and ssh. Everything is working perfect, but I want also to be able to block certain kinds of attacks. There are some really good examples on the internet, but I don't now if they contain all kinds of attacks which are relevant to my situation. To be clear, I only server web content through port 80 and use ssh to remote login.
View 3 Replies View Relatedtell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies View RelatedI am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I would like to know the blocking methode In a Firewall or a Router.whether i will be done by Protocol wise, ho? or it will done through Host wise, How ?
View 2 Replies View Relatedall I get is the broadcast address can be used to send packets of information to all computers on a network simultaneously. Can that be used during MPI programming or anything of the such? What is the day to day use of the broadcast address?
View 3 Replies View RelatedThis is not a linux specific question more of a general network issue with the hope that someone may have already done this under linux.My problem:I have a red hat linux machine transmitting IP multicast packets onto an ethernet gigabit network (cisco switch).Wireshark (running on a different red hat linux box confirms packets on network.
View 4 Replies View Relatedi m setting up a linux server and i have to setup ip , in static mode. so i know everything except those two things. how do i calculate them?
example ip:200.49.142.91
submask 255.255.255.248
gateway 200.49.142.89
I need to configure network. I have configured a labtop "1" as a wireless Access point. And connected 2 laptops. I want to broadcast from a labtop "2" a video and read it on labtop 3. This broadcast will be done first time using VLC server then using apache server.
View 2 Replies View RelatedHow do I calculate broadcast adrress if the address space is 192.168.36.16/28 then what would be broadcast address.
View 7 Replies View RelatedI have a Dell Vostro 1400 with a BCM4311 Broadcom wireless card that I just reinstalled with 11.04 from 10.04. I have the drives installed and it seams to be working when i run the 'Additional Drives', but I can't get the wireless adapter broadcasting. I followed the instructions given in the knowledge base on installing Broadcom Wireless, to see if I could get it running and that is where I saw the difference between the example and my computer when writing the 'sudo lshw -C network' command. In the example it said it was broadcasting under configuration (just like my wired networks below) and in mine it does not (see below for copy past).
I can't find a tickbox in the systemtray to enable the wirless networking that I had before the update to 11.04 (the 'Enable Networking' tickbox is still there and the wired network works fine - that is how I got online to do this post). I have the hardware switch turned on and I have been in the BIOS and made sure that the Wireless is enabled.Anyone who knows what could be wrong? Where could I go from here?Quote:
morgan@morgan-Vostro-1400:~$ sudo lshw -C network
[sudo] password for morgan:
*-network UNCLAIMED
[code]....
I have a router and when my Debian machine connects I get "null" as the host name. How can I get it to display the host name?
View 11 Replies View RelatedHere is my problems :I have two networks :1. LAN (10.1.x.x subnet 255.255.0.0), and2. my internet public (IP 202.xx.xxx.xxxx subnet 255.255.255.240)I have an application in my LAN PC (10.1.2.240) which broadcast udp packet to its client. The client in my LAN can receive the udp packet, no problem.My question is how netcat/socat can RELAY the udp broadcast packet to one of my IP public address so the message can be received by other client from internet ?
View 5 Replies View RelatedI am basically from system side and often confused about the calculation of the IP addresses.Just i want to know that what how can i calculate the following of a IP Address:
(1) Available IP in a Network
(2) Broadcast IP
(3) Network Prefix or Net Mask
I am attempting to install BrainStorm from source. ./config ran with no errors, however this it the output from make
View 4 Replies View RelatedI'm using F15 with two nics, each on different subnets 192.168.1.0/25 and 192.168.1.128/25. My issue is that on boot my 192.168.1.2/25 interface sets a broadcast address of 192.168.1.255 which is incorrect I believe. Its broadcast should be 192.168.1.127. I've tried setting the broadcast param in ifcfg-p3p1 file "BROADCAST=192.168.1.127" with no benefit.I can change this after boot of course, but that removes my default gateway for some reason.
View 2 Replies View RelatedI'm looking for a solution to broadcast messages on the network. All systems are Linux / Ubuntu.
It would be used in case the server has to be rebooted. It saves me a walk to every office in the building.
So I just changed my network card settings recently, and I'm now getting no response when I ping the broadcast address for them... the cards are all connected through a switch with IP addresses 192.168.0.x, broadcast 192.168.0.255... ifconfig on all of them shows UP BROADCAST RUNNING MULTICAST, but nobody responds to a broadcast packet. Any thoughts?
EDIT: Pinging each machine individually works fine.
When setting up an alias for eth0, the interface works as expected for normal traffic, but does not receive broadcast traffic.
Host 1's setup:
Code:
Pinging host 1's normal interface from host 2 works as expected:
Code:
Pinging host 1's alias interface from host 2 works as expected:
Code:
Broadcast pinging from host 2 only gets a reply from host 1's real interface (as well as some other uninteresting devices on the network):
Code:
I have confirmed by listening on both interfaces using netcat, and broadcasting using netcat, and again only the real interface receives data.
Is this by design, or is it possible to get interface aliases to receive broadcast traffic?
I dont know the difference between these topics.
View 1 Replies View Related