Networking :: Https://hostname:8834/ Is Blocked By Iptables?
Jul 22, 2010
https://hostname:8834/ is blocked by iptables ?
I have nessus application is running in the target machine and the url
is https://hostname:8834/ - which is not accessible
But when i login in the target machine via ssh and check that this application and the service is running fine So i think it is blocked by the iptables in the same machine, where the nessus is running
I connect to the internet at work through an authenticating proxy, and to avoid having to enter the proxy info into every app I use (e.g. firefox, wget, kde, etc) I have set up squid as a local transparent proxy which authenticates and routes all traffic to the work proxy. It has been working fine, but lately I haven't been able to connect to any https sites. I don't think I have changed the configuration, so perhaps it is the result of an upgrade, or something badly configured on my system from the start. I have tried connecting to https sites without squid and iptables and it works fine. My system is Arch linux, and my squid.conf file is: Code:
acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https [Code]....
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
I have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
I am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:
Code: iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:
Code: iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
Code: iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?
I have a fresh installation of CentOS 5 I'm using for a server, and I'm having issues with port configuration. I have iptables running, and it started with no /etc/sysconfig/iptables file. I added a few basic rules (port 53, port 10000 for webmin), saved the file, and restarted the service. I tried connecting to webmin, scanned ports, and traffic was blocked. I set iptables to allow all traffic and restarted the service, and it still showed basically every port as being blocked. It seems port 80 and port 22 work for some reason, even when I tell iptables to block all ports.
I'm not sure what's going on here. Iptables is reading the /etc/sysconfig/iptables file, and if I use lynx localhost:someport it responds as it should according to the file. However, if I try connecting by IP, it's like there's some other firewall or something running that does whatever it's configured to do.....
Strange issue here when trying to verify firewall on Server 8.04. No ftp service running at all on server, but both nmap and netcat report port 21 as being open, even though it isn't.I am 100% sure that port 21 is not actually accessible and iptables rules are fine. Trying to connect to the port fails, yet nmap and netcat seem to report a "false positive"?Have also checked on a number of other servers I'm running, and this "false positive" seems to apply to all of them.
I have a network of 2 WinXP machines and one linux box. I have fiddled around with the settings as you do when learning. The network is working. The network neighbourhood on the WinXP machines recognise the linux box and vice versa, (the linux Places|Network recognises the 2 WinXP). I can Ping the linux box using its hostname from a WinXp. But I cannot do the reverse. I get an 'unknown host' response. I can ping the linux to itself using its hostname.
I'm having an issue on two Fedora Core 13 machines where I can ping others by hostname, but the hostname resolution fails whenever I use ssh/scp/vnc/etc. I can still do these things by IP address, just not by hostname. RHEL5.3 machines on the same network with the same configuration do not seem to have this problem.
Here's the not-so-quick-and-dirty description of the situation:
I know that there is a virtual router at 192.168.31.1 and another at 192.168.30.1. I also know that there is another network (let's call it 90.90.90.0) and on that network lies a number of resources. By nature of this configuration, any machine on 90.90.90.0 can be accessed by any 192.168.x.x, but not the other way around. Beyond that is out of my hands and currently out of my scope of knowledge.
I have a dnsmasq server on 90.90.90.10 that operates as a secondary nameserver, another machine out of my sphere of influence is the primary nameserver (90.90.90.31).
The secondary nameserver on 90.90.90.10 holds the hostnames of our development machines. The problem is that in some cases, while I can ping by hostname all day long, services such as ssh, scp, vncviewer, etc all fail to resolve the hostname. In other cases I can do all of these things.
Every machine has an equivalent resolv.conf:
As an example, I will show the output of a handful of my development machines:
I also included columbia as a one-way test -- even though it cannot access 30.x or 31.x, they can access it:
columbia -- physical machine, Red Hat Enterprise 5.3, IP 192.168.100.200
Okay, so here are the various outputs. Remember, nibbler, discovery, and atlantis can ALL: - Ping by IP address - Ping by hostname - ssh, scp, vnc, etc by IP addess
Additionally, the SERVFAIL reply from 90.90.90.31 is expected since my dnsmasq server is on the secondary server.
Note that the only machine that can both ping and ssh/scp/etc by hostname is nibbler, which also happens to be the only one of the three running RHEL5.3 instead of FC13. Other virtual and physical machines running on the 192.168.31.0 and 192.168.30.0 networks (all running RHEL5.3) work just like nibbler does. So the problem seems to only affect machines running FC13.
Final note: selinux is disabled, iptables is disabled, ip6tables is disabled.
Other than that, discovery is a brand-spanking-new install straight off of the FC13 DVD. atlantis has been around longer, but its just a file server so I haven't done anything too crazy to it.
I'm trying to ping another Ubuntu computer on my local network. If I try doing,ping <hostname>then I get the messageping: unknown host <hostname>however, if I doping <hostname>.localthen I get a response back. I was wondering how I can change it so that I can ping without having to append .localI've installed winbind and modified my /etc/nsswitch.conf file but this has made no difference.
I have an ubuntu 10.04 server with hostname "abc.domain.com". However, due to migration, we had to change to hostname to something else, "xyz".
I have done changing /etc/hosts and /etc/hostname and run /etc/init.d/hostname start.
Checking the hostname and all shows it is now using hostsname of xyz. However, email sending out is still using old hostname. We have some scripts that will send out alerts like failed rsync or hdd space full to my email account. But I see the sender is still "root@abc.domain.com".
How do change that to xyz? I am using postfix. I have edited main.cf and restarted postfix but no go.
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
So I set up an Ubuntu 10.04 server with apache2 installed, but for some reason I can't get to it from my browser. the iptables have all changed directories in 10.04 so I can't find the iptables. Apparmor wasn't the problem. The network hard ware is not the problem.There is something inside of 10.04 that is blocking port 80. I can ping it all day using the ip address but when I ping it useing http://ipaddress it can't find the host
I dont know how, but somehow all the ports on my comp appear to be blocked except for 24, for ssh and 5900 unknown. I can connect to the network, but as far as I can tell, I'm powerless to do anything. No webpages load, I'm typing this on my phone.
In my Ubuntu 9.04 installation, just a few days ago, I lost my usage of the internet. I still had internet access. Firstly though, there was a problem with the router, so I tried a friend's router (both Netgear DG834) and the friend's one worked. But in Ubuntu, I could not access any web pages or email. Skype works.
I tried using my netbook and that could access web pages okay. So then I booted my main PC into the old installation that I kept there of Ubuntu 8.04, which I am using now. And in this the internet works just fine, I can access websites and download and send email.
But in Ubuntu 9.04, it seems like something is blocking my access. I do not recall installing anything new, although something may have been updated recently. I can see the DNS servers from Ubuntu 9.04 and it gets an IP address from the router. What is the likely cause of the Internet being blocked for websites and email (but not Skype)?
The firewall in Fedora 12 seems to block UPnP by default, but opening port 1900 for UDP, as I have seen suggestedes not resolve the problem.have the following three scenarios:Firewall Enabled: Transmission cannot open a port by UPnPFirewall Enabled (1900 UDP allowed): Transmission cannot open a port by UPnPFirewall Disabled: Transmission opens a port via UPnP fineAny ideas? Yes, the port that I'm trying to open is also allowed. Router is a Linksys BEFSR41 v4.3, should you care
I recently installed the XRDP server on my desktop edition of Ubuntu v10.04 following the simple instructions available here. I did this on two computers. One computer has Firestarter installed while the other does not.
When I use Windows to connect to the Ubuntu box without Firestarter, everything works just fine. However, when I try to connect to the one running Firestarter, I get a pop up showing an error message (see the attached file).
I checked the incoming rules in Firestarter and I don't see a way to add RDP sessions to the list of exceptions. I also tried adding my IP address in the host section but this too didn't help the situation.
In my work I am trying to connect my home server behind symantech gateway but I cannot but when I try to connect with telnet to ssh port I can make connection.How can I connect my server via ssh client.
Last night I installed all the updates that were available for CentOS. Today, I discovered that all connections to port 25 (Sendmail) are being blocked except connections coming from localhost.
I tried disabling the firewall to see if anything would change but it is still blocked.
If it is not the firewall doing the blocking, what else might it be?
Recently I discovered that we were accidentally running a POP server (port 110), when we only should have been running the encrypted version thereof (port 995). This wouldn't have been a problem if the port was blocked in the first place.Isn't the default iptables setup on CentOS to block unspecified ports? Specifically, this line from /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Right? Well, this doesn't seem to be working for me. I added some rules to allow additional ports and commented out a couple (crucially port 110), but for some reason, port 110 is open.Here is /etc/sysconfig/iptables and the output of iptables -L below that:
# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0]
[code]....
Why isn't "-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited" doing what I think it should be doing?
I am running a Linux firewall (IPcop) to bridge two networks. Hosts on network A have to use a proxy server in order to get online. This server runs a transparent proxy (squid) configured to use the proxy needed to connect to the internet as an upstream proxy, therefore meaning all the hosts on network B can connect to the internet without the user having to configure a proxy address.
The problem is that HTTPS also has to go through the upstream proxy, which I'm told can't be proxied by my server transparently because of security issues. This means that hosts on network B can't currently access HTTPS sites.
