I have problems with iptables :
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#
I need stopping a SYN ddos attack... but iptable rule don't work...
i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies View RelatedThis is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
i have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.
View 5 Replies View RelatedI'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :
Rule 1 : Mark all packet coming from 192.168.2.0/25 with number 1
Rule 2 : Drop all packets which has been mark with number 1
I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
I have installed squid as my proxy server in ubuntu 10.04 standalone system..Why i have installed squid in standalone sytem is, my friends used to access my system to browse sites and download files..So i have installed squid to block porn sites and downloads..But they simply bypass the proxy by disabling it..I know there is some way to force all browsers to go through proxy using iptables..But how to acheive it..? Is the below command suits my need..?If not what modification should i do..?
Code:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
I have samba running on 192.168.100.209 and I am trying to open samba ports only for hosts in 192.168.100.0/24 network.. I have added following rules to iptables. But still I am not able to connect from machines from 192.168.100.0/24 network
Code:
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 445 -j ACCEPT
What's wrong with the above rules ?
tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies View RelatedWhen i try to add value 150 on portflood section of csf,i get following error:
iptables: Unknown error 18446744073709551615 PORTFLOOD tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 state NEW recent: UPDATE seconds: 5 hit_count: 150 name: 80 side: source
Error: iptables command [/sbin/iptables -v -A INPUT -i ! lo -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 5 --hitcount 150 --name 80 -j PORTFLOOD] failed, at line 996
how is limitation with ip_recent where highest value for hit_count is 20,and how i need to modify and recompile ip_recent.But i was not able find anything about either modify or recompiling that module.I have cent os 5.4 64 bit,iptables are installed over yum.Also i have 4 servers with completely identical configuration,yet on two servers portflood works while on other two it reporting that error.Maybe it was different install cd which caused this,but again i dont know why this doesnt work since iptables version are indetical.
I am trying to install ns2.1b5 on fedora and I am getting the following error:
No rule to make target `VERSION', needed by `gen/version.c'
Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
So I am new to ubuntu and am trying to work with "iptables". I have ubuntu version 10.04, in the terminal I try to create a new iptable by writing: iptables -N chain but the response is: FATAL: Error inserting ip_tables......... also it says "you must be root", what does root mean?
View 2 Replies View RelatedI want to know how to add (ports to open)in firewall using command or scriptor any ather method
View 4 Replies View RelatedUsing iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
View 2 Replies View RelatedI'm using build root to make an embedded rootfs and compile some code. However I get the following error
make: *** No rule to make target `linux26', needed by `linux-fusion'. Stop.
Here's my setup: Slackware 13.1 External IFace = eth0 / DHCP (assigned from comcast) Internal IFace = eth1 / 192.168.0.0/24 I've made it connect/authenticate, but I can't get anything to route through it..
[Code]...
Really wanting to try and get this setup to where all computers on my lan are forced through the VPN, i've tried most of all things I've googled, and no real luck.
My internet gateway is 192.168.1.1 with a 255.255.255.0 subnet mask. I have a router connected to it running ddwrt with an ip 192.168.2.1/24 creating a second subnet behind it. I have a tenant moving in that will be wirelessly connecting to the ddwrt router, so to the 192.168.2.0/24 subnet. What I am looking for is a rule that will pass internet traffic to and from this client, but restrict him access from the 192.168.1.0/24 subnet otherwise. The ddwrt router is connected to the 192.168.1.1 gateway through its wan port, btw. For example, the client would get an ip address of 192.168.2.100 wirelessly from the ddwrt router. I want him to be able to surf the internet through the 192.168.1.1 gateway, but not to have any other access to the 192.168.1.0/24 subnet (ideally not have access to ANYTHING besides the internet).
View 4 Replies View RelatedIs there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.
View 1 Replies View RelatedI am using Fedora 8. I tried to install ns 2.31. But error came as " No rule to make target "VERSION" needed by gen/version.c".
View 2 Replies View RelatedCode:
anisha@linux-p0mg:~> uname -r && cat /etc/*release
2.6.25.5-1.1-pae
openSUSE 11.0 (i586)
VERSION = 11.0
My small Makefile:
Code:
obj-m += serialPortISR.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
Errors I receive:
Code:
anisha@linux-p0mg:~/Desktop/serialPortISR_31_10_09> make
make -C /lib/modules/2.6.25.5-1.1-pae/build M=/home/anisha/Desktop/serialPortISR_31_10_09 modules
make[1]: Entering directory '/usr/src/linux-2.6.25.5-1.1-obj/i386/pae'
make[1]: *** No rule to make target `modules'. Stop.
make[1]: Leaving directory '/usr/src/linux-2.6.25.5-1.1-obj/i386/pae'
make: *** [all] Error 2
I configure IPtable on RadHat as firewall and i want to allow for IP Phone using SIP protocol.I already allow port 5060 for IP Phone using SIP Protocol and I can call out.The problem is:
1. I can call out and in but when they pick up my call they hear what i'm saying but i can't hear they are saying.
I've been trying to add a redirect iptable record but each time I add it, it appears to add successfully (meaning it doesn't throw me any errors); yet when I run 'iptables -L' I can't see it listed:
iptables -t nat -A PREROUTING -p tcp --dport 82 -j REDIRECT --to-ports 8081
I also tried to do a DNAT redirection but this too, executed successfully but did not show in the list:
iptables -t nat -A PREROUTING -p tcp --dst 0.0.0.0/0 --dport 80 -j DNAT --to-destination 10.10.10.10
Am I missing something or am I not applying the rule correctly?
wrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?
View 2 Replies View RelatedI am trying to compile a kernel in the following directory:/usr/src/kernels/2.6.30.9-102.fc11.x86_64
Note I am not trying to build an rpm but just do a simple make. After configuring with make menuconfig I issue the make command and get the following error:
Code:
[root@compaq 2.6.30.9-102.fc11.x86_64]# make
CHK include/linux/version.h
CHK include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-x86
make[1]: *** No rule to make target `missing-syscalls'. Stop.
make: *** [prepare0] Error 2
how to resolve this error? It seems to be fedora-centric.
This is my first use of Ubuntu, but I have previous decent experience on Centos & Mandriva. I've just installed Natty 11.04 on a box that was running a mandriva 2010 - and the network is acting quite strange. When I define a static IP for eth0 through the gui, along with route & dns, it sort of works: ssh is fine, vnc too. However, I have an asterisk running on the box, and it is wild: some packets get lost in the box.
An ngrep shows the packets reaching the interface, but they dont show in asterisk !!! I've done a ufw disable, iptables is empty (why cant I service iptable restart btw ?). ip route list show decent routes (eth0 default); When I switch to DHCP, it is better, but unstable... If i plug a wifi usb stick, it seems to be better... Is there some known issues that could explain this behaviour ? The nic is a: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller
I am relatively new to linux and am running into a problem. I just got a new laptop and need to configure/install it's wireless driver but am getting an error when running "make". The error is: make[1]: Entering directory `/lib/modules/2.6.37.1-1.2-desktop/build' make[1]: *** No rule to make target `modules'. Stop.
I have scoured these forums and know that others have the same issue (when configuring other drivers/programs). I am sorry if this post is redundant. It sounds like the Makefile is pointing to the wrong directory. I am using opensuse 11.4, have make and gcc installed. My kernel is linux-2.6.37.1-1.2 (I just re-installed the desktop kernel to make sure it was up to date). The driver I am trying to install is located here: AUR (en) - rtl8192ce.
Another forum suggests pointing somewhere in the /usr/src/linux-2.6.37.1-1.2 directory instead. Is this correct? Should I be pointing to a folder within this? I am not a programmer but any description about what I am actually putting in this directory and why would be awesome (so I can learn a bit more). Or just helping me solve the problem would be great too.
i'm new in linux world i would like to know how can i add the rtp protocol to my iptables rule for Netfilter firewall,but without installing the asterisk server
View 1 Replies View RelatedUnsure about IP tables lingo, so excuse me for not looking this up:I have a server, running IP tables, that I do not want to allow any type of outgoing traffic to 192.168.1.21
View 3 Replies View Related