I'd like to discourage the SSH bots that try to log into my system (CentOSv5), and among other things, I've changed my SSH port to someting other than 22. As well, I've been playing around with the idea of some iptables rules (note port 22 is used here as example): Code: # Allow SSH with a rate limit iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -m hashlimit --hashlimit 15/hour --hashlimit-burst 3 --hashlimit-htable-expire 600000 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j LOG --log-prefix "[DROPPED SSH]: " iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j DROP I am *NOT* an iptables expert. What do you all think about the above code snip?
I have about 5 machines that are under Ddos daily and I use rate-limit for Iptables to protect that and it works good.My UDP ports 20100 to 20400 are actually under Ddos so these are the commands I use:
Code: A INPUT -p udp -m udp --dport 20100:20500 -m state --state NEW -m recent --set --name DEFAULT --rsource
I've been trying for a couple days now to get netem rate limiting to work on a Fedora 12 i686 virtual machine (both on VMware Fusion and KVM), and have had no success.In order to do outbound rate limiting, I want to use the netem token bucket filter (TBF), as described here:[URL]Unfortunately, attempting to use the TBF results in this error:
Im trying to setup multiple domU through the default bridge setup. I am able to access only one of them through the network at a time. If you ping one of the domU it works perfectly but you cannot ping any of the others until you stop pinging the one and even then it takes a bit before you can. Ive looked around for a while and seen similar problems but nothing ever seems quite the same. Im probably missing something really stupid. Or is this the way the bridge is supposed to behave? Do i need to use a routed virtual network?
I am trying to get a bridged connection to work in centos
Here is the network diagram [url]
There are two interfaces in linux system , they are bridged and connected to the windows system I am not sure if I need to enable STP in the bridge or not?
Is there any good tool in GNU/Linux that copy files like cp, but also shows progress and limits speed (and changes limit without interruption) like pv?
Also rsync -aP source_directory /destionation/directory/, but this shows progress bars individually and can't change rate after started. Or may be I should just write a wrapper for pv/cpio? Done.
I'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module: Code: iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT The firewall will let the first 5 packets in in the first minute, -limit-burst 5; this means, however, that the packets/minute now is 5, so any further packets are blocked until packets/minute = 1, i.e. 5 minutes later. In the sixth minute, packets/minute will be 5/6 < 1, so another ping request will be let in. When the extra ping request is admitted, the ratio becomes 6/6 = 1 again, and packets are DROPped again until the next minute.
Now I have some problems in understanding how it works. For example: I want ping google.com in this way: the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because I wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be: Code: iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT In this way, if i digit Code: ping -f url_of_gogle I expect that the first 5 packets are accepted (and so zero '.' will print on the screen) and then for the remaining 5 minutes no one packets will be accepted (and so a long string of '.' will print). But it doesn't work...
In man pages of ping we read (about -f option): -f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped.
how to configure a bridged connection in where we are required to enter username and password.I am currently using PPOE type connection of my modem(A Nokia siemens ADSL modem).
I have a Gateway laptop running ubuntu 10.04, and just now have a compaq desktop running windows 7, my laptop has wireless internet connection, it's the only way that i can get it in my room. my desktop has only ethernet plugin. My question is, If i plug my laptop up to my desktop using an ethernet cable, can i bridge that connection to get internet from my laptop(using the wireless) to my desktop(using the cable)
I have installed qemu/kvm and created a Bridged network connection which works just fine(Windows 7 VM won't work in NAT mode.)
But when I try to use NetworkManager it says that I have no network connection because the network isn't managed, (I set the settings in ifcfg-br0 and ifcfg-eth0 to be managed)
The real problem is that now I can't use my VPN connections (I have many) in NetworkManager.
Is there a way to have both of these pieces of functionality?
I want to connect my dataone broadband connection in bridge mode in fedora 7. As i am currently using a bridge connection through this modem (smartAX MT882) in win XP, i want a bridge connection in fedora 7 too to access the internet from linux. I have gone through some forums discussing this issue. somewhere i have found the option "adsl - setup" and tried it in my fedora 7. But it is showing the message "adsl- command not found" on this issue. I need a detail step by step procedure for brigde connection using datone in fedora 7.
"I am new to Linux. Could you please guide me how to make ADSL bridge connection. I have tried to make connection using Network manager. But, it some times works and some times doesn't works."
I have an openvpn bridge up and running (ubuntu to ubuntu, both in vmware fusion machines on macs). My problem is that I cannot get a connection faster than ~9mbps even though 20+mbps is available. I've been troubleshooting for a while and have tried many fixes. I just now did ethtool tap0 and I think maybe I found it. It says the link is 10mbps. I tried to change it with: sudo ethtool -s tap0 speed 100 but it says ethtool cant change speed on tap0. How can i define the link speed of tap0?
I have virtual box installed which automatically installed bridges for my network adapters. This has always worked fine. I'm attempting to set up a static IP for this machine now. I use NetworkManager, and the physical connection (eth0) is set to static IP of 0.0.0.0, and the bridge (br0) attached to eth0 was set to DHCP. I changed br0 to my desired static IP and lost net connectivity (I'm talking about the host, not the virtual machine - I'll get the host working first). Re-enabling DHCP restores connectivity. So I don't know what the problem is, but I am unable to assign a static IP to the bridged connection. Do I have to do this differently? Do I need to remove the bridge so I am using just eth0 again, assign the static IP to eth0, and then re-install the bridge? I haven't tried that yet because a) I don't know how to remove & reinstall the bridge, because it was done automatically by Virtual Box installation, and b) I could probably do that if I had the time figure it out but right now I don't.
I set up a static IP on wlan0 on another machine using Network Manager and it works fine. That machine also has Virtual Box installed but for some reason doesn't have the bridged connections. (Perhaps because it runs Ubuntu, not OpenSUSE, if that makes any difference)
I'm running Ubuntu 10.10. I have a problem with any client side network communication from any java based program/application. I've tried to run the following code:
Code: public static void main(String[] args) throws Exception { long start = System.currentTimeMillis(); Socket s = new Socket("ubuntuforums.org", 80); System.out.println("1. connection created in "+ (System.currentTimeMillis() - start)/1000.0 +" s"); s.close(); start = System.currentTimeMillis(); s = new Socket("ubuntuforums.org", 80); System.out.println("2. connection created in "+ (System.currentTimeMillis() - start)/1000.0 +" s"); s.close(); }
The result is the following: Code: 1. connection created in 189.31 s 2. connection created in 0.085 s
I've tried both java-1.6.0-openjdk and java-6-sun-1.6.0.24 with almost the same results. During the extremely long 189 seconds, the processor is doing almost nothing (java thread has 0 %). I've tried also a wireshark to check what is going on, but the first packet was released after those 189 seconds. There is nothing in log files, I have no exceptions or errors, and the connections work (after the first long delay) just fine.
I want to set up a bridge using bridge-utils within /etc/network/interfaces like is shown here in this guide: [URL] The problem is that, at the same time, I want eth0 to have a specific static IP address. Right now I have a configuration for eth0. This guide tells me that I should not configure eth0 outside of the br0 configuration.
I'm using Ubuntu 10.10 (Maverick Meerkat) on my HP laptop. My office desktop uses Windows 7 Home Edition. I created an adhoc connection on my desktop pc because I also want have an internet connection on my laptop. But Ubuntu seems do not detected the adhoc I created on my pc. I also tried to connect using the hidden wireless network and entering all the necessary access (wep key, etc...) but still didn't work. Is there any way that I could connect my Ubuntu on a adhoc? Is that possible?
I posted this in the Networking section, but should probably be over here. Couldn't move it. I have a transparent proxy in place. I have Webmin installed on the server. Is there an app that can monitor bandwidth in real time? Also run reports? I have SARG installed, but seems to only monitor HTTP traffic, I need to monitor all traffic. I have a bridged connection, but monitoring the outside interface is fine too.
Take this scenario If I have rate limited the connections to 4.(i.e if you attempt 4th connection you wont be able to login for some time.) If in a minute I get disconnected 3 times while I was already logged in on the server with a screen session, will I be able to login or I need to keep quite for a minute?
Quote:
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
I virtualised backtrack on windows 7, and set up the network connection to bridged mode, but my networking still fails. dhclient eth0, outputs many DHCPDISCOVER but no DHCP offers.
I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.
my iptables Policy is Drop..my server ports is open just for httpd,ssh .Is there any rule which can allow all connection from a specific program for ex. i want to scan an ip Address ports.as you know nmap connect to every known port to see if that is open or not so, if i want to allow nmap to connect, i need to include all ports for that, or i can allow connection from localhost to outside in all ports .my server is very secure . i dont want other programs (probably a backdoor) use those ports to connect outside i want to know is there any ability in iptables which can rule connections by name of program like "Allow any Connection from /usr/bin/nmap to everywhere " ?
an ubuntu with address 192.168.1.100 an OpenSuse with address 192.168.1.106a windows xp with address 192.168.1.102And these are connected via a DSL router/switch (4 ports eth) .My purpose is config the ubuntu as a Firewall and NAT server for investigating the network layer packet with specific policies .well, I've used the following script :
I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
