an ubuntu with address 192.168.1.100 an OpenSuse with address 192.168.1.106a windows xp with address 192.168.1.102And these are connected via a DSL router/switch (4 ports eth) .My purpose is config the ubuntu as a Firewall and NAT server for investigating the network layer packet with specific policies .well, I've used the following script :
Code:
#!/bin/sh
IPTABLES=/sbin/iptables
[code]...
Running Debian GNU / Linux 5.0.4 on an older Gateway tower. Have been using this for a year now but it seemed lately that the browser was loading pages slowly. I checked the Network Icon and every time I check it indicates "disconnected" then refreshes and indicates connected. The log makes references to redat, which my machine has nothing to do with? I checked the system logs and get the following repeated messages:
[Code]...
I do randomly (as far as I know) loose my wireless network connection. The only thing to do then is to restart my router and after that it works for a while. I know this is not a hardware issue because I don't have this problem with KDE, only in gnome. I think this problem occurred after I started using 10.04, but then I changed to KDE and forgot about it. But now I'm using gnome again and loosing my network connection over and over drives me mad
View 1 Replies View RelatedI have an LG R-450 laptop with Ubuntu 10.04 installed in it. When I connect him to a network (either LAN or Wireless) it stays connected for a few minutes and then Just disconnects (without showing any sign of disconnection except no internet/skype/dropbox). Only way to renew connection is after startup. The network controller is SIS 191 Gigabit Ethernet adapter.
View 9 Replies View RelatedI'm dummy in linux world and maybe someone can help? Installed Opensuse 11.4 64bit on Hyper-V virtual machine all is working fine except sometimes lan connection is lost.
Code:
/etc/init.d/network restart
is not helping and I need manual reboot.Why that? What's problem? In routes table I can see default gw.
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
178.16.16.192 * 255.255.255.192 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 178.16.16.193 0.0.0.0 UG 0 0 0 eth0
I have been successfully using my speedtouch usb 330 for years.
Now suddenly something weird occurs.I manage to stay connected a few minutes, afterwards the line drops down and I can't reconnect.
I switched the connection script to "verbose mode" and what I get is:
It seems that I can't get an answer from the provider, but if I reboot it connects at first attempts, but the connection falls down again after a few minutes.
I have dual boot. No similar problems is affecting the connection under Windows, so some hardware fault is ruled out as a possibility.
Opensuse 11.2 - wired internet connection
I keep losing internet connectivity from within OpenSuse. I've had ubuntu/kubuntu beforeand never had a problem. I installed opensuse and now after a few minutes of browsing I'll lose my internet connection.I also dual boot into winXP without any problems.I noticed that when the connection is lost I can't even reach my router - which is where I'm getting the wired connection from.So it's not just the outside internet but the local network too. It only happens within opensuse.
The WIFI adapter is working, WIN driver is in use (with ndiswrapper). Linux driver doesn't exist. No issues until computer does to Sleep mode. Then just reboot it. Some times iwconfig commands helps.
View 4 Replies View Relatedmy iptables Policy is Drop..my server ports is open just for httpd,ssh .Is there any rule which can allow all connection from a specific program for ex. i want to scan an ip Address ports.as you know nmap connect to every known port to see if that is open or not so, if i want to allow nmap to connect, i need to include all ports for that, or i can allow connection from localhost to outside in all ports .my server is very secure . i dont want other programs (probably a backdoor) use those ports to connect outside i want to know is there any ability in iptables which can rule connections by name of program like "Allow any Connection from /usr/bin/nmap to everywhere " ?
View 2 Replies View RelatedI two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
I'm trying to configure Iptables and I just want to block everything but http/https. However, my connection is pppoe, so I have the ppp0 interface. Pretty much every Iptables tutorial that I found don't teach how to deal with this kind of setup. I'm forwarding the ppp0 to eth0 and I could configure the input rules and they're working. After this, I need to configure the output but nothing seems to work.
The current working rules are:
Code:
Chain INPUT (policy ACCEPT 7858 packets, 5792K bytes)
pkts bytes target prot opt in out source destination
299 201K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
11 820 DROP all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 ppp0 anywhere anywhere
0 0 ACCEPT all -- ppp0 eth0 anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 10791 packets, 1951K bytes)
pkts bytes target prot opt in out source destination
I don't understand what those "state RELATED,ESTABLISHED" rules do. Also, I don't know if this rules are secure, because i'm very confused about the ppp0/eth0 interfaces.
I have a bridged network setup ifconfig -a gives following output
Code:
br0 Link encap:Ethernet HWaddr 00:26:b9:82:42:38
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::226:b9ff:fe82:4238/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:150779 errors:0 dropped:0 overruns:0 frame:0
[Code]...
3) What are these vmnet1,vmnet2,vmnet3,vmne4 which I see above. I used kvm and virt-manager to create a bridged setup.
I have a problem with network on centos, after i restart the server it works for few hours/couple days, and the network is dropped. - no errors in the log, only that "Network is unreachable" I do 'service network restart' comes back on- directadmin, dns, awbs- everything works good, but only for few hours(never longer then couple days), and then it is dropped again. I searched many forums, and on one them someone wrote that it is because that static IP was used on the same network by other machine. I had a different server running with that ip on my network before, but it was few weeks ago, and there is no other server connected to the network right now (I have one desktop connected with dynamic ip, and it has no problem), and i still have the same problem.
I was suggested to set a cron jobs to restart network every few hours- i thing that is not a solution. Does anyone have any idea what could be a problem? Anyone had similar problems? What could be the reasons for the network to be dropped after few hours? Here is latest 'dmesg' output after losing network:
[root@server ~]# dmesg
Linux version 2.6.18-194.8.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Thu Jul 1 19:04:48 EDT 2010
Command line: ro root=LABEL=/ rhgb quiet
BIOS-provided physical RAM map:
[Code]...
I'm Using the latest Kubuntu 10.10 with the default network manager -- which I think it's called Knetwork manager.
I have set up a static IP by adding a new connection using this manager and then clicking it so that it is used to connect. But as soon as there is a computer reboot the connection falls back to the original autoeth0 which has dynamic IP on and which I cannot change or delete.
1st, i managed to make a VPN connection to my server and after a reboot i get this:I've tried everything that google gives me with "ubuntu vpn service failed to start pptp" search terms.2nd, I've got a DSL connection (PPPoE) to the internet. When i connect it, eth0 looses it's ipv4 ip (I've disabled ipv6). How can I keep it?
View 1 Replies View RelatedI am trying to share internet connection with Fedora12 as default gateway and XP machine hooked up via NIC using iptables commands as shown in Mark Sobell's book 'A Practical Guide To Fedora And Red Hat Enterprise Linux' These are the commands as placed in /etc/rc.local
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE
I did flip the in and out parameters to match my NIC configuration ( as opposed to example from book ) but other than that followed example. One thing to note is that Sobell did not mention whether this should work with mix of Linux and XP. One other note ( maybe meaningless ) is that I do have samba working between the two machines.
I am building 1 system includes 1 firewall server using iptables 1 Webserver && 1 FTP server. On FTP server IP: 192.168.1.2 - GW: 192.168.1.1, I installed ProFTPD successfully. In LAN I do everything successful.
On Firewall server <IP PUBLIC> on eth0 && IP LAN eth1: 192.168.1.1
Iptables rules:
Code: # Generated by iptables-save v1.3.5 on Sun Mar 7 21:01:16 2010
*nat
:PREROUTING ACCEPT [950:126970]
:POSTROUTING ACCEPT [89:5880]
:OUTPUT ACCEPT [19:1342]
-A PREROUTING -d <IP PUBLIC> -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.1.2:21
-A POSTROUTING -s 192.168.1.2 -o eth0 -j SNAT --to-source <IP PUBLIC>
COMMIT
# Completed on Sun Mar 7 21:01:16 2010
# Generated by iptables-save v1.3.5 on Sun Mar 7 21:01:16 2010
*filter
:INPUT DROP [1599:157409]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [232:34452]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT
# Completed on Sun Mar 7 21:01:16 2010 In FTP server i access to internet good.
I check port 21 on IP PUBLIC , it's return Open.
But when I using ftp command then it's show Code: Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
Aborting any active data connections...
ftp> bye
C:Documents and SettingsLONGVNIT>ftp <IP PUBLIC>
Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp>
I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:
iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).
I am wondering if it's possible to log the number of bytes a connection transfered when the connection is complete with iptables. I know I've seen this sort of information in Cisco FWSM logs, where the "Teardown" entry of the logs has the bytes transferred for that connection. Is it possible to have something similar to that with iptables? Where the initial connection attempt is logged (i.e. NEW, which I have logging fine) AND an entry for that connection that includes the bytes transferred?
View 6 Replies View RelatedI am configuring an internal only IMAP server for archival emails. I am absolutely baffled why my connection is being refused. UFW is disabled and IPTABLES has a rule to allow all connections on 143 and 993. When I telnet this response is given:
Code:
telnet localhost 143
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Even nmap shows the port closed. Here is my iptables rule:
HTML Code:
-A ufw-user-input -p udp -m udp --dport 143 -j ACCEPT
I have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?
Quote:
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -m limit --limit 1/hour --limit-burst 5 -j LOG --log-prefix " HLBrute_Ataka "
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -j DROP
In our development box we are configured postgresql to work with Jboss. The thing is we have firewall iptables in our linux box. when the iptables is stopped we can connect the postgres db locally using -h option, also we can connect thru a weblink we have created using Jboss. But when the iptables is started we can't connect the db locally using the -h option and the web is giving the below error. Caused by:
org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
at org.postgresql.core.v3.ConnectionFactoryImpl.openC
[code]....
How can I drop or forward a incoming connection from a part of a host like *.alicedsl.de
For example:
The user is connection from *.alicedsl.de on port 12345
So how can I drop this connection or forward to google.com on port 80
I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com
Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.
I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
View 3 Replies View RelatedI have a fresh installation of CentOS 5 I'm using for a server, and I'm having issues with port configuration. I have iptables running, and it started with no /etc/sysconfig/iptables file. I added a few basic rules (port 53, port 10000 for webmin), saved the file, and restarted the service. I tried connecting to webmin, scanned ports, and traffic was blocked. I set iptables to allow all traffic and restarted the service, and it still showed basically every port as being blocked. It seems port 80 and port 22 work for some reason, even when I tell iptables to block all ports.
I'm not sure what's going on here. Iptables is reading the /etc/sysconfig/iptables file, and if I use lynx localhost:someport it responds as it should according to the file. However, if I try connecting by IP, it's like there's some other firewall or something running that does whatever it's configured to do.....
I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.
By dead I mean I can no longer open a webpage or ping google.
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
I have 2 servers..
let say server A and server B
On server A open ssh is configured and is running on port 2298. So from my machine I can login there using ssh on port 2298
But when I login to server B and from there I try to connect to server A I cannot.
ssh: connect to host <ipaddress here> port 2298: Connection refused
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
