Networking :: Unwanted Blocking Ip Address And Session Log Out In Ubuntu 10.04 Server
Jun 29, 2011
I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:
1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying.
2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:
I hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?
How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
I want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.
And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?
Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...
Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?
I'm assuming that the following should block the complete 178.123.xxx.xxx address range.
Code: iptables -I INPUT -s 178.123.0.0/24 -j DROP Then I believe that I need to save this change.
Code: service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.
Quote:
178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" code....
Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.
I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP ... $IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?
I have one server that has Asterisk running.On front of that, I use DD-WRT router as gateway. As I have checked the log files, I saw that there is a specific IP Address that is continuously accessing the application and trying to authenticate to SIP with a series of extensions. This is like DoS attack for SIP. What I did was to block/drop the IP in DD-WRT using the iptables. I can see from the /proc/net/ip_conntrack that it is being "UNREPLIED". But my concern is that does it still uses a lot of bandwidth even though it is already being blocked?
we have a remote linux server and its /var/log/secureile is fully filled with unauthorized ssh users,of course they cannot able to log in successfully but they were making continuous ssh requests to log in, it some times results in server down problem. so how to secure our server from their ssh attempts.i know blocking unauthorized ip addresses can solve this problem and we can also change the ssh port numbers but what are the other possible ways of solving this.
Instead of changing the playback, these commands open a new Banshee window, and then I get 2 banshee processes running. I tried to get some help in Banshee's forum, and they said it's a problem with Dbus, more specifically, the variable DBUS_SESSION_BUS_ADDRESS is not set. If I run the following command, I get an empty line:
I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.I've followed the instructions outlined in this guide and ran the following two commands:
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP /sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT root@xxxx:~/#: iptables --list
When I am running linux on my laptop, my ssh session to a particular server keeps getting randomly dropped. What should I do to troubleshoot the problem?
I am trying to connect to a windows 2000 VPN server at work, with my current settings in DOES connect to the VPN and i can ping the domain server which is 10.1.1.2 but the first issue is i cannot ping the other computers on the network(via hostnames) can't remember the ip address of the other machines . second issue is when the connection is established and i RDP into 10.1.1.2 ok great i am connected to the server but any interaction in the RDP session even moving the mouse on the screen kills the session and the VPN connection fails.
Running Ubuntu 10.04 LTS 64Bit
Image of current settings in network manager:
Syslog:
Code: May 11 12:08:04 oliver-desktop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'... May 11 12:08:04 oliver-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started
I have installed squid using CentOS 5.When the server boot there are default services which are enabled at Boot time. My server is dedicated only for squid proxy server.I want to know how that when my server boot only the relevant services should start which may helpful for squid. Remaining unwanted services should be disable because they are just occupying memory of the server. Kindly guide me which command I should use and which services may I disable for smooth functioning of my squid
i know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
I have installed squid using CentOS 5. The server is dedicated only for squid proxy server. I want to know how can I disable unwanted services which load at booting time. Like sendmail,samba,etc etc. These services take memory and are not in use. I does not know how can I make my server only for squid proxy service by removing unwanted services?
I'm new to Ubuntu so bear with me. I installed 9.10 from a CD and it looks fine and works OK wired. However, my wireless keeps picking up a connection at home via my Linksys router that is not mine and I can't get around it, blacklist it or delete it. No matter what I do it keeps showing back up as an AutoConnection. It is the same type of router as mine but the security is different (I use WPA-Personal and the offender is WEP). How can I permanently blockdisableetc the extra connection? I can't get on my home network until the bad autoconnection is gone. More info: I use an IBM R40 into which I installed a Toshiba mini-PC wireless card. I know it works as I have used it to connect to other wireless networks other than my own. I prefer to leave my router configured as it is due to other users at home and the configs I use for them. I read about WICD if that is a possibility, but actually connecting wirelessly is not the issue.
I'm trying to run a server, and want to get my IP address but when I run ifconfig, it shows my inet address as 10.0.1.9/10.0.1.4 which, if I recall correctly, is an internal address... my friends can't connect to the server on those ip addresses. My box is wired to the internet, no router, so there's no firewall or router that could be stopping it. Am I doing something wrong with a command, (reading wrong number, etc), or is it a system problem?
On my server I've a OpenVPN gateway and a DNS bind9 serveur At the moment, OpenVPN send opendns address to the clients and it works fine. I would like to use my DNS server for my clients to work with any DNS address. Here is OpenVPN config :
I have specified Primary DNS address in Network Manager's DNS tab and saved those settings. But when I restart my PC, Primary DNS address will go blank. How can I save this address premanently?
Assume this: Machine A sends a packet to machine B, no application in machine B is waiting for the packet, Now: What happens in kernel? What happens to this packet exactly?
If I give "ifconfig" in my laptop I get eth0,lo,wlan0.In that where do I find my Ip address in Ubuntu in 10.04. In eth0 I dont find inet address.Where can I find it?
I have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
My ISP offers the service of native IPv6. So my ADSL router provides me with a local and global IPv6 address. However after a reboot it takes minutes to finally see the global address when using "ifconfog eth0". During that time I can't do a ping6 to an external server, which seems logical. So I waited several minutes, but no global address. After that I started a KDE session, went back to the console(<Ctrl>+<Alt>+F1) and now the global address was there. Is this normal behavior or should I file bug report?
i have followed multiple guides to make my home server use a static ip address. no matter what i do it always reverts back to its dhcp address after about 2 minutes. how do i get the static ip address to stick, or be permanant.
The cable internet I'm using runs on Dynamic DHCP IP addresses. I changed it to a static IP address in my router settings, but it keeps changing. This means that I can't connect to my home server from a remote location.
Is there anyway to run my ubuntu server on a DHCP IP address without connecting through my router 192.168.1.xxx?
