OpenSUSE Network :: IPTable Redirects On The Fly Via CLI?
Sep 15, 2010
I'm looking for a programmatic way to run the equivalent of the below statement using SuSEfirewall2 and make it persistent:
iptables -t nat -A PREROUTING -s 192.168.1.4/32 -p udp --dport 514 -j REDIRECT --to-ports 51414
Yes I know I can add it to FW_REDIRECT in the config, but I really need to handle this on the CLI at run time (which the above statement does do), however... is there an iptables-save equivalent in SuSEfirewall2?
View 3 Replies
ADVERTISEMENT
Feb 23, 2010
I have just installed opensuse and the codecs to replace windows on my laptop. This is my third day using open suse and some of the websites i try to open (amazon.co.uk, gmail.com and others) redirect to a chinese website called www.net.cn) This is the same with the firefox and opera browsers.
View 6 Replies
View Related
May 27, 2010
Quote:
-A RH-Firewall-1-INPUT -s 10.12.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Ex- 10.12.0.0/16, 172.150.0.0/16, 192.168.20.0/24
How can we add multiple sources network address in the above INPUT chain?
View 1 Replies
View Related
Apr 30, 2011
I've been using pipes and redirects for a long time and just realized that I don't know exactly how they are different. I just know that if you want to store the output in a file, then you use >. Otherwise most of the time you just use |. difference between pipes and redirects?
View 1 Replies
View Related
Jan 5, 2010
I am trying to install OpenSwan VPN but get the following [FAILED] errors. I also changed the redirects but it still reports them as failed?Quote:
[root@localhost /]# /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.accept_redirects = 0
[root@localhost /]# /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.send_redirects = 0
[root@localhost /]# ipsec verify
[Code]...
View 1 Replies
View Related
Feb 1, 2011
I'm trying to open a web page to automate some data checking, and I'm getting a "too many redirects" exception. I'm not experienced enough with Java to know what to try next, and would like some help.
I'll show the code for what I've tried, but first, details about the website:[URL].. The website is a series of aspx pages. Going to the above address in a browser gets you to "default.aspx"--a search page. You don't see the redirects (specifically to a Login.aspx page--which redirects back to default.aspx). I can get the search page with either Firefox or wget--and on the same computer that I'm writing the Java code on. So, Firefox and wget are doing something that my code isn't. Also, I'm not behind a proxy.
I've searched about the redirect exception, and one or two pages blame poor website development. That may be true, but I don't have any control over the website. So, fixing the website is not an option.
I did find this page where someone has the same issue. I used some code given in one of the responses to discover the default.aspx->Login.aspx->default.aspx redirection loop.
Much of my code was pulled from the Working with URLs and Working with Cookies tutorials from Oracle. I tried adding the cookie handler thinking that maybe Login.aspx was trying to create a session ID or some other connection-specific identifier. But either cookies are not the solution OR I just didn't code it the right way.
[Code]...
After more searching, I'm 99% certain it's a cookie-handling issue. I added some more code (not included in the above) that examines the full response from the redirect to the Login.aspx page. The response includes a Set-Cookie header for "ASP.NET_SessionId". Now to find some code that will store and send the session ID.
View 1 Replies
View Related
Jun 9, 2011
For some reason my soundcard is recording every playback sound. This become apparent when I was trying to make a Skype call and the other people couldn't hear me. I checked my sound preferences and noted that the input was recording what they say (they could hear an echo). Also if I played back anything it would redirect to them. This has never happened to me and I've made a lot of calls in the past.
I tested with Audacity and it records fine, but when I play back the recording, it redirects to the input channel so it's not a problem with Skype. (my soundcard is a VIA VT1708B 8-Ch). Somewhere I read that the output of aplay -l is useful.
Here it is:
View 9 Replies
View Related
Dec 28, 2008
I use an external hdd (fat32 1tb usb) on my ps3 for music, movies and I'd like to create a folder containing a top 10 movies. Like a kind of playlist. Simple shortcuts wont do because my ps3 only recognizes avi , mp4 , etc. So I need to create a virtual file which redirects to its original. Without the ^shortcut^ taking any space.
View 2 Replies
View Related
Mar 9, 2011
Struggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies
View Related
Jun 2, 2011
I have installed the new phpMyadmin3.4.1 on a server running Ubuntu 9.10 with apache and mysql. It runs on php5.2.10The apache config seems fine as the virtual directory that I configured works fine. http://<ip-of-server>/phpmyadminlink works. The home page is displayed. But when I enter the user name and password, instead of logging into the console, it again redirects me to the index page of the site. There are no errors displayed. I have checked that cookies on browser are enabled.The server is hosted on amazon web services, if that makes any difference
View 7 Replies
View Related
Oct 31, 2009
Im new to fedora 11 and iptables, and i need to set the following set of instruction so VirtuaBox can accept request from lan, to the mailServer in the guest os, but after restart fedora i have to input it all again.How can it become permanent entry in iptables.
View 2 Replies
View Related
Sep 30, 2010
is there a way to make a symlink that redirects to the directory rather than acting as an alternate path? In other word, what I have now is:
[Code]....
I want my pwd to be the hardlink pwd rather than the symlink pwd after changing my directory.
View 2 Replies
View Related
Dec 22, 2010
In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.
View 5 Replies
View Related
Feb 9, 2011
Explain the following iptable rules for me?
I understand 1 and 2, 1 creates the new syn_flood chain and 2 redirects all SYN requests to the new syn_flood chain.
I'm having trouble understanding 3 and 4. can someone explain to me in laymen terms the --limit 1/s and --limit-burst 3?
View 2 Replies
View Related
May 12, 2010
i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies
View Related
Oct 11, 2010
How to open port at iptable?
My box is centos 5.4.
I wanto to open UDP 177 and TCP 6000~60010.
I can connect my box through putty now.
View 4 Replies
View Related
Jan 27, 2011
I have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:
iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT
View 1 Replies
View Related
Feb 23, 2011
Is it possible to block a subdomain or a one lower level directory URL access from other hosts or network ? I have a site running on my server and i want to block the particular directory under the domain, with the exception of loopback access? I mean the directory must be accessible from loopback/localhost.
[url] on port 10016(expect loopback)
[url] on port 10016 (expect loopback)
Code:
View 1 Replies
View Related
Jul 16, 2011
I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.
Code:
what do you think about the new rules and their order?
View 5 Replies
View Related
Aug 6, 2010
How would you remove all iptable rules and chains?
View 2 Replies
View Related
Sep 12, 2010
I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?
View 3 Replies
View Related
Sep 1, 2011
I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
View 3 Replies
View Related
Mar 4, 2011
This is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
View 1 Replies
View Related
Feb 18, 2011
I want to know how to add (ports to open)in firewall using command or scriptor any ather method
View 4 Replies
View Related
Sep 16, 2010
Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
View 2 Replies
View Related
Aug 12, 2010
I m kapil sharma i want to know how i configure iptable and squid service in redhat 5.0?o access internet in network.
View 3 Replies
View Related
Feb 22, 2011
I'm trying to set up a firewall at the moment that allows access to my custom SSH port from only my friend's url (they have a static url but dynamic IP). I find iptables a bit of a nightmare and was hoping to use UFW for most of my day to day firewall maintenance and just make a few extra iptable rules to cover exceptional circumstances like this. Fortunately it seems UFW allows this with /etc/ufw/before.rules and /etc/ufw/after.rules. So at the moment I'm just trying to get the basic iptables rules right. As I say I'm not very good with iptables, does this look right?
Code:
## Drop Default SSH port access With Logging
iptables -N SSH_DEFAULT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_DEFAULT
[code].....
View 14 Replies
View Related
Apr 17, 2010
I am having a Xen server xend daemon is taking care of giving interface names like vif1.0 or vif0.2 to the connected guest operating systems on it.I can not save the current IPTABLE rules since upon reboot the xend daemon gives different names to virtual ethernet interfaces i.e. vif1.0 or vif3.0 or vif9.0 like that.I have some rules that I want to be active upon subsequent reboots and not all.Say for example an SSH to external server at port 8000 should forward the request to a machine on LAN.Which I have done by port forwarding from IPTABLES.So I need to save some rules.I was thinking to make a script which on reboot activates those rules.
I am not clear on where to do that.I came across internet and found /etc/network/if-up.d/I am not clear with this directory my question is if I make a scrip which has IPTABLE rules as I want and save it in above folder will it work. I am not clear with what is /etc/network/if-up.dfor.Suppose my logic is wrong then how should I go for it.Also I want to know does a protocol uses two port to make a connection.I have forgotten that thing,i.e if I run an SMTP or ssh then do they use port 22 and 23 both in case of ssh or 25 and 26 both for SMTP like that or just specifying the rules for one port will be enough.I tested these rules in a secure environment where i had disabled firewall and ssh forwarding on router worked well
View 4 Replies
View Related
Feb 17, 2010
Im working on a CentOS 5 gateway server and the captive portal software needs to have the modules ipt_mac & ipt_mark modules enabled / installed. For the IPtables to work with the software.Whats the best way to install and enable these two modules?
View 1 Replies
View Related
Oct 30, 2010
I have installed squid as my proxy server in ubuntu 10.04 standalone system..Why i have installed squid in standalone sytem is, my friends used to access my system to browse sites and download files..So i have installed squid to block porn sites and downloads..But they simply bypass the proxy by disabling it..I know there is some way to force all browsers to go through proxy using iptables..But how to acheive it..? Is the below command suits my need..?If not what modification should i do..?
Code:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
View 6 Replies
View Related
