Quote:
-A RH-Firewall-1-INPUT -s 10.12.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Ex- 10.12.0.0/16, 172.150.0.0/16, 192.168.20.0/24
How can we add multiple sources network address in the above INPUT chain?
whats the different between Chain RH-Firewall-1-INPUT (2 references) and Chain INPUT (policy ACCEPT)?
View 1 Replies View Relatedtell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies View RelatedThe network manager will ask me for my security key and it will not accept it. Instead when I use the show password feature to see what I typed in was correct, it shows something completely different than what I typed. For instance if my Key was :when it pops up and ask to for me to retype it again it shows something completely different in hex. Is there anyway I can use a different network manager?
View 8 Replies View Relatedhow efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies View Relatedi have a big problem y have to make an alias for the eth0 interface, i made it with yast and my alias was eth0:1, first, if i try to shutdown the interface i cant it give an error and tell me that the interface dont exist and the second threat is if i can put a default gateway for this alias something like this in other distributions:
route add 128.26.6.11 gw 192.168.28.201 dev eth0:1
Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
View 2 Replies View RelatedI installed Asterisks On a VM machine.
The asterisk I downloaded came with Centos 5.3 It runs well on VM console But the problem is when It request for localhost login which accepts input but the password does not accept input at all.
When I try to switch to another user, the login screen show the user selection list, but I can't enter anything - when I click on a user name, the computer just beeps. I have to reboot to get out of this.
View 4 Replies View RelatedI am using LuckyBackup to back up my laptop disk to a USB disk. I would like to display to the user the message "Please mount backup disk" and have the user click "OK". LuckyBackup has a feature to allow issuing commands before it does the backup. I have been investigating scripts (I have never written one.), but do not understand how to use them to this end.
View 4 Replies View RelatedWhen I try to search for something in the main address bar It always adds the following with my input at the end
View 1 Replies View RelatedWhat commands do you use to set the INPUT, OUTPUT, and FORWARD chains in iptables to ACCEPT?
View 5 Replies View RelatedI have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:
iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT
Is it possible to block a subdomain or a one lower level directory URL access from other hosts or network ? I have a site running on my server and i want to block the particular directory under the domain, with the exception of loopback access? I mean the directory must be accessible from loopback/localhost.
[url] on port 10016(expect loopback)
[url] on port 10016 (expect loopback)
Code:
I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.
Code:
what do you think about the new rules and their order?
I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?
View 3 Replies View RelatedI need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
I'm trying to set up a firewall at the moment that allows access to my custom SSH port from only my friend's url (they have a static url but dynamic IP). I find iptables a bit of a nightmare and was hoping to use UFW for most of my day to day firewall maintenance and just make a few extra iptable rules to cover exceptional circumstances like this. Fortunately it seems UFW allows this with /etc/ufw/before.rules and /etc/ufw/after.rules. So at the moment I'm just trying to get the basic iptables rules right. As I say I'm not very good with iptables, does this look right?
Code:
## Drop Default SSH port access With Logging
iptables -N SSH_DEFAULT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_DEFAULT
[code].....
tried to sign up but it felt like a badly coded .asp page, wouldn't accept my email address? Same address hand typed both boxes? tried it quite a few times, very unubuntu. still explanation marks next to each email address?
View 1 Replies View RelatedI'm trying to cross-compile "sudo" source for Power-PC platform using Montavista tool chain. I'm getting the following error message during configuration: checking host system type... Invalid configuration `ppc_82xx': machine `ppc_82xx' not recognized It is clear that it has found the cross-compiler and configure knows that we are cross-compiling but it fails to recognize the machine. The complete dump follows:
[vhn@localhost sudo-1.7.2p2]$ ./configure --host=ppc_82xx
configure: WARNING: If you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used.
configure: Configuring Sudo version 1.7.2p2
checking whether to lecture users the first time they run sudo... yes
checking whether sudo should log via syslog or to a file by default... syslog
[Code]...
I have a server that is on a high port number, and people want it on port 80. For root exploit issues people say the server can not run as root. So to solve things I want to redirect port 80 to a high port number, say 12345 on the machine. This has been discussed all over the web, so I find I need to do this:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 123.45.67.89 --dport 80 -j REDIRECT --to-ports 12345
/sbin/iptables-save > /etc/sysconfig/iptables
And I do this, an voila things work for the whole world. All machines in the world can see the server on port 80 on the machine.Except, on the machine itself. On the machine 123.45.67.89, I try to get to the server on 123.45.67.89:80, I get a can't connect error. On the machine if I try 123.45.67.89:12345 I can connect.What am I doing wrong here? I don't want localhost network really, I want the ip address and port, but I want the forwarding to work on the local machine. But it doesn't...
I recently set up a ftp server in my house running a dyndns service so I can get to it from the outside. I called my isp to get some help in setting up the router to forward port 21 from the outside to that box, and in short we had some problems. Long story short, they ended up bypassing the router itself, and now the line running to the box is its own fixed external ip. Naturally I want a pretty darn good iptables setup for this. The box runs proftpd and so far my iptables only accepts local loopback and port-21. (I left port 80 closed as its only purpose is to be a standalone ftp server) But I know there must be a safer rule for port 21, as right now its just wide open. Anyone have any ideas on how to make this a bit safer? Also would that command be fine for any of the linux machines im connecting to it from the outside too?
View 3 Replies View RelatedI see on my webserver some logs as follows Quote:
203.252.157.98 - :25:02 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
203.252.157.98 - :25:03 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @
[code]....
Recommend open source tools that can help in figuring out if we are experiencing a network latency due to the newly installed firewall on our server.
View 1 Replies View RelatedI'm looking for a programmatic way to run the equivalent of the below statement using SuSEfirewall2 and make it persistent:
iptables -t nat -A PREROUTING -s 192.168.1.4/32 -p udp --dport 514 -j REDIRECT --to-ports 51414
Yes I know I can add it to FW_REDIRECT in the config, but I really need to handle this on the CLI at run time (which the above statement does do), however... is there an iptables-save equivalent in SuSEfirewall2?
I installed the Centos 5.5 and after the Xen. After I put a virtual machine named VM01.Initially it worked properly, I tried everything and it worked.When rebooted, I had problems with the network.I have two network cards eth0 and eth1, but eth1 does not have any ip and I use only eth0.The error that appears is:
vif0.0: received packet with own address the source address
i set my pass on ubuntu 10.4 and it work so good on installing app but suddenly it stopped working i thought i would restart my pc i tried to inter my pass again ubuntu don't accept it although it's surely true
View 7 Replies View RelatedIm an academic (university networks and security lecturer) studying/teaching network and operating system security, and inspired by the work of Hovav Shacham set about testing ASLR on linux. Principley I did this by performing a brute force buffer overflow attack on Fedora 10 and Ubuntu 9. I did this by writting a little concurrent server daemon which accidently on purpose didnt do bounds checking.
I then wrote a client to send it a malicious string brute forcing guessed addresses which caused a return-to-libc to the function usleep with a parameter of 16m causing a delay of 16 seconds as laid out in [URL] Once I hit the delay I new I had found the function and could calculate delta_mmap allowing me to create a standard chained ret-to-libc attack. All of that works fine. However .... To complete my understanding I am trying establish where I can find the standard base address for ubuntu 9 (and other distros) for the following, taken from Shacham:-
Quote:
[code]....
/proc/uid/maps gives me some information but not the base address ldd also gives me the randomised starting address for sections in the user address space but neither gives me the base address. Intrestingly ... when a run ldd with aslr on for over (about) 100 times and checked the start point of libc I determined that the last 3 (least significant) hex digits were always 0's and the fist 4 (most significant) where between 0xB7D7 and 0xB7F9. To me this indicated that bits 22-31 were fixed and bits 12-21 were randomized with bits 11-0 fixed. Although even that doesnt define the boundaries observed correctly.
Note: I am replicating the attack to provide signatures to detect it using IDS, and for teaching purposes. I am NOT a hacker and if needed to could reply from my .ac.uk email address as verification.
I just reinstalled ubuntu lucid after accidentally damaging it, And I used all the same passwords and user names as before, I can login fine, and I can do sudo commands, but the gnome keyring wont accept my password, I tried changing my password using Applications>accessories>Passwords and encryption but that didn't work. How can I fix this so that keyring will accept my password, I need it to save my wireless router password.
View 1 Replies View RelatedStrange thing happend two days ago. I just wanted to reboot my computer and now I'm no longer able to boot o0. My system is runnig with a full encryption with luks/cryptsetup. I'm using a passphrase to unlock my first partition and it will unlock the others by itself. So far so good. But now it doesnt work anymore... I'm not sure what I did before, but what I know, I didn't change anything! about cryptsetup. I did only a little "update" with the recommended packages from the repositories (guess only 4-5 updated)
I already checked with live cd and same thing there. Not able to unlock any device (what seems strange to me, cause there are 4 of them and all corrupted at the same time...?)
I always get the error message: unlock failed, bad password or options? (on boot) Command failed: No key available with this passphrase (live cd)
First thing I did was checking wheter all modules are loaded:
Code:
ubuntu@ubuntu:~$ lsmod
Module Size Used by
sha256_generic 11580 0
[Code].....