Security :: Configure IPtables To Only Allow VNC Over SSH

Apr 4, 2010

I am trying to figure out how I can configure IPtables to only allow VNC traffic to an internal server over SSH.

My configuration is WAN < --- > Gateway (Ubuntu 9.10 Server) < --- > Internal Server (that I want to control with VNC over SSH)

View 12 Replies


ADVERTISEMENT

Ubuntu :: Using UFW To Configure Iptables?

Mar 12, 2010

I've got a machine on my network that's just running default Ubuntu 9.10, but I was considering setting up a network dhcp service on it to manage my machines. As such I was just wondering about configuring the iptables for it.

Reading about, I believe all incoming connections are dropped by default in a standard installation of Ubuntu anyway. If so, is it simply a case of enabling UFW and using it to allow the appropriate port for the dhcpd service and not touching anything else and everything should remain secure?

View 1 Replies View Related

General :: Configure Iptables In Kernel?

Oct 8, 2010

I have configured iptables in my system and is working. But I cant find iptables kernel folders such as iptables/extensions/Makefile to make a utility Where to locate them? or how to download and install?

View 11 Replies View Related

CentOS 5 :: Configure Iptables Except Using Terminal?

Mar 19, 2009

can i configurfe iptables except using terminal ? like 32-bit interface application

View 1 Replies View Related

Red Hat / Fedora :: Configure 60000 Lines In Iptables?

May 31, 2011

I need to configure 60000 lines in iptables. I am using script to create a file and iptables-restore to configure them.

I am getting error on commit and I see that if the file size if larger than around 39000 it failed.

Is there a limit to number of lines in iptables ?

View 2 Replies View Related

Networking :: Configure My Firewall (through Iptables) To Allow Apt-get Features

Apr 26, 2010

I am encountering problems to configure my firewall (through iptables) to allow apt-get features, like update and install.I have the latest debian server running in a virtual machine in my windows xp and therefore I have two interfaces in this debian server:- NAT Interfaceinet: 10.0.2.15- Host Only Interfaceinet: 192.168.56.101So far my iptable rules drop all packets for default, in exception icmp and ssh that I allow to ping and connect from my windows xp. Both of them I use only the Host interface (192...) to connect to another 192... interface on my windows.

Those are working fine, but apt is not. I know, in this very moment it shouldn't. But I made a lot of attempts trying to configure the iptables allow connections through the 80 and 21 ports from/to NAT and Host. I think I made all possible combination (or not, because it didnt work). But I'm wondering if someone more experient can help me solve this problem.

View 11 Replies View Related

Software :: Configure IPTABLES To Allow Certain IP Ranges To Ports 25 And 465?

Feb 16, 2011

I have a mail server with IPTABLES enabled.I want to allow access to:

41.0.0.0/8
58.0.0.0/8
61.0.0.0/8

[code]....

View 7 Replies View Related

General :: Configure Iptables To Permit All Traffic On Eth0?

Feb 25, 2010

I'm looking to use Linux (Ubuntu 9.10) as a network bridge between two subnets. I can configure iptables to permit all traffic on eth0 (subnet 1) to pass to eth1 (subnet 2) but before transmitting that traffic I want to perform further analysis. Is it possible within iptables or via a third-party product such a pyroman, to write a "hook" that then directs that traffic to another application installed on the same host?

View 2 Replies View Related

General :: Configure Iptables For Only HTTP And HTTPS Traffic

Aug 11, 2011

I am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:

Code:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:

Code:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

Code:
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?

View 4 Replies View Related

CentOS 5 Networking :: Configure - Set Iptables On Server 1 - To Acces Webserver From Other City

Jan 13, 2010

I am using centos 5.3 , and also using webserver in local network

Here is all configuration

1, server

eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1

2, webserver

eth0 10.0.0.2

I want set iptables on server 1 , to acces webserver from other city ,

How to configure iptables

View 2 Replies View Related

Fedora Security :: Allow DNS In Iptables

Feb 1, 2009

I have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.

Then I wanted to secure my server with iptables, and I have so far made this script:

# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

[Code]....

I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.

My resolv.conf file lists:

nameserver 127.0.0.1
nameserver DNS-server

View 13 Replies View Related

Fedora Security :: Can't Get FTP Through Iptables

Dec 14, 2009

Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd

Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

[code].....

View 3 Replies View Related

Security :: Can't Zero Out Counters In Iptables

Feb 25, 2010

I have a problem with iptables, when I execute

[code]....

View 5 Replies View Related

Security :: How To Keep Safe PC Using Iptables

Dec 5, 2010

I am using Fedora on my desktop pc. I want to know how can i protact my PC from outside world. What firewall policy should i implement in iptables to keep it more secure.

View 5 Replies View Related

Security :: Incorporate Into Iptables

Jan 5, 2010

I'm following an openvpn installtion how to and it says to add this to the iptables:

Quote:
# External Interface for VPN
# VPN Interface
VPNIF="tun0"
VPNNET="172.16.0.0/24"
VPNIP="172.16.0.1"
### OpenVPN
[Code]....

Any thoughts as the whole formatting is separate and has the addition of FORWARD rules, etc. I need the VPN running on the .199 address

View 16 Replies View Related

Security :: Iptables :everything Works Except Ftp

Jun 3, 2010

i set up a dmz to have a internet web server and ftp server, and ssh only from local network, so i wrote a iptables script to load during boot :

[Code]...

The problem is that everything works fine ( i have the same rules for other services such as samba, nfs, mysql on another server) BUT ftp there is no way to make it work. not even locally.when i try to connect, i log in, but while listing the directory i get MLSD ... and it hangs like this for a moment, then i get error message "connection time out" , "impossible to list directory". if i turn off the iptables script no problem,ftp works fine.. but why all services work and ftp no?

how do i have to modify the rules? what is strange also is that if i set as OUTPUT policy "accept", the server seems to be offline."host unknown" error message. I was thinking the rule INPUT is fine cause at least i can login, but the dir list is not going out, so gotta modify output rules. or state?

View 7 Replies View Related

Security :: IPTables - How To Set Default Allow

Mar 19, 2010

I've started a new job and have inherited a couple of RHEL4 64-bit servers. The firewall on them is currently disabled. I'm struggling to get them up and running as iptables is not the most user-friendly application. This lead me to downloading and trying a GUI front-end: Guarddog. Great app! But it doesn't have the default behavior I'm looking for. Here is what I need:

Default behavior: Firewall should be wide open, allowing ALL ports/IP's/TCP/UDP in and out of the server.
Blacklist: Oracle TCP port 1521 needs to be blocked in/out of the server.

This will help get us passed our company's security vulnerability scan. (We aren't able to patch/upgrade Oracle at this time because we'd lose vedor support with a legacy app). I will use these settings as a starting point, and then once I learn more and get more comfortable with iptables (or a GUI app) then I can fine tune things to make them more secure. As far as I know (correct me if I'm wrong) once I get a script I just copy it into /etc/rc.firewall and it will load when iptables starts.

View 14 Replies View Related

Security :: Iptables To Block Ip From Ftp?

Mar 6, 2010

Is this how I would do that?

iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP

This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.

View 1 Replies View Related

Fedora Security :: Iptables - Block Everything From Getting In My Pc

Mar 17, 2009

What i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.

View 2 Replies View Related

Ubuntu Security :: How To Reset The Iptables

Jan 14, 2010

i ran this

Code:

iptables -N rate-limit
iptables -A rate-limit -p tcp -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 3 -j RETURN
iptables -A rate-limit -j DROP
iptables -I INPUT 1 -p tcp --dport 22 -j rate-limit

i am no longer able to ssh in to the machine , how can i reset iptables and firestarted back to default?

View 3 Replies View Related

Ubuntu Security :: Use Address Not Ip In Iptables?

Jul 24, 2010

i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?

View 7 Replies View Related

Ubuntu Security :: Iptables Configured By UFW ?

Sep 17, 2010

I've recently moved from Firestarter to UFW/GUFW, and I wonder if someone could confirm if my iptables configuration is secure.

When I enter sudo iptables -L i get:

Code:

View 3 Replies View Related

Ubuntu Security :: Iptables Allow Via Spesific NIC?

Dec 29, 2010

eth1 has connection to the net via gateway ..eth0 on the same machine has users on a intranet and needs access to the internet, i need to allow internet connection and prevent packets which logically originate from the internet getting into the intranet

View 1 Replies View Related

Ubuntu Security :: How To Clear Iptables

Apr 21, 2011

Installing a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.

View 2 Replies View Related

Ubuntu Security :: Both Ufw And Iptables Running Together?

May 23, 2011

Can I have both ufw and iptables running together? My server is currently using ufw, if I add an iptables rule will it have any effect?

View 6 Replies View Related

Networking :: Configuring IPtables Security Of CPU

Mar 3, 2009

I new in Linux, I have a Centos5 since sunday and well I have to configure the iptables security of this cpu, I read a lot of examples of iptables in the internet and also another Thread from here but Really a don't know what to do, I saw lots of codes but first of all I don't know where I have to write that and my teacher don't want to help me in this homework. I tried to write the codes in applications --> accessories --> Terminal

View 3 Replies View Related

Security :: Setting Up IPTables For Kubuntu 10.4?

Feb 21, 2011

After discovering that the firewall was wide open I decided to finally study the iptables docs and learn how to add rules. Now, I've not yet finished reading guides and documentation but I'd like some advice before I set the default policy on the input chain to deny. I have added a permissive rule for the loopback adapter so that programs that use it do not become mute suddenly. I will also use netstat to see what ports to open for each program that connects to the internet. I'm not that interested in what ports to open but how to find what ports to open.

View 3 Replies View Related

Security :: Anyway To NOT Log Dropped Ports 137 / 138 In Iptables?

Mar 30, 2011

We do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.

View 4 Replies View Related

Security :: Blocking Web Content With Iptables?

Aug 8, 2010

Is possible blocking web with content for adults with iptables?

View 3 Replies View Related

Security :: Use Of Iptables And Books For Indepth?

Jan 30, 2010

proper use of iptables and tell me good books for indepth study

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved