If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedI was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
I want to know the details about the implementation of distributed firewall in a local area network
View 5 Replies View RelatedWhat is the best method to upgrade Fedora from 8/9 to 10? I have the DVD, and whenever I try to boot from the DVD it locks up the PC after selecting the default language stuff. I've run the media check on the DVD, and it passes with no problems. I am behind a firewall and for some reason the configuration is not allowing YUM to get through the firewall, but Firefox can get through (I have another post for this issue).
View 4 Replies View RelatedI'm trying to setup a kickstart installation and having some trouble with firewall settings. When you do a manual install it gives you the option on first boot to allow https, samba, and nfs4 in the firewall. I have as yet been unable to find the options for doing this in kickstart. Here is my current firewall line:
firewall --enabled --http --ftp --ssh --smtp --trust=eth0
I have tried just adding --https but it errors on me. Am I just missing the keywords to set these up? I have looked but i can't find keywords for any services except telnet that are not already included in my firewall line. Should i be trying to do this with iptables in post rather than in the kickstart itself?
does somebody know how dnsmasq / iptables need to be configured such that requests to my public IP from lan are correctly NAT'ed to the host that handles them? Currently my routing device treats them like "oh, these are anyway for me, gnam gnam" which actually doesn't work.Unfortunatly setting up NAT rules that redirect requests from my lan correctly as they are redirected from wan is an option I would like to use only if there is no other possibility.I would like some kind of solution that treats packets that are sent to my public IP as normal packets that are not looped back before they even get out. So they would need to be at least sent to the wan gateway where they are directed back where my firewall can successfully treat them like all other public requests.
View 1 Replies View Relatedi was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies View RelatedI just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?
View 1 Replies View RelatedI have an Asterisk on an externally hosted vServer with Lenny. In order to further protect the SSH access I intended to change the Port number 22 to something like 55555. For this I changed the /etc/ssh/sshd_config file and restarted ssh. This caused unfortunately the following problems:
(1) The first login works but DenyHost writes now the IP in its list so that the second login with the same IP is blocked.
(2) With RESET_ON_SUCCESS = yes several logins were possible with the same IP, but later it also was blocked for some still unknown reasons.
(3) Files can be uploaded for being edited, but they can't always be saved. When they can't be saved the next login with this IP is blocked. It thus looks like the blocking can occur while being connected. When the files can't be saved it is however still possible to copy files from the computer to the vServer.
I add below the entries in the auth.log from a logout and a login. It shows further how suddenly the attempts to save files were blocked. After this session the IP used for it was blocked. I don't know where the message "Unable to open env file: /etc/default/locale" comes from. If I remember right I had these messages already before. I don't know how much that is really important.
[Code]....
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
View 1 Replies View RelatedHow to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies View RelatedLet's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
View 6 Replies View RelatedI could not find any where the documentation the only best which I got was [URL]
My question is the following blog says to remove an IP from /etc/hosts.deny which denyhost has blocked
[URL] you need to have a directory /usr/share/denyhosts/data I do not find any such directory
Also when I tried to check tcp wrapper configuration as given here
[URL]
tcpdchk -v Cannot find your inetd.conf or tlid.conf file. Please specify its location.
what does the above output mean? How do I make sure denyhosts is doing its job?
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies View RelatedI just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?
Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )
[code]...
I have a VMware farm where:
- DHCP is in use to give machines IPs
- Machines go up and down all the time
- All IPs are on a certain subnet
- VMs update DNS (we don't go by IP)
- SSH is in use
I would like to disable StrictHostKeyChecking only for this subnet, because IPs change all the time and editing known_hosts usually only works for a few days before the IP changes again, and once I get enough entries, there are tons of conflicts.
I tried the following in ~/.ssh/config:
Code:
Host 10.0.217.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
[Code]....
i've got a few questions about iptables. i know how to set up ip tables to only allow from an ip address or a subnetting ip addresses. question is how do i allow from 2 different networks? would i need to create 2 lines of entry in iptables to the same port? e: allow 10.168.1.1 and 196.168.1.1 on port 22 is there a way to put all that in 1 line or would i need to create to rules for the port? i know i can use the ssh allow or deny but i'd like to stop access even before it gets to the ssh. stop it at the source kinda thing.
View 4 Replies View RelatedI want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.
And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?
Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...
Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?
I am using denyhosts on a server so in a config file/etc/denyhosts.confthe following value is setQuote:DENY_THRESHOLD_INVALID = 3which as per their configuration file saysQuote:
DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
[code]...
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
Hope you can help me out. I'm trying to setup a "drop-box" on ubuntu 9.10 server with vsftpd. I'm able to login and land in the /home/user directory, however I cannot write anything.
View 5 Replies View RelatedI've got two virtual machines running, the first VM (VM1) has two network interfaces, one bridged with my real lan, one a private subnet. The second VM (VM2) has one nic, only on the private subnet.
I have VM1 acting as a router for VM2, giving access to my real lan for internet access. The problem I'm having is I cannot get VM1 to forward ports 80 (http) or 222 (ssh) to VM2 from my real lan.
Here is the script I've cobbled together from various (foreshadowing!) locations:
Code:
I am using dyndns to keep track of my smartphone's ip address. The idea is to be able to ssh into my home network, protected by an iptables firewall. If I use the command: # iptables -I INPUT 9 -s myname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT it updates using the current ip address, but the next time I get an ip address update to my phone and update dyndns to properly provide nslookups, this is not being updated in iptables unless I restart my firewall. Is there a better way to do this?
View 3 Replies View RelatedAccording to this article -- [URL] there are problems with FireFox security, as a veriety of Zeus is being used by crackers in Europe and China. Allowing for alarmist reporting, this still looks unpleasant. Does anyone have definitive information about how this attack affects the various operating systems?
View 8 Replies View RelatedI installed Redhat Enterprise linux server5. it has two LAN card and two subnet connected to these two LAN card. i can browse network from these two network easily. But i created VLAN on one network card.Now i cant browse network from these VLAN subnet.
View 3 Replies View Relatedi am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22