Security :: Iptables 1.4.1 Mac Module Doesn't Work (error Message) - Fedora Core 8
Nov 25, 2010
I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
View 4 Replies
ADVERTISEMENT
Mar 30, 2011
I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
View 3 Replies
View Related
Feb 7, 2010
So I installed pam-script
made this script:
Code:
#!/bin/bash
RFID_AUTH_SUCCESS=0
#Read the card
tag=`'/etc/rfid/RFID-login'`
code....
Code:
sudo test
It doesn't ask for my password and instantly authenticates as root!
if I run the above posted script manually, (cd into the dir and execute it), it works fine and produces the result 1 if positive and 0 if negative.
View 1 Replies
View Related
Jul 29, 2010
one of the coolest features of Fedora imho is sandbox -X, which I used extensively in F12. However, in F13 I yum install /usr/sbin/seunshare prints:
Code:
[...]--> Processing Dependency: policycoreutils-python = 2.0.82-13.fc13 for package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64
--> Finished Dependency Resolution
Error: Package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64 (fedora)
Requires: policycoreutils-python = 2.0.82-13.fc13
[Code]....
View 6 Replies
View Related
Apr 30, 2009
Hi I am running a fedora 10 desktop. when i send an email using evolution the message was not sent but returns a error message:"Error while performing operation.DATA command failedError: 550 Viagra SPAM - Hi in Subject" and the message did not have an attachment just plain words. what might have gone wrong for i have been using this for sometime without a problem. or what security measures should be in place to remove this viagra spamAm I infected by virus on this fedora, all my updates are up to date.
View 1 Replies
View Related
Jun 30, 2011
I'm testing a Erricsson 3G module F3307 on linux-2.6.33 kernel version. The NIC has been recognized as ppp0, see bellow:
ppp0 Link encap:Point-to-Point Protocol
inet addr:172.20.103.207 P-t-P:10.64.64.64 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
code....
But when I unplug the eth0 wires and do "w3m www.xxx.com", it responsed nothing, even no "Network is unreachable" or "unkown host www.xxx.com".
I'm 100% believed that this 3G module is alive, because I used minicom to send AT commands to it, and demonstrated it was alive.
View 1 Replies
View Related
Jun 7, 2010
I have an HP Pavilion m7480n PC with Windows XP installed on the C-drive. I successfully installed FC 12 onto the spare USB drive. When I rebooted the PC all I got was a blinking underscore at the extreme upper left position of a totally black screen. After a bit of experimenting I found that if I hit the F1 key during the boot process, go into the BIOS setup, do nothing within the setup, and press ESC to get out of the setup then the PC will go back into the boot cycle a second time. During the second time however a small text message appears with words to the effect "Press any key to enter GRUB..." after which the GRUB splash screen comes up with the choice for FC 12 or "Other" (referring to Win XP). At that point I can boot into either one.
View 4 Replies
View Related
Feb 20, 2010
I've configured squid proxy server in a P4 desktop. I've 50 users in my network. I installed RHEL 4.4 (2.6.9-42 kernel) and the iptables version is 1.2.11-3.1. I've 2 NICs installed in the system. eth0 (192.168.100.99) for local lan and eth1 (192.168.1.2) for outgoing to internet. I've connected DSL broadband modem to eth1 (default ip of DSL modem is 192.168.1.1). All the clients except few has been forced to go through squid by user authentication to access internet. Those clients which were kept away from proxy are 192.168.100.253, 192.168.100.97, 192.168.100.95 and 192.168.100.165. Everything works fine but from last week I observed that one of some notorious user use the direct IPs (192.168.100.97 or 192.168.100.95) in the absense of the owner of these IPs to gain access to internet as we applied download/upload restrictions in squid.
I want to filter the packets of source hosts using MAC address in PREROUTING chain. I read somewhere that IPT_MAC module must be installed to make this happen. So that those notorious users can not change their ips to gain direct access to internet.
Below are the contents of my iptables file (I've ommited few entries for safty purpose).
# Generated by iptables-save v1.2.11 on Wed Nov 25 16:35:57 2009
*filter
:INPUT ACCEPT [14274:3846787]
:FORWARD ACCEPT [4460:1241297]
:OUTPUT ACCEPT [16825:4872475]
code....
View 9 Replies
View Related
May 14, 2011
I'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms
rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code:
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT
And these are the kernel modules related to iptables
Code:
Module Size Used by
xt_limit 1382 0
[Code]...
View 5 Replies
View Related
Mar 27, 2011
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping google.com on the gateway machine, it works, while it doesn't work on the private network. Note: I am using VmWare 7. I need your quick assistance about this issue.
View 2 Replies
View Related
Mar 5, 2011
Having not used Clive in over a year I went over to [URL]... and downloaded, built, and installed both Clive and URLgrabber. Here is error message when I tried to run Clive,
[code]...
View 10 Replies
View Related
Sep 3, 2009
I'm trying to install the ip_tables module on a xen vps without success.This is what I've done and the error message I'm receiving:
[peter@sql0 ~]$ uname -a
Linux sql0 2.6.18-128.4.1.el5xen #1 SMP Tue Aug 4 20:51:12 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
View 1 Replies
View Related
Aug 30, 2010
I tried updating my modsecurity core ruleset to the latest version 2.0.8 and something seems broken. I didn't change any of my configs, I just downloaded the latest ruleset archive and extracted it just like I always do, If I go back to the previous version I was using, 2.0.4. everything works fine. Has anyone else had problems with 2.0.8?
View 4 Replies
View Related
Jan 25, 2010
I have tried installing Vmware-Server 1.0.10 on Fedora Core 12. After installing all packages it fails on building the vmmon module. In the internet i found many patches and vmware-any-any-updates...but nothing worked. My Kernel Vresion is 2.6.31.12-174.2.3.fc12.i686.PAE...
View 2 Replies
View Related
Aug 8, 2010
I need to know I/O stats per process. When executed dstat give the bellow error message.
dstat -M topio -d -M topbio
Module topio failed to load. (No module named dstat_topio)
Module topbio failed to load. (No module named dstat_topbio)
CentOS release 5.3 (Final)
uname -r => 2.6.18-128.2.1.el5
How to resolve the above error message
View 2 Replies
View Related
Aug 17, 2011
When opening gedit as a user I get the following message
Gkt-message: Failed to load module "'pk-gtk-module"
If I try to open gedit as root I get the same message but with other messages. These are shown in the attached file. gtk.txt
This is on an upgraded machine using the preupgrade method. The same has happened on two machines upgraded from F14 to F15 the same way. 64 bit systems.
How to clean this up so the messages do no appear?
View 4 Replies
View Related
Sep 8, 2010
I like to encrypt my swap and tmp partition with /dev/urandom but it doesn't work. I tried it 100 times and now I have no idea.
Code:
cat /etc/crypttab
swap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
cat /etc/fstab
/dev/mapper/swapswapswapdefaults0 0
If I reboot I get the message "/dev/mapper/swap" doesn't exist. It seems, that crypsetup doesn't setting up the encrypted block device. SElinux is in permissive mode.
View 7 Replies
View Related
May 31, 2011
my problem is following: I'm running a bridged OpenVPN on my Debian. If the service is running, everything works fine: local and Internet, ftp, mailing from in and outside etc. But, when stopping OpenVPN, sending mails from inside (LAN) fails: I cannot reach smtp (postfix) listening on port 465. And even reaching mailboxes using IMAP gets horribly slow eg. in Thunderbird. Here is my firewall.sh script.
Quote:
#!/bin/sh
echo "
IPTABLES FIREWALL inicializalasa - szures"
# Enter the designation for the Internal Interface's
INTIF="eth0"
[Code].....
View 9 Replies
View Related
Dec 8, 2009
Is there a reason why the selinux module for nagios just doesn't work? I'm running CentOS release 5.4 (Final) and did "yum install nagios" and now have nagios-3.2.0-1.el5.rf installed. I'm having to create policy after policy after policy, and still haven't reached the end of the rainbow.
I suppose after I run out of selinux violations, I could figure out how to combine all of these modules and post the result, but it seems really, really weird to think that I'm the only person who has ever installed nagios from the repo with SELinux enabled.
View 1 Replies
View Related
Mar 27, 2011
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping [URL]... on the gateway machine, it works, while it doesn't work on the private network.
View 7 Replies
View Related
Jun 6, 2011
I'm trying to open port 8080 on my application server. I've included it in my iptables; however I still cannot access through ssh nor putty and it doesn't show up when I netstat either.Here is my iptables-config:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -s xxx.xx.x.0/24 -j ACCEPT
[code].....
View 7 Replies
View Related
Jul 9, 2010
Got notebook HP 6530b with Intel 5100AGN PCIe WiFi module in and desktop ubuntu 10.04 from [URL].
Can i make this one works any way exclude ndiswrapper.
lshw -c network
http://img695.imageshack.us/img695/1...eenshot2th.jpg
lspci
http://img819.imageshack.us/img819/1...reenshothy.jpg
uname -r
2.6.32-23-generic
View 1 Replies
View Related
Jan 12, 2011
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
View 6 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Apr 12, 2011
Here is my problem:
I need to enable the statistic module in iptables.
I had Fedora 13 32 bits, iptables-1.4.7-2 and kernel 2.6.18
But kernel 2.6.18 does not support statistic module.
So, I upgraded from Fedora 13 to Fedora 14.
Now I have Fedora release 14 (Laughlin) and Kernel 2.6.18
I did this to upgrade: url
Also, I did this too.
# yum update kernel
No Packages marked for Update
How can I ugrade to newer kernel?
View 9 Replies
View Related
Jun 21, 2010
1)I had download one hello.c for start working for Device drivers , and compile it . . I am using linux kernel 2.6.xx getting this error :
Error : linux / module.h file donesnot exists .
2) ad build the kernel and still getting the same error .
View 1 Replies
View Related
May 1, 2011
I've been unable to boot into x using the real-time kernel from CCRMA at home. I get the error "Failed to load module "nvidia" (module-specific error,0) no drivers available. I'm using the driver from Nvidia. I know that this is not an official Fedora kernel and I should be bothering CCRMA about this, but in the mean time could I edit the entry in grub.conf so that it will use the Nouveau driver for that kernel only? That way I could "dual-boot", and just use the rt kernel when I want to use audio software and don't need 3d graphics.
View 5 Replies
View Related
Dec 19, 2010
I've just ssh'd into my Ubuntu 10.10 desktop for the first time was confronted this warning message.
Your CPU appears to be lacking expected security protections.
Please check your BIOS settings, or for more information, run: /usr/bin/check-bios-nx --verbose
I've run /usr/bin/check-bios-nx --verbose but this in not present on my install.
From what I understand the -nx option is for AMD processors, however I have an intel i5-750!
View 4 Replies
View Related
Jul 9, 2009
Is it possible to change the general permission denied error. I have some rather young users on this system that think they can "hack the gibson" and I would love to change the general error message to something a little more rude/funnyex:# cd restricted area
-sh: cd: restricted area: Permission deniedI am curious if its possible to change the error message in general?ex:# cd restricted area-sh: cd: restricted area: (funny/rude message goes here)Quick info:This is a Gentoo 2008.0 system, I would also love to do this on my slacware and OpenBSD boxes as well just for kicks.
View 2 Replies
View Related
Apr 4, 2011
I updated my system from FC13 2.6.34.7-66 to 2.6.34.8-68 for both the kernel and the kmod-wl RPM's. After doing so, iwconfig wlan0 key 1234567890 no longer works. I get an error indicating 'invalid argument'. If I reboot using the previous kernel/wl.ko module, it works The size of the wl.ko module increased in size by almost 30%. Did I somehow get the wrong RPM?
View 2 Replies
View Related
