When I do...# iptables -L...I see rules in my INPUT and OUTPUT chains that look scary:ACCEPT all -- anywhere anywhere...but these rules only apply to the loopback interface. I tested it and the server cannot be reached on open ports from the outside world. How can I make iptables show the interfaces that the rules apply to?Otherwise, every time I do iptables -L it will scare the crap out of me.
View 3 Repliesi want to view my iptables log on web interface, with chart (in option, but this is not my priority).
View 1 Replies View RelatedI have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables:
# Simple Firewall configuration
#
# Set default policies --------
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
#
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
#
# Accept established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Services --------------------
#
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
#
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
#
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
#
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
#
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
#
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
#
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#
#PLESK
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
#
#Games
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets
-A INPUT -f -j DROP
#
# Log & Block broadcast packets
-A INPUT -d 255.255.255.255/0.0.0.255 -j LOG
-A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
# Log & Block multicast packets
-A INPUT -d 224.0.0.1 -j LOG
-A INPUT -d 224.0.0.1 -j DROP
#
# Log and drop all other incoming packets
-A INPUT -j LOG
-A INPUT -j DROP
#
COMMIT
I am establishing a VPN connection with a Cisco VPN server, but only want outgoing connections to a certain set of IP addresses to actually go through the VPN. I tried something like this:
Code:
sudo iptables -A OUTPUT -t mangle -p tcp -d 111.222.0.0/16 -j ROUTE --oif tun0
but keep getting
[code]...
I just had an ATT Uverse RG installed. However my Smoothwall router that previously worked fine with the ADSL SpeedStream is no longer accepting an address assignment DHCP ip address from this new gateway. (3800HGV-B)Any thoughts ideas or experience working with this hardware? ATT only supports Windows and Mac
View 2 Replies View RelatedI have a ppp0 entry with post-up options like this
mapping ppp0
map none photon-plus motorola
map timeout: 12
[code]...
it�s been several years since i played with iptables. I have setup like this:eth0 is the only physical device on box and eth0:0 is aliased. Traffic going out of the box to internet uses eth0eth0 116.55.58.1eth0:0 116.55.58.2I have a service listening on port 80 on 116.55.58.2Lets say my client connect to 116.55.58.2:80 through 116.55.58.1 , how do I force (mangle you name it) with iptables that the outgoing source address will be always 116.55.58.2?
View 1 Replies View RelatedThe following is my setup. wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3) as show above i have target board for that i have a wireless interface and a linux pc is connected to target board.now the ips are like this for linux pc 192.168.36.3 and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.but when i do the same from target board connected linux pc its not pinging from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1 .I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
i am using windows 7 in my laptop and linux is installed on virtualBox but my problem is the screen is showing small in virtualbox is there any way to enalarge the screen to show like windows screen? i did before by using VGA setting but it made problem me i was not able to use GUI interface i meant graphics interface
it was just showing me Command Prompt.
I have thunderbird-lightning rpm installed but it doesnt show up in thunderbird. In fc11 with thunderbird 2 it was on the left bottom of the screen I think. I checked all the settings tabs but I can't find any reference to lightning. Is this a bug or is there something I have to do to see it? For now I'm using the standalone app sunbird but I really like to have the integrated lightning back in thunderbird. I also tried the lightning plugin from the plugins tab but it complains it's not compatible with gcc3 or something so I guess that's why there is a rpm package.
View 14 Replies View RelatedI found multiple sites explaining how to add IPs to a network interface as virtual interface like eth0:0. However I can add IPs to an interface as well using the ip command: ip a a 192.168.2.2/24 dev eth0 What I want to know is how I can make this persistent on rhel/centos.
View 2 Replies View RelatedI am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
View 2 Replies View RelatedIs there a way to show GRUB 2 interface only if you hold ESC at boot? If I remember well you can do it with GRUB 1.
View 3 Replies View RelatedMy Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies View RelatedEver since I connected my MP3 player to ubuntu the music I put on it doesn't show in the players interface. The actual storage device seems fine and if I delete music off it removes it fine also. Basically, the problem is the MP3 player isn't now recognising new music being put onto it. This is also happening on my XP computer, the player was working on Vista a few days previous. Could it just be a coincidence my MP3 player breaks as soon as I start using Ubuntu or what do you think?
View 6 Replies View RelatedI am looking for a program with a web interface to show my servers hardware status. hdd usage, cpu load, memory etc.
View 9 Replies View RelatedI am looking for a program with a web interface to show my servers hardware status. hdd usage, cpu load, memory etc.
View 2 Replies View RelatedI have a laptop running 11.2 with an internal Broadcom-based Wi-Fi card that's working fine. I'm trying to get 802.11n going with the WUSB600N. The USB ID on this device is 1737:0079. I believe this means it's a "V2" with an RT3572 chip.
No driver loads for this device when it's plugged in. If I do a "modprobe rt2870sta", a driver loads, and syslog shows "rtusb init" and "usbcore: registered new interface driver rt2870". But ifconfig -a doesn't show a new network interface. I've also tried building the RT3572 driver from the manufacturer's web site. It builds fine, and modprobe will load it, but I get the same results as the rt2870sta driver.
I am new to Ubuntu and I need to know how is possible to calculate a file's MD5 checksum. Is there also any gui interface?
View 6 Replies View RelatedI'm trying to prevent users from accessing the grub menu, but setting the timeout to 0 doesn't cut it because a user can hold down ESC during boot.At the moment, it seems that my only option is to set a password for grub. But I was hopping that there is a better way where I can disable that feature completely.
View 11 Replies View RelatedI am looking to build a dedicated syslog-SNMP server with remote web interface and I would appreciate a discussion from our community on recommending the best solutions to deploy. I would like to be able to create an opensource architecture I could easily duplicate for multiple stand-alone customer environments.
View 1 Replies View RelatedActually i'm doing an ingenior training in SAGEM company, well i'm trying to develop an application which is able ti disturb the IP Network,my idea was is to mount 2 Network Interface Card (NIC) and make a bridge to pass the IP flow and to exploit the firewall Netfilter using iptables command.The application has to import a text file containing a binary array like this one:
0 1 0 : 0 corresponds to iptables -p ip ACCEPT
1 1 1 : 1 corresponds to iptables -p ip DROP
0 0 1
==> So the expected result is to have 5 ip datagrams dropped
My idea was: if 0 --> iptables -A FORWARD -p ip -m limit --limit-burst 1 -j ACCEPT
if 1 --> iptables -A FORWARD -p ip -m limit --limit-burst 1 -j DROP
The problem was: After executing the application and parsing the text file,
with iptables -L -v: i have
Code:
-A FORWARD -p ip -m limit --limit-burst 1 -j ACCEPT
-A FORWARD -p ip -m limit --limit-burst 1 -j DROP
-A FORWARD -p ip -m limit --limit-burst 1 -j ACCEPT
which is logic, but when i sniff with wireshark i find more packets are dropped(6,7 or 8 are dropped), like i had put more DROP rules. and sometimes i found the exact value(usually 5 dropped).
I need to show an output of the command "show interface status" executed on a server side in new window on client side. In other words: on client side web browser page I would like to have a link which I can click and get output of command "show interface ... status" in a new window. On web server script has to connect to switch/router, execute this command and send output to client window.
where to look, and, may be explain, what can be better for this purpose? I need a clue, because I have newer done it before. It should not be snmp, because I want to view many different outputs and snmp wont help me.
I'm trying to open port 8080 on my application server. I've included it in my iptables; however I still cannot access through ssh nor putty and it doesn't show up when I netstat either.Here is my iptables-config:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -s xxx.xx.x.0/24 -j ACCEPT
[code].....
The following are the output of command "ifconfig -a":
[Code]....
The interface "eth0", which is down, was not displayed, but loopback interface has been displayed. So, how can I make my application display all interfaces, including the interfaces which are down, but excluding the loopback interface?
I have a laptop connected to the the net thru an adsl modem, when I switch off the laptop network interface,(thru system-config-network) the light of the laptop network card plugged in the router stays on ( green) where as in my pc, when i do the same thing , the light of my pc network card goes off in the modem
View 5 Replies View RelatedI had recently installed centos 5.5 on Distro.But I am not getting how to see interface.
I tried ifconfig and ipconfig both are not working.So please let me know what is command to see interface.
I have been searching for this, but can't seem to find a definite answer. I am running Ubuntu 9.10 on my iBook G3. The gnome interface seems to be a little much for it. I am trying to find out if there is anyway to put UNR on an iBook G3 or at least the stripped down interface.
View 9 Replies View RelatedI am having an annoying problem with ubuntu 10.04. with SSH, I get connected to a linux server. The command line works well. But I can NOT get a graphic interface from it. For example:
me@power:~$ ssh -Y me@123.456.789.3
me@123.456.789.3's password:
[me@master]#gedit abc.f
(gedit:23385): Gtk-WARNING **: cannot open display:
[Code]....
it's said this line is not needed for linux system trying to connet to the server.
I currently have a database that I would like to be able to update using a web interface and then display on the website. I would like users to be able to update the database by entering one record at a time with around 10 fields of information (drop down menus and text boxes). I am unfortunately using MS SQL for my DB as of right now.
View 1 Replies View Related