Jst to tryout ufw I tried to close port 80 on my pc. I'm using Ubunutu 9.04. I sudo ufw enable sudo ufw deny 80. But nmap localhost shows port 80 open why? How can I close it? I will need to control some ports on my next server.
View 2 Replies
If I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
View 4 Replies View Relatedgetting this occasionally in dmesg USB port nn disabled by hub (EMI?),re-enabling and I would like to know: What does the message mean, exactly? What is the actual hardware error code from the USB subsystem? Under what conditions would the root hub disable the port?Is it related to the USB power or the USB data lines? If it's power, what aspects of the USB power does the root hub monitor? Voltage out of limits? Current spike? Ground bounce?Can this power monitoring feature be turned off in the Linux driver settings?
View 2 Replies View Relatedwhen i am enabling mysql in server (port 3306) it does'nt work. but when i execute iptables -F it works what may be the reson?
View 6 Replies View RelatedI know that ports are, by default, not filtered; they simply don't respond to requests if there are no services listening on the port. Well, running netstat -tulpn gives:
Code:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
[code]....
I'm running Ubuntu 10.4 and I've tried disabling IPv6 as I don't currently need it. I rand the following to disable IPv6 and then rebooted my server:
echo "#disable ipv6" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
After the reboot I can see that IPv& is disabled by running:
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
On running netstat -antlp i see that most of the IPv6 applications have closed but SSHd keeps running:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN 663/java
[Code]....
Ho can I close the SSH daemon on port 22 of the IPv6?
A netmap scan of my WAN IP address (cable modem) shows;
23/tcp open telnet?
8080/tcp open tcpwrapped
I've called Linksys and Netgear and they have said there is no user adjustable configuration allowed for the Cable Modems.
How am I supposed to close the open ports if the manufacturer doesn't allow access ?
I scanned my newly installed Debian 8 and found that i have two ports open.
22 for ssh which i want
111 can i safely close port 111 and how?
I am using Fedora 13 64bit. My eclipse program starts a server on port 9050 but I shutdown the program, eclipse fails to properly shutdown the server. Restarting eclipse has no effect.
How can I close or unbind a port forcibly from command line?
I know rebooting or log off and back on will clear the ports but this much slower process for me. I am looking for forcibly closing the port in command line.
I've recently been taking a look at my router settings and I've realized i have my vnc port open for some reason. I don't know how or why it got opened because I've only used vnc within my private lan. Anyway, the problem is I couldn't figure out how to close that port on my router, so I just uninstalled all the vnc software from my computer so it wouldn't act like a vnc server for anybody trying to access it from the outside. So, effectively, I cannot vnc into my computer from outside my private lan, but when i port scan my public ip, the vnc port still appears open.
I'm wondering if there's something i'm missing. I'm sure it must be something in the router that I haven't figured out... something that's keeping port 5900 open.
I would like to Close/Open port 21 using command line. I have an FTP server and I don't want to have the port open all the time. I need only two hours by week to be open port 21 from outside to inside.So I need to know the command line for opening and closing the port 21 then I will implement this in a script into cron.hourly.
View 2 Replies View RelatedI downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. Help me configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog
Results
rv @rv-laptop:~$ sudo ipkungfu
Checking integrity: ..PASSED
Checking MD5 Hash of config files:OK
[code]....
i have to deal with reverse proxy issue and want to access few LAN devices having port 5900 and 9999, what exact steps i have to follow to allow this port in fedora firewall.
View 3 Replies View RelatedI have a problem sending of file attachment using Instant Messengeri have a firewall using firestarter, if i used outside firewall they can able to recieve my file in instant meesenger but if i used firestarter it always cancelled my sending of file attachment....
View 3 Replies View RelatedI want to open port 2700 on my firewall but I don't know how I try with Code:iptables -A INPUT -i eth0 -p tcp --sport 2700 -m state --state ESTABLISHED -j ACCEPT But the port is not open I see the firewall configuration with the command setup . I use CentOS 5.3 here a screen of my configuration :http://upbg.net/out.php/i3537_sshot3.pngCurrently my firewall is off because I don't know how to turn on 2700 when the port is open I will turn on firewall .If I write 2700 in other ports field will 2700 be open ? Before 1 month I try but the port was not open . I have only 1 last question will firewall reduce the load of the my server now mysql use many CPU % and I just don't know why
View 14 Replies View RelatedI want to open the port 18680 on my remote Fedora 14 machine. I didsudo iptables -I INPUT -p tcp --dport 18680 -m state --state NEW,ESTABLISHED -j ACCEPTsudo iptables -I OUTPUT -p tcp --sport 18680 -m state --state ESTABLISHED -j ACCEPTsudo service iptables saveThe status returned is OK.I have also opened the port on my security group on Amazon. Also, I rebooted the machine.When I use the browser to view the application running at port 18680 the browser cannot connect.
View 1 Replies View Relatednmap is showing a port as closed. I have the firewall stopped on both hosts.It shows as closed on localhost as well.The process that's listening to that port is not started from xinetd so i doubt hosts.allow/deny is the issue.I can't help but feel that I'm forgetting some other access control mechanism.Both hosts are RHEl5.4
View 3 Replies View RelatedI just installed Mandriva 2010 and set up the interactive firewall via the MLCC. I set it up not to allow any services to connect (didn't check any boxes). However, when I check my system using a port scanner (shields up at www.grc.com) it says that port 23 is open. Does anyone know why this would be and how I can close it When I look at the daemons running I notice that iptables and ip6tables are 'stopped' although shorewall is running - is this correct? I (perhaps wrongly) thought that iptables needed to be running in order for the firewall to work properly.
View 2 Replies View RelatedI have setup sshd_config for port 3210! I have difficult setup the iptables firewall to allow ssh on port 3210! i always enter this:
iptables -A INPUT -p tcp --dport 3210 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3210 -j ACCEPT
but after i restart ssh, the system do not allow port 3210... why? do i forget something?
I have properly configured my router to open a port for Transmission and Vuze. The OpenSuSE firewall settings are somewhat confusing, however. How do I add a port specifically for the BT protocol? I know it's the firewall causing issues, because when I shut it down, my BT apps roar to life, and die with a whimper when I turn it back on. In Ubuntu, opening a port in the router is automatically configured in the firewall; that is apparently not the case with this distro.
So, when I go to Yast Firewall, I see "allowed services" under the tabs available. When I hit that tab, I see a dropdown menu that contains services such as NetBios Server and Samba Server. Am I choosing one of those available and adding a port to it? Am I adding a custom service via the Advanced settings, and if so, why isn't there a way to label the service so that it shows up under allowed services?
I used to have Opensuse 11.0 and Vuze 4.0.2 and both were working great. Recently I upgraded to OpenSuse 11.3 and installed Vuze 4.5.10. I did not change any configuration in the ADSL router but now I could not get the smiley icon to go green. I followed all the steps given here: A Quick Bittorrent Guide (with screenshots). It doesn't work. so I modified FW_ROUTE and FW_MASQUERADE to yes in /etc/sysconfig/SuSefirewall2. That also does not work. What did I miss here? My ADSL router is DSL-2640T.
View 3 Replies View RelatedIs there a firewall I can install that will only let certain MAC addresses through on a certain port?
View 2 Replies View RelatedI can't port forward to ftp behind my firewall, I tried several attempts but none worked.
Can anyone help me solve this?
I am trying to make a vnc connection from pc #2 to pc #1. Pc #1 is a debian pc behind a zyxel router (P-2602HW-D1A). Pc #2 is a windows xp pc another place at the internet.I have configured the zyxel router to forward incomming trafic on port 5902 to the local ip-adress of the debian box. The debian box is running a vnc server, listening on port 5902.But i dosn?t work.I have tryed to scan the zyxel routers ipadress on port 5902 from the internet, but the scanner says that the port is closed.The vnc server on pc #1 is working fine on the local network. I can connect to the server from a pc on the same side of the zyxel router.Is it deffenitly a router problem, or could it have something to do with debians own firewall?
View 2 Replies View RelatedI have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses. I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
View 3 Replies View RelatedMy host is blocking port 3960 which I need to use for an SVN server, they are telling me that I will have to install my own firewall. I've not done this before and am not sure of what to do or whether anything I can install will be enough protection.
View 2 Replies View RelatedCurrently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
In the firewall, I opened port 5900 for TCP traffic. Now the console is displaying packet information whenever a connection is made. Why does it send a message to stdout/stderr for an allowed connection? How can I stop it? Logging level is set to critical only, and not-accepted packets should only be logged for the internal and DMZ zones.
View 1 Replies View Relatedi am using 9.10 karmic. Firewall is enabled. added ports with ufw allow [portnumber], and i still cannot connect to a port number. iv tryed ufw allow ssh/tcp but that does not work. the ports work when i disable the firewall and i dont want to do that.
ufw is available in all new installations of Ubuntu since 8.04 LTS, but is disabled by default. The standard Ubuntu installation has a no open service ports policy, so enabling the firewall by default doesn't gain any extra security in the default installation, but could provide confusion for people new to Ubuntu when new software that is installed does not work because of restrictive firewall rules. As a result, when first adding ufw to Ubuntu it was decided that users must 'opt-in' to using the firewall. In Ubuntu 9.04 and later, you can enable ufw during installation using preseeding. See /usr/share/doc/ufw/README.Debian for details.
Got 3 computers connected by ethernet to a router modem. At this router modem only port 80 is forwarded to a web server (one of the 3 computers). Now I realized several times a port scanning attack displayed at interactive firewall of Webserver ( Apache at Mandriva LINUX ). Actually the message is port scanning attempt of heanet (actually this names are different mostly). I wonder how to figure out is this portscanning attack possible through port 80 or is the modemrouter (Draytek VIGOR) misconfigured, compromised or one of the other 2 machines (Windows) are compromised and attacking the server inside intranet?
View 2 Replies View Related
