Software :: Iptables - Unable To Log To Rsyslogd
May 16, 2011
I am using iptables and what i want to do is have is log to a specific file that i have set for it. Here is what i edited to rsyslog.conf
#kern.* /dev/console
:msg, contains, "iptables" /var/log/iptables
& ~
now as far as iptables rules here is what i am working with...
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables"
however when i run my script i get this kind of output:
iptables v1.4.9: unknown option `--log-level'
Try `iptables -h' or 'iptables --help' for more information. when i do 'iptables -L -n' i get this kind of output..
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW limit: avg 5/min burst 7 LOG flags 0 level 4 prefix `iptables'
why i am getting this error unknown option '--log-level' and two why is not writing anything to /var/log/iptables when i do 'cat /var/log/iptables' i get nothing
View 27 Replies
ADVERTISEMENT
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Jul 13, 2011
I'm running natty server on Rackspace cloud and rsyslogd has been using 197% off my cpu (quad core I believe) for the past few days. Does anyone have an pointers as to how to figure out what is going on?
View 1 Replies
View Related
Dec 5, 2009
I'm running ubuntu 9.10, the box has 2 network interfaces. I've got rsyslogd running on this box also. On one of the interfaces I have a VoIP ATA which I've configured to send syslog messages to the ubuntu box, however they're not coming up in the log file (I've configured syslogd.conf to capture logs for local2.debug and local3.debug).
rsyslogd seems to be working ok for data coming through on the other interface, but not this one. I've verified the ATA is sending data by using tcpdump and have confirmed it's using local2.debug and local3.debug. It seems perhaps it might not be listening on all interfaces? rsyslog is running with the -c4 switch.
View 2 Replies
View Related
Oct 20, 2010
I have a web service that needs to change to destination of rsyslogd on the fly. I have tried this in a bash script and it does not work.
pidrsyslogd='pidof -x rsyslogd'
sudo kill $pidrsyslod
rsyslogd -4 -l $LOGFILEURL
I get the error that rsyslogd is "already running"; as soon as I kill it in the second line it restarts.
View 2 Replies
View Related
Feb 25, 2010
I am unable to start iptables :
Code:
-bash-3.2# /sbin/chkconfig --list | grep ip
iptables 0:off1:off2:on3:on4:on5:on6:off
[code]...
View 7 Replies
View Related
Jun 1, 2011
let me know where is iptables rules stored?
View 2 Replies
View Related
Feb 10, 2011
I've set up Ubuntu 9.04 (desktop) at home in a lab environment (workgroup rather than domain) and have configured Squid. Everything works fine but, when I took it to the next level and made the proxy transparent, my problems began. I can still access sites (having pointed the XP Pro client to the squid box as the DG) and the sites are logged in /var/log/squid/access.log but I am unable to use Outlook to access my SMTP and POP3. I guess that the setup is blocking ports 25 and 110 and I'll need to configure iptables to forward packets destined for these ports directly to the "real" DG, rather than the Squid box. Here's the set up:
A single NIC (eth0) on 172.19.0.250 / 16 (static) ADSL router ("real" DG) on 172.19.0.1 I executed iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 My squid.conf:
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl mynet src 172.19.0.0/16
[Code]....
View 6 Replies
View Related
Sep 17, 2010
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
View 6 Replies
View Related
Nov 3, 2010
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
View 3 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Apr 16, 2011
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
View 2 Replies
View Related
Apr 28, 2009
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies
View Related
Jun 18, 2011
I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies
View Related
Apr 14, 2011
I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
View 1 Replies
View Related
Aug 16, 2010
I need to use hostnames in my iptables. When I go to restart iptables, it works fine but when I am rebooting the Linux server it fails during startup since the name service is started up after the iptables. Does anybody have recommendations to get around that? Should I set up a script to run the iptables after everything the server comes back up fully?
View 1 Replies
View Related
Feb 18, 2015
I`d like to block bruteforce attack from china, russia to my mysql and i want to open 3306 mysql port just for one type adress from internet like this:: 212.23.165.xxx, and for others I want to block just for 3306.In my new installaton of weezy I`ve not configured iptables..how should looks like iptables config and how to set iptables with this config?
View 3 Replies
View Related
Feb 1, 2009
I have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
My resolv.conf file lists:
nameserver 127.0.0.1
nameserver DNS-server
View 13 Replies
View Related
Nov 21, 2009
To remove it, 238 packages have to go. There are so may the board won't even allow me to post them all. [URL]
View 14 Replies
View Related
Dec 14, 2009
Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
View 3 Replies
View Related
Mar 12, 2010
I've got a machine on my network that's just running default Ubuntu 9.10, but I was considering setting up a network dhcp service on it to manage my machines. As such I was just wondering about configuring the iptables for it.
Reading about, I believe all incoming connections are dropped by default in a standard installation of Ubuntu anyway. If so, is it simply a case of enabling UFW and using it to allow the appropriate port for the dhcpd service and not touching anything else and everything should remain secure?
View 1 Replies
View Related
Aug 13, 2010
I started to use ufw instead of iptables on the terminal, but was wondering if ufw could be installed on a redhat based system? I'm asking, because my office has a mix systems and would prefer to use ufw on these rpm based systems.
View 5 Replies
View Related
Dec 20, 2010
So I've used UFW for quite some time now and its been great. But I'm thinking its time to take the plunge into iptables. I want to start blocking repeated connections from IPs trying to brute force my SSH.
I've been reading up on iptables, and it doesn't seem too bad. But I have a few questions I'm hoping people can help with.
1) If I've been using UFW, do I need to do anything special to switch to iptables. I was just going to do "ufw disable". But do I need to uninstall it, or something special. Because even when I do ufw disable, there are still lines in the iptables talking about ufw.
2) regarding those lines, do I need to get rid of them? Is there a way to revert the iptables back to default? These are the lines.
Code:
3) I've read some things that the order of rules in the "chain" matters, but I don't fully understand it. Does it just mean that whatever comes first within the chain takes precedence? So does that mean that if I want to add a new rule, I can't just add it, but I have to make sure it gets listed in the right order?
4) I don't fully understand what these "chains" are either. I can kind of understand the three main ones, INPUT, FORWARD and OUTPUT. But then ufw seems to have added a lot of other ones. What are those?
5) again on chains, if I add a drop IP to the INPUT chain. From my understanding it prevents it from connecting to you. Do I need to put it in the forward chain also? Or just worry about the input chain to prevent connections to me.
View 5 Replies
View Related
Feb 5, 2010
Iptables manual page says:
Why doesn't it make sense for packets coming from a wireless interface?
View 1 Replies
View Related
May 7, 2010
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
View 3 Replies
View Related
May 13, 2010
I am using Linux version 2.6.18-8.el5xen. I have two nic card. One is configured as local block ip and another is configured with real ip. I can't ssh from outside (i mean on real ip) local lan. But i can ssh on another nic card which is configured as local lan ip. but somedays ago i could ssh from my home but now i cant. I stopped IPtables but still i cant.
View 3 Replies
View Related
Apr 11, 2011
i am forced to do a iptable configuration and the requrements are it shuld get connection from our dubai server (2or 3 static ips) also get connection from local static ip all other networks shuld be blocked what is these prerouting,postrouting&forward chains. is i need to configure that?
View 3 Replies
View Related
Aug 27, 2009
I'm new to Ubuntu and Linux and still trying to figure things out. Are UFW and iptables the same, or are they two different firewalls? The reason I ask this is that I can load up Firestarter, (which, from what I've read controls iptables), then go into a terminal mode and run "ufw status", and it shows disabled. What I'm ultimately trying to do is to open up a port so Vuze and/or Transmission Bitorrent will work, but have not had any success.
View 2 Replies
View Related
May 30, 2011
I don't like this[URL]because every time there is slight change in firewall rules, all that would have to be done again and again
View 3 Replies
View Related
Jul 28, 2010
I want to bind ip and mac in iptables and the script i gathered and working on is as under:
#!/bin/sh
IPTAB = "/sbin/iptables"
macadds = "xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy zz:zz:zz:zz:zz:zz"
ipadds = "aaa:aaa:a:a bbb:bbb:b:b ccc:ccc:c:c"
[code]....
When i run the above script, i get an error as "Bad argument yy:yy:yy:yy:yy:yy try iptables --for more information"
View 4 Replies
View Related
