I am trying to open VNC ports(5901,5902) on my RHLinux machine using iptables. I am able to do it from GUI system-config-security. Go to the Administration > Security Level and Firewall, then select "other ports" at the bottom and enter the portNum 5901 to open and select tcp, then click OK and OK again to save your settings. From my windows m/n iam able to open vncsession using vncviewer on 5901 port.But when I am trying to do it from command line:#iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPTThis command added the entry in /etc/sysconfig/iptables and listed in iptables -L command.Then I saved and restarted the iptables.#service iptables save
#service iptables restartWhen I am trying to open the VNC session from vncviewer, it is giving me error and session not opened.Is there some thing I missed here? where can I check the logs for this? I definetly need
I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also. However, the only port that gets successfully forwarded is port 22. The other two appear closed. here is what the script looks like:
We do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.
I want to portforward client connections from an ubuntu lts server to another external server. btw i am a noob on iptables. i have tryed using the basic commands for iptables with no success. For example:iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j DNAT --to 91.23.45.67:7878iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j ACCEPTso basically i just want a rediraction for from one ip to another. Example: A client tries to connect to ip 123.45.67.89 on port 7878 and the server forwards him to ip xx.xx.xx.xx on port 7878, meaning that xx.xx.xx.xx is the actual server with services. Server with ip 123.45.67.89 is only forwarding the client to external ip... how can this be done in a simple command?
I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.
So now I'm struggling a bit with Iptables. Basicly what I'm looking for is how to block all ports but 80 in this last subnet with iptables.
I like to set in iptables to allow access from one host to my server on any ports.Currently the iptables have been configured to deny all and to allow access only to those I've specified.
Because my ISP is blocking every IP port under 1000, I'd like my local nat'ed server to be able to translate incoming and outgoing traffic from some port above 1000 to the default server port locally.Example :
To connect to my IMAP server (default port : 143) from the outside,I'd connect to my public IP, port 1143 (opened and nat'ed to the right server on my router) and the server would translate this port to 143 on the same machine.I wish I could simply configure my router to do that but sadly Linksys doesn't permit such setting... I also could modify the listening port of my server but I prefear to keep the default port inside my network.I think that iptables is the right tool to do that and I never used it and I must say that this tool is not so easy to configure at first sigh
I'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this: Clients <-> Proxy Server + DHCP Server <-> Internet
With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).
For Iptables I used: Code: iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128 iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP
I am trying to edit the iptables to include some ports/ip for openfire server. The problem is the computer is very locked down with permissions...I logged in as ROOT with ID 0.Now the iptables has ROOT for permission BUT ID 1 which reflects BIN.As root i cant edit or chmod/chown the iptables. Here is what i tried:
1. change password of BIN - successfully changed with no errors BUT still cant su BIN with the new password...
2. tried changing the ID of ROOT to 1 but I dont have permission to use the command....
so anything i can do here??? I dont have permission with Shadow either...
I am wondering if I can open a shell or new terminal thing from within the terminal in a unix/linux enviroment. Particularly a commandline only one where there is no GUI. Is this doable? how do I do it?
Just did a check on "shields up" and it says that ten of my ports are open. I get the same result with or without both shorewall and firestarter. I suspect it may have something to do with the mysql server packages added automatically during installation. Am I right. If so, what can be done about it? If not, has anyone any idea how to keep my ports closed?
I'm trying to setup oracle10g but, whenever I try to go to my database homepage http://127.0.0.1:8080/apex I get an "unable to connect to" error. Only reason I can think of as to why I can't connect to it is because my ports aren't open. I also recall SELinux complaining about something awhile ago, I can't seem to bring that up any more for some reason.
I've been struggling for days trying to open port 53 and 25 but can't get it to work. My iptables at /etc/sysconfig contains the following: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] .....
On the server machine when I do port scan with nmap I see the following result: Starting Nmap 4.76 [URL] at 2010-03-28 01:03 CET Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): Not shown: 986 closed ports .....
But when I try to do telnet from an external machine, e.g: telnet <IP of host> 53 I get: Connection refused telnet: Unable to connect to remote host
I also did a port scan with a tool on an external machine but port 53 and 25 weren't listed as opened ports. Also CheckDNS.net on the server returns "Connection reset. Probably DNS server is offline". I am 100% sure that named and sendmail are running. When I do a ps -aux I see: named 9261 0.0 0.3 85528 14784 ? Ssl 00:46 0:00 /usr/sbin/named -u named root 2550 0.0 0.0 9536 1960 ? Ss Mar23 0:02 sendmail: accepting connections
A few months ago I installed Ubuntu 9.10 on my girlfriends laptop, on her request, as she didn't like Windows any more. Since then the internet connection periodically slows down due to too many open ports/connections. Always when this happens I call our ISP and usually there are around 80-200(!) active connections to various IP's.
She is not downloading torrents or anything. She only uses Firefox and a few open tabs as people do. Skype is open. Wireless internet connection.
I am thinking either Ubuntu is updating more or less constantly or the ports/connections aren't closed "after use".
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns: Code: james@james-linux:~$ nmap localhost Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): Not shown: 994 closed ports PORT STATE SERVICE 25/tcp open smtp 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 2049/tcp open nfs Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code: james@james-linux:~$ nmap 192.168.0.108 Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT Interesting ports on 192.168.0.108: Not shown: 996 closed ports PORT STATE SERVICE 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
I'm trying to open my ports all the way, but for some reason, I am unable to do so. I've forwarded the ports I want open in my router (I switched between two routers to make sure), I made exceptions in Firestarter, and I even added UFW rules, but when I use pretty much any and every port checking tool out there, the ports eithere back stealthed or closed.I'm not a complete noob, and I'm not an expert, but I'm p sure I'm doing everything right, seeing as there isn't much to screw up.The reason I'm trying to fully open these ports is because I'm getting this dumb 'No Incoming Connections
I'm using ubuntu-linux ( ubuntu 9.10)I use utility autoscan network to scan the systems available in local area network of my hostel.It shows my open TCP ports : like Ssh , Smtp , Http , NetBios-ssn , Microsoft-ds , ipp , Mysql , Postgres.Are all these services need to run all the time or I can manage the ports.Don't know much about it just want to know these ports are by default open or I can manage them.
I would like to open some port from IN to OUT pop3,smtp.whenever i tried to add some rules to existing iptables it gives me an error.Applying iptables firewall rules: iptables-restore: line 21 failed
I have installed Debian Jessie (<-- brilliant OS ) on my uncles Laptop (it is a Thinkpad E540) with Cinnamon as desktop environment. The installation was no problem. Everything apart from one minor thing works nicely. The minor thing however is the following:
I don't know what it is, but when I don't use a particular usb port for a while and then try to plug in a usb stick or a wacom tablet, it doesn't get recognized, it doesn't show up when I use f.e. Code: Select alllsusb. When I close the lid of the laptop and open it again, then the particular usb device gets recognized and cinnamon asks me what to do, f.e. open a folder and show the content of the usb stick I have plugged in. Because of the success on two other laptops I use the following
to save power on the Thinkpad (this is in no way my service script, I tuned everything using powertop in the terminal after having had logged in, the script above stems from a brilliant user here on the forum). Could it therefore be autosuspend that is not working properly here?
