I'm trying to VPN in somewhere and it doesn't like any outbound connections. I'm doing this for RDP, so can I somehow restrict the VPN connection to only be using the RDP port?
View 1 RepliesPerhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.
I am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
I am looking at ways in which I can restrict the SSH session requests come by specific SSH client (say Putty or NX Client). Is it possible to restrict SSH client login to a client application?
View 8 Replies View RelatedI'd like to use tc and iptables to restrict the download speed. I understand this is know as policing. Are there some resources I could use to learn how to do this? I want to restrict on a per ip basis.
View 1 Replies View RelatedI have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
[code]....
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs) Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}
[code]....
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
[code]....
How do I do this at my modem page?
View 4 Replies View RelatedI have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration:
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
max-lease-time 691200;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "lab.com";
option domain-name-servers 192.168.1.12;
option netbios-name-servers 192.168.1.12;
option netbios-node-type 8;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.12;
ddns-updates on;
ddns-update-style interim;
}
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs)
Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}
pool {
range 192.168.1.31 192.168.1.254;
allow members of "private-hosts";
}
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Full from Localhost to Localhost
iptables -A INPUT -i lo -j ACCEPT
# Full from My PC
iptables -A INPUT -s 192.168.1.2 -j ACCEPT
So I can't limit DHCP for specific macs.
Anybody know how to do this, IN MY MODEM PAGE?This is the best I can copy my modem config page code...
View 2 Replies View RelatedI have a server in a colocation environment where I'm allotted 25Mbps. I'd like to avoid exceeding that for obvious reasons. Is there a way I can set the link speed or at least throttle the bandwidth for all services?
View 2 Replies View Relatedi have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies View RelatedI'm writting an app for desktop and embedded linux and I need to get information about the multiserial port, and I need to know which port is been used (by a printer, por example).The multiserial I'm using is an Altera Corporation Device 0004, and I just need to tell how many ports are there and how many is been used.
View 3 Replies View RelatedI have a Fedora 11 system and cbq.init-v0.7.3 in it. Now I want to restrict upload speed from my ftp server to Internet (eth1). According to docs I've made a simple file /etc/sysconfig/cbq/cbq- 00.inet_upload_restrict:
DEVICE=eth1,100Mbit,10Mbit
RATE=800Kbit
WEIGHT=80Kbit
PRIO=5
RULE=:20,
So as you can see I want to limit outbound traffic on eth1 from my ftp port 20 to any to the 800Kbit/s (100Kbyte/s). Now I do cbq start, it says: find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments. but it starts and works. Now I check the speed and it is...
I want to restrict some site (Social Networking) through my newly configured squid proxy. But It always allow those site How to block those site. My squid.conf file is configured as follow :-
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
[coder].....
A few months ago I installed Ubuntu 9.10 on my girlfriends laptop, on her request, as she didn't like Windows any more. Since then the internet connection periodically slows down due to too many open ports/connections. Always when this happens I call our ISP and usually there are around 80-200(!) active connections to various IP's.
She is not downloading torrents or anything.
She only uses Firefox and a few open tabs as people do.
Skype is open.
Wireless internet connection.
I am thinking either Ubuntu is updating more or less constantly or the ports/connections aren't closed "after use".
Does any body know how to enable ports in ubuntu 10.04?
View 2 Replies View RelatedI dont know how, but somehow all the ports on my comp appear to be blocked except for 24, for ssh and 5900 unknown. I can connect to the network, but as far as I can tell, I'm powerless to do anything. No webpages load, I'm typing this on my phone.
View 1 Replies View RelatedI have ssh running on port 22 and that is the only thing I want in/out of this particular box (ssh, scp).But when I use iptables to set the default policies for INPUT, FORWARD, and OUTPUT to DROP and then allow 22:
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT
ssh stops working.
I was following the directions over on the page How to watch Hulu overseas without a proxy server and got to the section about blocking ports, which I need to block port 1935. I figured this would be easy, as the mac instructions are
Code:
sudo ipfw add 0 deny tcp from any to any 1935
sudo ipfw add 0 deny udp from any to any 1935
and the Windows instructions are practically a book in itself. Since this page was lacking instructions on how to do it in Ubuntu, and ipfw seemingly doesn't exist in Ubuntu, how do I block the ports
I'm trying to open my ports all the way, but for some reason, I am unable to do so. I've forwarded the ports I want open in my router (I switched between two routers to make sure), I made exceptions in Firestarter, and I even added UFW rules, but when I use pretty much any and every port checking tool out there, the ports eithere back stealthed or closed.I'm not a complete noob, and I'm not an expert, but I'm p sure I'm doing everything right, seeing as there isn't much to screw up.The reason I'm trying to fully open these ports is because I'm getting this dumb 'No Incoming Connections
View 3 Replies View RelatedDoes Ubuntu come with a firewall preinstalled and running? I need to open port 9997 - how would I got about doing this?
View 2 Replies View RelatedI have been running Ubuntu 10.10 and have found that at any time I am connected to the Internet that I will randomly see high port numbers open when doing a port scan on my computer all are in the unknown listings with five digit numbers so I don't know what is going on or who is using them. Please check your system to see if you are having the same thing happen by using network tools and filling in your local ip address in the port scan tab. If you shut down your Ethernet interface and run port scans the high ports are no longer open. this will at least keep whoever is using your ports at bay when you are not using the net.
View 4 Replies View RelatedMy first one is the network: Our routers' ethernet ports are all in use and I cant get one of them. So Im asking you what I need to buy. Our router now is a speedport w701v. The new router should have wlan and good working LAN. It shouldnt be very expensive... give me some tips what I should look for (because Im very new with router...) and maybe give me a link where they tested many routers (and where I can trust the results).
View 3 Replies View RelatedI can successfully forward a port via:
PHP Code: ssh -L 5900:localhost:5900 test@192.168.5.1
how do I forward several ports at once. This is a wrong example but:
[Code]...
How can I tell if my USB ports are 2.0 ports?
View 1 Replies View RelatedIn my firewall I have these ports open:
21
143
110
[code]...
I forwarded ports 28900(TCP/UDP) and 5029(UDP) to my linux box for a game. Testing my ports with a website now shows these ports as "connection refused" rather than "timeout" which means the connections are getting to my system but the iptables are blocking them. But I added 28900 as a test and it still won't accept anything on this port. This is my output of iptables -L
root@BPC3:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:28900
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:28900
What do I need to do exactly to add exceptions for 28900 TCP/UDP and 5029 UDP?
I need to ensure ports 6112 through 6119 are open. I tried using Firestarter to do this, but when I search for what ports are open, it says none of them are. I use Ubuntu 9.04.
View 1 Replies View RelatedI'm trying to set up an SSH connection from my school to my home, but not on port 22. I originally tried port 2222, but it didn't work. I called my school IT people and they said they block that port. I asked if they care if I set up an SSH and they said no, but that they wouldn't tell me which ports are blocked and which are open for "security" reasons (which I guess I can actually understand). They suggested just using port 22 or 222, but said if a ports open I can use it.
My question is, can I check ports without setting up SSH? It seems like a hassle to try a different port every day on my home SSHD file, come to school, see if it works and repeat. Is there a way I can check my computer home for connections that could connect, even if there isn't a service listening? I don't know how to do that, or even if its possible. If not, I suspect I'll just try a few until I find something that works, or just go ahead and use 22.
World of Warcraft requires that TCP Ports 1119, 1120 and 3724 are forwarded. The Blizzard Downloader requires that TCP ports 3724, 1119, 4000, 6112, 6113 and 6114 are forwarded. It can also benefit from having ports 6881 through 6999 forwarded. The World of Warcraft Voice Chat feature uses UDP Port 3724.
i use the hotspot feature to play warcraft and i am running ubuntu 10.10 ... i need to forward these ports ... any way to easily download an app to configure the phone like you would a router? its probably easy i just cant find it.