Ubuntu Networking :: Server Blocking SSH From Work Network
Feb 2, 2010
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
Today I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux. From the same PC I can send and receive email, I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro
I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route.. Could this be a problem with /etc/resolve.conf?
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings. MS Gold partners are so nice...
I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux.
From the same PC I can send and receive email,I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route...
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings.
I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:
1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying. 2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:
I'm having mysterious wired network problem with my Karmic/9.10 machine. It hasn't been in network a while, but now I finally got the cabling done. I can't get the IP from dhcp server (TW-EA510), and static settings doesn't work either. Fresh cabling showed OK 1Gb connection on tester, and win7 laptop works fine. I even tried with long cable though the rooms, but it doesn't help, so it definately isn't the new cabling.
Log from the router after issuing #"dhclient": Feb 16 23:01:43 DHCP SERVER: DHCPDISCOVER from 00:01:29:fb:c5:d1 via br0 Feb 16 23:01:43 DHCP SERVER: DHCP offer to 00:01:29:fb:c5:d1 Feb 16 23:01:49 DHCP SERVER: DHCP request from 00:1b:ea:c8:a0:ba Feb 16 23:01:49 DHCP SERVER: DHCP ack to 00:1b:ea:c8:a0:ba Feb 16 23:01:54 DHCP SERVER: DHCPDISCOVER from 00:01:29:fb:c5:d1 via br0 Feb 16 23:01:54 DHCP SERVER: DHCP offer to 00:01:29:fb:c5:d1 Feb 16 23:02:03 DHCP SERVER: DHCPDISCOVER from 00:01:29:fb:c5:d1 via br0 [Code]....
Motherboard is some old Lanparty with two ethernet ports, NVidia CK804 and Marvell 88E800 rev 13 Gigabit netwok adapters, neither of them works. At least another of them has been worked earlier when I last got it wired. It's been a while, so I'm not sure which one of them and with different router if that matters.
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
Currently my office use a Cisco Firewall which will only allow the ANYCONNECT utility to do the vpn connection. I found a Linux utility (OpenConnect) which will do the same thing, but allow me more flexibility with my networking needs.What I ultimately would like to have is to have a switch that I can connect any network device into it and be connected to the office. IE (my IP Work Phone and Computer) Currently I have is a computer with fedora 13 and two network cards eth0 (home network - connected to a router) and eth1 which I would like to connect a switch to. OpenConnect communicates fine and I can see the work network from the Fedora machine. It creates a vpn0 tun/tap device and I don't know how to pass communication to/from the eth1 device.
Do I try to iptables the ports for the phone and services I need on the computer? Or do I build bridge; and If I do what am I bridging. I have tried making a bridge from eth1 to vpn0 which reply's with unsupported device or something like that.Unfortunately my network skills are bit limited and my office says "it can't be done". Their solution is for me to buy a ASA5505 (or something device) and have a static IP. I would have to make it work as my router and even then it will only DHCP 10 ip addresses; which will cause a shortage of IP addresses in the house.
I'm trying to block outgoing ICMP made by "user". I have user named as "foobar" and he/she shouldnt have rights to use ICMP/ping.ipt_owner works fine when I'm blocking normal TCP/UDP stuff. User can only connect to DNS, WEB and SSH.But still, user can use ICMP
SuSE 10.0 X86 32 acting as my internet gateway and firewall.
eth0 is my internal interface network 192.168.0.0/24 IP 192.168.0.254 dsl0 is my internet connection and is a single ip PtP connection to my ISP.
My internal network is masquaraded onto the external network.
I run an smtp server on my gateway box that I need to be accessable to both the internal and external networks.
However I want to prevent machines on the internal network from establishing connections to external smtp servers, but still alow them to connect to the smtp server on the gateway to send email.
NOTE I do not want to force attempts to connect to [URL] 25 to be re-directed to my internal server I just want to drop or reject the connection.
The firewall up until now has just been configured through YaST, but am not afraid to edit script files if needed
The reason for doing this it to prevent spambots from being able to send through my isp, I keep my own machines clean but sometimes get asked to disinfect machines for other people (family members etc), where I need to connect to the outside world to get updates/virus defs etc, but don't want them spamming from my network.
I've setup vnc over ssh tunnelling however the Suse firewall seems to be blocking it. On the local host I have this in ~/.ssh/config:LocalForward localhost:5900 remotehost.com:5900 The problem is that this only works when I either disable the firewall or add an exception for VNC. Both of these actions defeat the whole purpose of ssh tunnelling since they leave my VNC port open to the outside world (very insecure).
My home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
Code:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 95.91.92.92 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
I have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
Printer is connected via USB to server PC running OpenSUSE 11.1 Client PCs are running 11.1, XP, Vista No problem printing from the Windoze machines
Printing is trouble free with the 11.1 client's firewall disabled, but no printer is available with firewall running.
In hopes of diagnosing the problem I figured I'd open everything I could think of until the printer remained available with the firewall running. Then I planned to start removing exceptions one at a time 'til removing one caused the printer to disappear.
I've gone to Yast>Security and Users>Firewall>Allowed Services>External Zone and tried addingSamba Server NetBIOS server Samba Client Samba Server VNC
We are switching from an uncapped 512kb line to a 4MB line at the office... One catch though. The 4MB line will only be linked to a 30GB account, without the option to top up. I therefore have been asked to put something in place to regulate what the staff download at work. Basically block movie, music and torrent downloads should be sufficient, but they would also like to have a list of where staff have been in case of abuse. I have tried OpenDNS in the past, but the guys took great delight in getting around this, and did it within minutes... I can't enter a proxy setting into their browsers, because they all have local admin rights on their Windows boxes and will just disable that. How do I do this on a server level, so that they can't get around this?
I have a remote network that I manage consisting of a DLink DFL-210 firewall/router, and behind that a Dell server running openSUSE 11.2 and a collection of Windows XP/Vista/7 computers.
The Linux box is running OpenVPN as a server (that is how I connect to this network) and a client (it connects to a second server - running XP - at a different location).
The DLink router is the DHCP server and provides addresses on the 192.168.51.0/24 network. The OpenVPN server provides the 10.8.51.0/24 address range.
The remote network that the Linux box connects to is 192.168.54.0/24 via the OpenVPN network 10.8.54.0/24.
I have added routes to the DLink router to route all traffic to the 10.8.51.0/24 and 192.168.54.0/24 networks to the Linux box.
With SUSEFirewall turned off, after I have connected via OpenVPN from my remote computer I can ping all active 192.168.51.0/24 addresses. Other computers on the 192.168.51.0/24 network can ping computers on the 192.168.54.0/24 network. But if I turn on SUSEFirewall, neither of these work. However, I can ping 10.8.54.1 from any computer on the 192.168.51.0/24 network.
How can I set up SUSEFirewall to allow these networks to communicate with eachother?
I obviously a noob to Suse but after installing 11.4, and filezilla, i cant connect to my ftp server. Ive opened ports 21 22 and 990 explicitly in the firewall and all I get is a 425 error Cant Retrieve Directory Listing. It logs me in ok but doesnt allow data connections?
I've a CentOS Box with no control panel.. I used to manage it via SSH. Any way, I've installed CSF/LFD on it.. and it seemed to be working just fine. The only problem I've encountered is that when I start and enable CSF, messages and emails keeps stocked in the mail queue.. I've double checked and made sure needed ports are opined.. But, I still have the problem.
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
I configured squid in oracle enterprise linux 5.I want to block skype access.i configured the following to block skype.but it is not blocking.acl skype_blocking urlpath_regex [0-9]+.[0-9]+.[0-9]+.[0-9]+ http_access deny skype_blocking
How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
My Pastebin for .HTACCESSIf you can offer any tips on improvements..but the main reason: I cannot get the bots to stop showing up.Esp the first one in the list.I need to block these two specifically
Code: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 &
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
My MailScanner running on CentOs is blocking docx files, saying "The original e-mail attachment "****.docx" is on the list of unacceptable attachments for this site and has been replaced by this warning message.
I've tried adding it the list of allowed files:
/etc/MailScanner/filename.rules.conf:
allow .docx$ - -
but it still blocks them.
I've also tried manually coping the message file from the /var/spool/MailScanner quarantine/ directory into /var/spool/postfix/incoming
but this did not result in the mail being delivered.
I desperately need these mails released, and docx files to be allowed unconditionally. Anyone know why the above isn't working? Failing that, can all file blocking be turned off? I'd rather have virus relayed than legitimate mails blocked.
I have these ACLS for video streaming like ..... & onilne tv channles. But they are also blocking downloading exe,rar,and other software connectivity like TeamViewer. What acl are bsically blocking my downloading of exes and rar files and teamviewr connectivity .
