Ubuntu Networking :: No Incoming Connections When Firewalls Disabled?
Mar 13, 2010
I'm using Linux Mint 8 KDE, which is essentially kubuntu karmic.
Been trying to set up bittorrent (tried several different apps), have followed all the usual steps, forwarded ports on both Guarddog and my router, but still no incoming connections. Then tried disabling the firewall in Guarddog - still no incoming connections. Never had any problems configuring my router before so can only think that there must be something else blocking ports in linux other than iptables.Also had same problem just using ufw and gufw
I have a bunch of Ubuntu boxes on one subnet, 192.168.1.0. I have a Windows 7 box on another subnet, 192.168.2.0. I am able to ping and SSH to all servers on the .1 subnet except for one server, which I will call PITA. I will attempt to SSH to PITA, and it won't respond, nor does it respond to pings. I will the SSH to PITA from another of the test servers, successfully connect, and then when I SSH from my Windows 7 machine I can connect successfully. If I first connect via console to PITA and send some pings out (to anywhere, like 4.2.2.2), I can also connect from my Windows 7 machine. I've never seen anything like this.
One of the weird things is that I used PITA to create an image that I then used to create many of the other test servers, and they work fine, so I'm not sure what the problem is. I've checked /var/log/messages and syslog and there's nothing in them that indicates a problem. I've rebooted this server, restarted SSH, changed the IP in case it was conflicting with something else, forced an ARP update in case it was cached (since I had bonded the interfaces), cleared the ARP cache on my own machine, verified Network Manager is not installed...and I still have this issue.
Here are some network-related config:
/etc/network/interfaces
Quote:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface
have a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
I have a laptop and a Desktop both systems only used by myself behind a router. Ubuntu Lucid on both and 64 bit systems. I have installed NFS with the desktop as server and Laptop as client. The NFS only works with the firewalls (UFW) disabled on both machines. My current setup on the desktop ufw is
I'm having problems with hackers from across the globe trying to get into our servers. Why? i have no clue. nothing of value in my servers worth getting.
Right now my service only does business with USA. So I'm trying to find a way to block all Non USA traffic. I called my hosting provider and they are unable to help. Said it was up to me to do this.
Well I've already taken care of the TCP Wrappers. by spawning a small C program i made that uses MaxMind's GeoIP system. to automatically deny access. Now i need to do something about all the other network connections that come in to services that do not use the TCP wrappers.
So i was wondering if IPTABLES have a way to spawn a sub proccess like TCP wrappers or if there was any other firewall software out there for linux that would let me achieve my goal.
I need some suggestions on software. I would like to offer remote desktop support to some of our clients, but some of them are using ISP's that block incoming connections so, VNC is out of the question. I was wondering if there is something similar to logmein for ubuntu?
Its been really bugging me that whenever I scan my connection with wireshark I see this one person sending me a SYN packet every minute on port 445. I know this is the dangerous port that the Conficker worm travels along. So far my computer seems to be immune and I know, at least on the Linux side that I can just add a rule to my ip tables to block that port indefinitely. I want to know what the next step is.
This is one of the packet captures I am getting. After sending me this and getting no reply, all of a sudden he goes up an ip. Basically this would be the pseudocode for what it looks like hes doing on my end.
while(1){ for(int i = 1; i != 255; i++){ send_connection_attempt("XX.XX.XX." + i); } }
To me this looks like this guy has hijacked a computer and is using it to run a script over. He is still scanning my network as I said earlier, what should I do? Should I contact my ISP? or just nail down the hatches and make sure nothing is exposed on my network?
I'm trying to follow the instructions here: [URL] but I'm struggling with point 2 & 3:
Quote:
2. If you have previously reconfigured the firewall on your PC, make sure the firewall allows incoming connections on port 22 from anywhere, and on port 5900 from localhost (also known as 127.0.0.1)
3. If your PC is behind a home router, or any other device that uses NAT, configure your router to send connection attempts on port 22 (but not port 5900) to your PC
So my questions are:
1. I installed a fresh version of Ubuntu 11.4, should I be concerned about step 2? If so, how can I allow incoming connections on port 22 from anywhere, and on port 5900 from localhost?
2. Regarding step 3, I'm using NETGEAR model DGN1000 router. Is that something that I should do from the router's setting page or it's some commands that I should pass through SSH?
incoming connections are not being reported to my /var/log/secure. I can't see if people are trying to connect. I can't troubleshoot because I can't do anything.
I want to allow 100 incoming connections to my linux server running smtp. I know that tcpserver -c will set the limit of allowed incoming connections, but how can I tell what the currently set limit is?
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535 code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
I am having following problem. If I try to change my SMB password, it throws following error >
Quote: ~>smbpasswd Old SMB password: New SMB password: Retype new SMB password: Server did not provide 'target information', required for NTLMv2 rpc_pipe_bind: rpc_send_auth_reply failed. machine 127.0.0.1 does not support SAMR connections, but LANMAN password changed are disabled Failed to change password for user1
My laptop has become very sluggish. So I loaded firestarter firewall. It is reporting loads of incoming UDP traffic. I only use this machine for Skype and Firefox based work as most of my stuff is kept on the cloud. Is it safe to stop all this UDP traffic? It would free up my CPU I guess. It seems port 56095 is getting hammered.
I am running the latest ubuntu. Sometimes it randomly stops accepting ssh connections, afp/smb connections, and even stops responding to pinging. It is connected via WIFI.
I go over to the desktop and use the browser, and the internet still works fine. Then after a while, it starts accepting incoming traffic again.
I'm new to Ubuntu and Linux and still trying to figure things out. Are UFW and iptables the same, or are they two different firewalls? The reason I ask this is that I can load up Firestarter, (which, from what I've read controls iptables), then go into a terminal mode and run "ufw status", and it shows disabled. What I'm ultimately trying to do is to open up a port so Vuze and/or Transmission Bitorrent will work, but have not had any success.
I'd like to find some sort of program which can tell me how much incoming data I've had in the last 24 hours. It goes by hours, not by days, but anything that's simple and that can display this will do. Is there any sort of program that does this? Something that would fit well with Ubuntu's style wouldn't hurt, but I'm not that worried about it as long as it does the job.
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
I have a router which makes two ppp connections. PPP0 is my default route and is an uncapped ADSL. PPP1 is a Local Only (South Africa) account which has DNS resolving to its IP. PPP1 allows certain connections in. I want all packets coming in on PPP1 to be marked so that after they have been routed through our local servers they can go back out over PPP1. Both connections use dynamically assigned ip addresses. I want to use PPP0 to make a connection to one of our stores, but when our stores connect to us they will be using PPP1. All packets from these incoming connections will need to be routed back over PPP1.
I have a iptable as firewall, I want to open incoming of port 8080 so I use "# Allow forwarding of incoming Port 8080 traffic" but it didn't work? how can I open just incoming of port 8080?
I'm using postfix on Ubuntu 9.10 and all I need is to occasionally send automated emails from perl or php scripts when data processing errors occur. In other words, I want to reject any connection attempts from remote clients and otherwise allow nothing except outgoing emails from one particular account.f I add this line to the default main.cf, will it do the trick or is it more complicated?
Pinging out from my netbook (over wifi, to any host) gets ~0% packet loss. Pinging into it (from any host) gets about 50% packet loss.
The router is a Dlink-DIR615 (rev d, running DD-WRT v24-sp2) but all other hosts on it ping eachother fine. I've tried changing routing, disabling IPv6, using older kernels and using wicd, all with no luck. The wireless connections is at 100% most of the time. This could be a new problem with Maverick, but I may not have noticed it before. I believe this is causing web browsing to be really slow and causing SSH timeouts.
I haven't tried madwifi drivers or nsidwrapper yet.
Edit: just booted into Windows and it has the same problem. Could it be a hardware issue? Also tried with a static IP, with no change.
Strangely, a normal ping gets 50% packet loss, but ping -A gets < 1% loss.
Edit 2: no packet loss at all on eth0.
Code: # uname -a Linux hulbert-laptop 2.6.35-23-generic #36-Ubuntu SMP Tue Oct 26 17:03:18 UTC 2010 i686 GNU/Linux Code: # ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:25:d3:1a:bc:4b inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::225:d3ff:fe1a:bc4b/64 Scope:Link
assist me in using the iptables firewall to block all incoming mail traffic (SMTP port 25) except that of a certain IP(s)? the situation is that we have a server that we only want to receive mail from a particular sender.
