Ubuntu Networking :: Set Iptable Rules And Access Superuser Permission From Web-based?
Mar 30, 2010
wrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?
View 2 Replies
ADVERTISEMENT
Oct 14, 2010
Is there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.
View 1 Replies
View Related
Feb 9, 2011
Explain the following iptable rules for me?
I understand 1 and 2, 1 creates the new syn_flood chain and 2 redirects all SYN requests to the new syn_flood chain.
I'm having trouble understanding 3 and 4. can someone explain to me in laymen terms the --limit 1/s and --limit-burst 3?
View 2 Replies
View Related
Aug 6, 2010
How would you remove all iptable rules and chains?
View 2 Replies
View Related
Sep 12, 2010
I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?
View 3 Replies
View Related
Jan 27, 2011
I have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:
iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT
View 1 Replies
View Related
Jun 22, 2011
I recently set up a ftp server in my house running a dyndns service so I can get to it from the outside. I called my isp to get some help in setting up the router to forward port 21 from the outside to that box, and in short we had some problems. Long story short, they ended up bypassing the router itself, and now the line running to the box is its own fixed external ip. Naturally I want a pretty darn good iptables setup for this. The box runs proftpd and so far my iptables only accepts local loopback and port-21. (I left port 80 closed as its only purpose is to be a standalone ftp server) But I know there must be a safer rule for port 21, as right now its just wide open. Anyone have any ideas on how to make this a bit safer? Also would that command be fine for any of the linux machines im connecting to it from the outside too?
View 3 Replies
View Related
Jul 16, 2011
I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.
Code:
what do you think about the new rules and their order?
View 5 Replies
View Related
Feb 22, 2011
I'm trying to set up a firewall at the moment that allows access to my custom SSH port from only my friend's url (they have a static url but dynamic IP). I find iptables a bit of a nightmare and was hoping to use UFW for most of my day to day firewall maintenance and just make a few extra iptable rules to cover exceptional circumstances like this. Fortunately it seems UFW allows this with /etc/ufw/before.rules and /etc/ufw/after.rules. So at the moment I'm just trying to get the basic iptables rules right. As I say I'm not very good with iptables, does this look right?
Code:
## Drop Default SSH port access With Logging
iptables -N SSH_DEFAULT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_DEFAULT
[code].....
View 14 Replies
View Related
Apr 17, 2010
I am having a Xen server xend daemon is taking care of giving interface names like vif1.0 or vif0.2 to the connected guest operating systems on it.I can not save the current IPTABLE rules since upon reboot the xend daemon gives different names to virtual ethernet interfaces i.e. vif1.0 or vif3.0 or vif9.0 like that.I have some rules that I want to be active upon subsequent reboots and not all.Say for example an SSH to external server at port 8000 should forward the request to a machine on LAN.Which I have done by port forwarding from IPTABLES.So I need to save some rules.I was thinking to make a script which on reboot activates those rules.
I am not clear on where to do that.I came across internet and found /etc/network/if-up.d/I am not clear with this directory my question is if I make a scrip which has IPTABLE rules as I want and save it in above folder will it work. I am not clear with what is /etc/network/if-up.dfor.Suppose my logic is wrong then how should I go for it.Also I want to know does a protocol uses two port to make a connection.I have forgotten that thing,i.e if I run an SMTP or ssh then do they use port 22 and 23 both in case of ssh or 25 and 26 both for SMTP like that or just specifying the rules for one port will be enough.I tested these rules in a secure environment where i had disabled firewall and ssh forwarding on router worked well
View 4 Replies
View Related
Mar 25, 2010
Seems like this should be a simple question, but I've looked around and have not found an obvious location to keep custom policy based routing rules in Ubuntu./etc/network/if-up.d comes to mind, but I was wondering is that was a "standard" spot. Also it doesn't seem like these rules really need to run each time an interface is up'ed or down'ed.
View 4 Replies
View Related
Jun 13, 2010
i have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
View 5 Replies
View Related
Jul 29, 2011
I have never set up any other password, yet I'm asked for Root password and therefore locked out from superuser.This is my own personal computer at home and there is no other O/S installed.My password works for almost anything else I've needed it for so far but I can't install my printer driver, or access su, or any of its other related privileges
View 5 Replies
View Related
Jan 12, 2011
I can connect to the Internet. I can not access gmail or yahoo mail. It doesn't matter what browser I use.
If I switch to a wired connection, I can access gmail. Other wireless networks work fine.
MY router is a Belkin N, but it allows me to access other sites. The settings seem pretty vanilla, not different than wireless routers where I can access gmail.
View 2 Replies
View Related
Apr 3, 2010
my linux box the device node for my printer is by default setup as the following: crw-rw---- 1 root lp 189, 1 Apr 3 07:45 /dev/bus/usb/001/002 This causes cups to not print at all. The Hp backend (HPLIP) fails because of these permissions. How do I change it so that it's crw-rw--rw 1 root lp 189, 1 Apr 3 07:45 /dev/bus/usb/001/002. Ie I would like 666 file permission on that node.
View 2 Replies
View Related
Aug 29, 2010
I have a Linux Box running Fedora 13, it has Samba installed, and I have configured it, I also have a Windoze 7 PC, I want to be able to access the Windoze PC's files from my Linux Box, and vice versa, but when I try to open the Windoze PC in the network on my Linux Box, it asks for my Username and Password, I enter them, the box goes away then pops back up asking for them again... and on the Windoze PC, I find my Linux on the network, open it, it asks for my username and password, I enter them, and it lets me in, but then when I try opening my shared folder, it gives me: "You do not have permission to access \LINUX Shared Folder. Contact your network administrator to request access".
View 1 Replies
View Related
Jan 20, 2011
I am trying to create an intranet that will serve about 100 clients. If it is possible, I would like it to be set that anyone on the intranet would be able to type helpdeskin their browser bar and be taken to the intranet site. I have Webmin and there are just too many options to figure out how to do this. They may as well have written it in Chinese. File server? Email? Impossible.
I can get to the intranet locally by typing in the local IP, but no one wants to remember numbers.
Then, I need to get that intranet accessible via the internet. A domain name has already been purchased and our cable company has assigned us 5 static IPs. The issue here is getting the IP to link up with the server. The intranet has to be configured in such a way that it can be administered remotely. Again, with Webmin, I am clueless. I was going to try to use ISPConfig, but seeing as how you have to pay for the install directions
View 9 Replies
View Related
Jul 1, 2010
I installed samba server in my external HDD. But it is not shown in system ----> Administration. Is there any problem. Then How to give permission to access home folder.
View 3 Replies
View Related
Nov 9, 2009
Fedora 11, new install from live cd newest nomachine free server and client for linux fedora server to fedora/windows clients connection. I cant use most superuser programs in gnome, when logging in with nomachine. I can start a program like "add/remove software" and search for the software and get results. It can search for dependencies, but when i push "install", the "files that will be installed" window just closes, and I get back to the main window. Nothing gets installed.
This is the behavior in most such programs. I kind of get the feeling that these programs are either ignoring su actions, or trying to display the "autorization request" or password window locally. Also, when selinux stops something, and i get a star up in the right corner, I can't "show" the message. It just closes the bubble and goes on with its business. I just installed fedora over ubuntu. Ubuntu behaved like i wanted it to in this regard, giving me the power to install and change stuff, and displaying the password request every time it felt the need to. I don't want to go back to ubuntu.
I can ofc ssh into the server, and use yum and such. But i don't want to if i can get away with it. I don't care about the security issue. I have a fairly good fw/router and only one idiot user (me), and he can blame himself when his surfing lets the bad guys inside. So, what i want is to do administrative tasks via nomachine.
View 2 Replies
View Related
Feb 9, 2010
Have no idea what I am doing operating a server. Our programmer got a new job and I am the one who has to take it over. Everything was fine til yesterday. You see I made a control panel to easier update the site www(dot)discoverysound(dot)com
but yesterday when I went to update the site I got an error called fopen. I thought I fixed it (and boy did I ever) but now I cannot get to my site because it says Forbidden You don't have permission to access / on this server. Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7a DAV/2 PHP/4.3.3RC4-dev Server at www(dot)discoverysound(dot)comPort 80.
View 2 Replies
View Related
Jan 20, 2011
I'm curious but recently I was troubleshooting some iptables rules to allow nfs clients access to my nfs server. What was strange was that I setup a tcpdump session on my nfs server so that I can see which ports were being requested. I ran several tcpdump sessions with the following filters in place.
tcpdump -vv src ip_of_client and dst _ip_of_client
tcpdump -vv src hostname_of_client and dst hostname_of_client
However, the only packet I ever saw come over the wire to me was the client host asking for a arp resolution. Anyhow, I finally just ran 'rcpinfo -p' and added those ports to my iptables rules and it worked great. However, I would like to understand how nfs works in case I need to troubleshoot it in the future. I do understand that nfs uses portmappers, would this explain the behavior?
View 1 Replies
View Related
May 12, 2010
i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies
View Related
Oct 7, 2010
The superuser will get a mail about the system memory free status every minute after 9pm?
Which is Correct:
1. * 21 * * * free
2. * 21-0 * * * free
View 1 Replies
View Related
Feb 17, 2010
We have setup a Exchange server at remote location and while testing I am facing following issue:
1. While configuring Outlook, it's not able to reach the exchange server which hosted at third party and is reachable from everywhere except my Local Network.
My Local network is as following:
Local Lan On Private subnet - Gate+Firewall(Iptables) with two interfaces(private and pubic)with natting-Internet Connectivity.
Where as Exchange server is setup at a Data Center and accessible from internet.
I need to know that what all rules are required for user's to configure outlook with Exchange 2010.
Rest of the things are working fine (Internet connectivity, Exchange OWA access).
View 4 Replies
View Related
Mar 4, 2011
This is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
View 1 Replies
View Related
Feb 18, 2011
I want to know how to add (ports to open)in firewall using command or scriptor any ather method
View 4 Replies
View Related
Sep 16, 2010
Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
View 2 Replies
View Related
Jun 19, 2011
I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf
View 2 Replies
View Related
Dec 27, 2010
Here's my setup: Slackware 13.1 External IFace = eth0 / DHCP (assigned from comcast) Internal IFace = eth1 / 192.168.0.0/24 I've made it connect/authenticate, but I can't get anything to route through it..
[Code]...
Really wanting to try and get this setup to where all computers on my lan are forced through the VPN, i've tried most of all things I've googled, and no real luck.
View 1 Replies
View Related
Jun 3, 2010
My internet gateway is 192.168.1.1 with a 255.255.255.0 subnet mask. I have a router connected to it running ddwrt with an ip 192.168.2.1/24 creating a second subnet behind it. I have a tenant moving in that will be wirelessly connecting to the ddwrt router, so to the 192.168.2.0/24 subnet. What I am looking for is a rule that will pass internet traffic to and from this client, but restrict him access from the 192.168.1.0/24 subnet otherwise. The ddwrt router is connected to the 192.168.1.1 gateway through its wan port, btw. For example, the client would get an ip address of 192.168.2.100 wirelessly from the ddwrt router. I want him to be able to surf the internet through the 192.168.1.1 gateway, but not to have any other access to the 192.168.1.0/24 subnet (ideally not have access to ANYTHING besides the internet).
View 4 Replies
View Related
