To get my Thunderbird email to work and to do FTP to my website I have to use TERMINAL and enter the following code in Root;
iptables -F
At one point weeks ago I got Gufw and I don't remember if that had any effect.
I've got two routers, 10.0.0.0/23 and 192.168.2.0/24, which are joined by a Linux box with interfaces eth0 (10.0.0.2) and ra0 (192.168.2.2). I've got masquerading for ra0, and a route to 192.168.2.0/24 on 10.0.0.0's router. I CAN ping hosts on 192.168.2.0 from 10.0.0.0 just fine, but I CANNOT access web pages.Strangely, If I enable masquerading on eth0, and add a route to 192.168.2.0s router to 10.0.0.0, I can ping AND access web pages from 192.168.2.0Here is my current iptables
Code:
*filter
:INPUT ACCEPT [0:0]
[code]...
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
I'm trying to open port 8080 on my application server. I've included it in my iptables; however I still cannot access through ssh nor putty and it doesn't show up when I netstat either.Here is my iptables-config:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -s xxx.xx.x.0/24 -j ACCEPT
[code].....
ok so i ran into a problem, im using web min to access my server, and im setting up postfix and, dovecot first problem is i want to be able to access my email account from a web page, with log in, so my question is how can i do that?
View 1 Replies View RelatedI have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
i ran this
Code:
iptables -N rate-limit
iptables -A rate-limit -p tcp -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 3 -j RETURN
iptables -A rate-limit -j DROP
iptables -I INPUT 1 -p tcp --dport 22 -j rate-limit
i am no longer able to ssh in to the machine , how can i reset iptables and firestarted back to default?
i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?
View 7 Replies View RelatedI've recently moved from Firestarter to UFW/GUFW, and I wonder if someone could confirm if my iptables configuration is secure.
When I enter sudo iptables -L i get:
Code:
eth1 has connection to the net via gateway ..eth0 on the same machine has users on a intranet and needs access to the internet, i need to allow internet connection and prevent packets which logically originate from the internet getting into the intranet
View 1 Replies View RelatedInstalling a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.
View 2 Replies View RelatedCan I have both ufw and iptables running together? My server is currently using ufw, if I add an iptables rule will it have any effect?
View 6 Replies View RelatedI suspect this is one of these questions from Window users who see something different in Ubuntu.
My understanding is that the Ubuntu firewall (iptables) is always on. However, the GUI client (firestarter) shows this more obviously.
I suppose I am used to ZoneAlarm in XP where everything was displayed more obviously.
So, iptables in not automatically displayed, but is working, right?
see many threads / websites about how to configure iptables. They say if you use these
rules it will allow http traffic. But they don't work. I like to deny all then allow specific ports open for traffic.So far I tried the script to flush and update my iptables rules, trying to open port 80 and 53 for http and DNS traffic:(I made the script executable, with $ iptables -L -v I can see that the rules are changed after I run the script. )
Code:
#! /bin/bash
iptables -P INPUT DROP
[code]...
I'm running Ubuntu 10.04 LTS as a VM in Hyper-V, and accessing it via VNC with a machine in the same broadcast domain. I'm using OpenVPN to connect to XeroBank. I have instructions for configuring iptables to permit establishing and using the XeroBank connection, while blocking all other traffic on eth0. I've followed them successfully. I need to also permit the VNC connection, and haven't managed that. FWIW, the VM is at 192.168.111.12::5900 and the workstation is 192.168.111.2.
The attachment to this post lists the recommended contents for each Shorewall file. Which files need changed, and what do I add to each?
i opened access to [URL](without port limit) in iptables to let my systems to update mcafee, but still get unable to download in mcafee update log.
i have another ip that tried to connect via port 21 on those machines, but the ip is not belongs to [URL], is this possible thats redirecting?
I typed this into the command line:sudo iptables -A INPUT -p tcp --dport 80 -m time --timestart 12:00:00 --timestop 23:59:59 --days Sat, Sun -j ACCEPTI get this error:iptables v1.4.4: unknown option '--days'How do I do something similar above in which I allow the internet to start at 12 o clock on Saturdays and Sundays
View 4 Replies View RelatedI've recently installed 10.10 server edition, and I must say it was a pleasant suprise, it's just the way I like it. I use it as a squeezebox-server. But I've run into a problem with the firewall. I did a portscan, which told me there are more ports open then I've told UFW to open. Among which port 25 and 119, when I telnet from another PC to those ports, the connection gets accepted, although there is no answer to any commands (as expected, there's no mail server running). Iptables print-outs also don't mention anything about the respective ports or a daemon that could be responsable, and the same applies to "ps -e" or "ps aux".
Iptables seems to be working, when I remove the rules to allow samba to work, I can't reach the shares, and when I insert them again I can reach the shares. "sudo ufw deny from any" as last rule doesn't change anything either (deny incoming is default (although I never issued the command "ufw status verbose" says it is) so it shouldn't, but ports 25 and 119 shouldn't be open either).
Rather than use pfsense, etc I decided to create my own router/proxy etc based on an atom base with 2 nics.Proxy/routing/dns/etc all working fine, I now though want to lockdown the fw rules.ETH1 is the WAN NICETH2 is the LAN NICI'm guessing i want to allow anything out of ETH1, but only allow incoming to ETH1 when its established or related... What about ETH2 though? Any ideas pls? Am used to configuring iptables on single nic, certainly not a router.
Code:
Chain INPUT (policy ACCEPT 18535 packets, 10M bytes)
pkts bytes target prot opt in out source destination
[code]....
i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:
Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle
[code]....
can anyone advise the best practice of installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
View 2 Replies View RelatedI'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
what do the following two commands do? Do they modify the iptables rules in any way?
sudo /sbin/iptables -L -n
sudo /sbin/ip6tables -L -n
i want to view my iptables log on web interface, with chart (in option, but this is not my priority).
View 1 Replies View RelatedI have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
ps: I got the rules from that website: [URL]
I am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
View 1 Replies View RelatedI have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
My resolv.conf file lists:
nameserver 127.0.0.1
nameserver DNS-server
Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
I have a problem with iptables, when I execute
[code]....
