Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
View 2 RepliesI might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.
Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0
i am running a ad hoc wifi service from my laptop to share my internet connection with my other laptop
i am also running mobloqer on the first laptop.
but when i try to access internet in my other laptop, i cant do it unless i disable mobloquer in the first laptop,
but with mobloquer switched on(in the first laptop), i can use utorrent on the second laptop but cant browse any websites (using firefox or chrome !)
first laptop is running ubuntu 10.10 second laptop is running win xp sp2
i want to allow internet access in the second laptop while mobloquer is running on the first laptop, is it possible to do so ?
I want to block all the outgoing ssh form my machine, i.e my machine will not be able to ssh to any outside machine using iptables. The distro is RHEL, I added the following entry in the iptables but unfortunately it didnt worked, -A OUTPUT -p tcp -m tcp --dport 22 -j DROP
View 13 Replies View RelatedI have a ubuntu 10.04 dedicated server that I am having problems with. It intermittently cannot connect to any other servers outside its network.
Code:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7008ms
(I have tried a bunch of other ips too and none outside its network are pingable) I'm not sure if this is a problem with my server or a problem with the networking outside the server. I have been emailing my server provider and they keep on insisting the problem is with the server and that their network is working fine. Apparently all of their other servers work and they can login into the gateway and ping 8.8.8.8 from there. So they just want to reinstall the OS, but I thought I'd post here to see if anyone has any ideas.
Here is some info I have gained while troubleshooting: I haven't changed any settings at all on the server for months. I haven't done any updates for about a week. The strangest thing is that this is intermittent, there have been a few times in the last 24 hours where I have been able to ping 8.8.8.8 or other ips, but 98% of the time I can't. I have also tried rebooting the server, which had no effect. I can ping the gateway, and I can ping other servers on the same subnet. I can ssh onto the server from my home internet connection, and I can view webpages on apache, so incoming connections work.
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
View 1 Replies View RelatedI am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedOk so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
View 6 Replies View RelatedMy home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
Code:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 95.91.92.92 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
I need to write program for non blocking socket connections.I have made extensive research but could only get to non blocking READ or WRITE after the connection is established. run the program do a series of tasks (ex: counter printing time on screen) if there is request for connection, connect send or receive data.
View 1 Replies View RelatedAs too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
View 3 Replies View RelatedI have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
View 6 Replies View RelatedI open this thread after an unsuccessful long search over the Web. Essentially what I want is to block the outgoing connection of a program. All I know about this program is its name and so I don't have any information regarding the ports it utilizes or the address it may contact.
View 9 Replies View RelatedI can see what Firestarter is blocking in the Firestarter/Events tab, but after reading all the man pages of UFW, I still don't know how to check what the UFW is blocking.
View 9 Replies View RelatedAfter reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.
[Code]...
im having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.
[Code].....
I have the default to deny all. The only rule I have in there is:
Code:
To Action From
-- ------ ----
[code]....
I have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)
View 2 Replies View RelatedI've been using Deny Hosts for a couple of years now without trouble. My router forwards SSH calls to host tock on my LAN. My router's internet hostname is michigan. I keep an svn repository on tock and access it through michigan. In this way I can update my repository when I'm at home or away.Just today, however, whenever I try any ssh to michigan, I get a closed connection and find michigan in my hosts.deny file. I delete it, make a successful connection, but then on my next attempt - there I am in the hosts.deny file again.
I've worked around it by putting michigan into my hosts.allow file, but I would really like to know what's going on. I've configured Hosts Deny to lock out IPs after three failed attempts, but it is locking out michigan after one successful connection.
Is possible blocking web with content for adults with iptables?
View 3 Replies View RelatedWhere I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.
I went into the SeLinux GUI and enabled things in there but still it wont work.
Any thoughts on what to check?
permissive mode and disabled they work
I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working
ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd
[Code].....
I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.
View 2 Replies View RelatedIn fedora 12 how can i configure the system such that a particular user can browse only selected web sites.
View 9 Replies View RelatedI want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.
And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?
Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...
Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?
I'm assuming that the following should block the complete 178.123.xxx.xxx address range.
Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.
Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.
Quote:
178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....
Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.
since I upgraded to F15 I noticed that "su -l" is very slow, it takes about 20sec before it gives the prompt. I traced it down to a problem with "xauth" as su asks for the authorization for the display running "xauth nlist :0" which times out with an error. Actually, the command "xauth nlist :0" by itself gives:
xauth: timeout in locking authority file /home/user/.kde/tmp-host.domain/xauth-200-_0
If I put SELinux in permissive mode both command work without problem so I suppose SEL is the problem. I checked the permissions and settings of the file which is "unconfined_u:object_r:config_home_t:s0" but I have no idea if this is the right value, running "restorecon" on the file, directory or the whole /home/user didn't change anything.
I would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?