Ubuntu Security :: Stopped Forwarding All Ports To Machine In Router
Mar 1, 2011
This morning I was looking at the router's log file and noticed a certain IP address was able to gain LAN access on port 2222. That just happens to be the port my SSH server is listening on! A whois search revealed that IP address is in Germany. As soon as I found this out I stopped forwarding all ports to this machine in my router.
how to tell what had happened, what information this person was able to obtain, and if he left any goodies behind that could hurt me? I've read through some of the logs on my computer and haven't been able to find much at all. I did have some personal information on the hard drives, but that information is encrypted. I'm thinking if they were able to get my SSH password then that information probably isn't safe either (assuming they have some of it).
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also. However, the only port that gets successfully forwarded is port 22. The other two appear closed. here is what the script looks like:
So unfortunately I live in a place that will not let me have a static IP, so I have been setting up access to my home computer via reverse SSH tunnels that run on an micro amazon ec2 instance. I have gotten SSH to work fine, but I cannot figure out port forwards.Here is a small infographic I made to help illustrate (i felt the question was clearer with a diagram of what I was trying to do. Here are the commands listed in the graphic:I the following on my home computer: ssh -R 1337:localhost:22 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddressand I run this on the ec2 server: ssh -L6600:localhost:6600 -Nf localhost -p 1337
Right now I have a VPS that I tunnel through using SSH/Putty/Proxycap. I use it for a certain program which uses a certain port X for authentication, and a different port Y for its data. However, due to certain security protocols I need port X to be somewhat "transparent" so that the IP from the originator will be shown - whilst tunneling data through port Y. The conditions though, are that I cannot just change the X/Y port values in the application itself, these are company specific.
How would I go about doing this? Because right now, my understanding is that if Putty calls for a certain application to go through a socks server, ALL its ports will be directed at that. I want a certain port to be passthrough.
I have logged into my router and set up port-forwarding on port 22. I can log into the machine fine from a machine on the local network using the machines internal IP but when I try to log on from a remote machine using my router's external IP or my DyDNS host-name I get a message saying "connection refused" or "connection timed out." I have configured port-forwarding on the router and the firewall rules says that port 22 is open but when I nmap my routers external ip it says that only port 23 and 80 are open. I am very new to linux and networking.
I have the wake on lan option enabled on my debian computer. If i wake it by sending:
-mac adres -internal ip in my home network -subnetmask -port 7
It all works fine, but when i try to do it from outside my network and change the ip address to the router adress it wont go on. I have also opened the port 7 in my router.
I'm trying to get my SSH server I set up on my home box working from behind a router. A 2wire 2700HG-B gateway, in fact. Now, I know my server is working fine, because I can get into it via loopback, anywhere inside the LAN from another machine, OR if I go into the router's config and enable DMZ for the machine. However, I don't like having DMZ on all the time because of the kludge-ness of it, and the security issue of the complete absence of a hardware firewall.If I try to port forward and access it from outside the LAN using the external IP (or my DynDNS, because it's dynamic), it just times out. I have a nonstandard port (45) for the listen port of the server, to keep away hack attempts if I were using the standard 22. I used this to see if the port was open, and it said it was. But, I tried the trick of telnetting the IP with that port, and it also timed out, instead of printing stuff about OpenSSH.
Attached is a screenie of my router's firewall page, so you all can look at it and see if I'm an idiot and doing it wrong. You might notice uTorrent there, it's because this machine is a dual-boot with 7, and the router doesn't differentiate the OS's. Also the SSH @ 46 port is for the Windows side, with freeSSHd. I changed the port on that one so the client I have can distinguish them, so it can run a reachability test.
I'm running suse 11.1 which is configured as a router. Configured are two DSL connections with static IP's and one LAN connection (3 NIC's all together).
Problem: suse firewall will only port forward connections from one of the DSL connections and not the other.
Because I'm running two DSL connections is there something special I have to turn on/enable on the firewall?
For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:
Code:
# /etc/network/interfaces # Loopback interface auto lo iface lo inet loopback
[code]....
From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:
Code:
iptables -A INPUT -j QUEUE And then to forward traffic, I did:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.
Say I have Computer A behind a router with NAT. I'm unable to add any port forwarding rules to that router. Then I have Computer B with a public IP address that I want to forward X windows from. This computer is headless, but does have a video card so X windows can be used. Here are some of the things I'd perform to setup my scenario.
1. Computer B, I'd run xhost + public_ip of NAT router. 2. Make sure that computer B's sshd service has X11 forwarding enabled. 3. SSH from Computer A to Computer B with the X windows forward option. 4. Once in Computer B, set the DISPLAY env variable to the public_ip of NAT router. 5. On Computer B run xclock.
At this point I'd expect to see an instance of xclock originating from Computer B onto my desktop. However this obviously won't work. The problem is that when the request is made to Computer B to forward the instance of xclock to Computer A the forwarded instance of xclock will get stuck at the NAT router. Without a port forwarding rule the NAT router will not know which internal IP to route the instance of xclock.
Here's my question. Is there any way for Computer A to initiate a connection to Computer B and then forward the instance of xclock? That way if it uses that same connection the NAT router will know which internal IP to route it to because it would be an active connection in the router's routing table. Or is there an alternative? Of course I can vnc into another computer outside the NAT network and then forward an X window to it just fine. But in the spirit of expanding my knowledge on X windows I'd like to see what is possible.
1. Need to connect 2 CCTV DVRs and view from remote. 2. Can get a static IP address. But I dont know if this is a secure way since any once can view if the know the ip address. 3. Question is : is it possible to connect the DVR( s) to a linux server which will get user name and password before letting us view the DVR. Currently there is one set as follows: 1. From location X a device is connected to location Y using leased line and static IP (12 kms distance). In location Y a router is placed and port forwarding is configured. From Location Z using internet and remote desktop concept the device at location X is viewed and data captured. Is it possible to use a similar concept but with some sort of security authentication procedure in place.
what I have: Belkin G Wireless Router Model F5D7234-4. To attempt to get Subsonic working, I changed the port forwarding settings (Belkin calls it Virtual Servers) to forward port 4040 to my desktop computer. I then saved changes, and my wireless disconnected. I waited about 3 minutes, and nothing was happening, so I restarted my router. This left me in the position that I am in now. Even when the router and modem are fully booted, the router does not broadcast my SSID. In addition, a wired connection will not connect to the network through the router. This leaves me completely unable to use wireless, and unable to change any settings in the router.
I've had Debian on my laptop for around 4 months which I rarely use. I'm using Squeeze since it seems to be the only release that will work with my ethernet card.The internet had been working fine for a couple of months but broke when I tried to allow port forwarding for torrents. I could only connect to the internet after this by using:
I have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
World of Warcraft requires that TCP Ports 1119, 1120 and 3724 are forwarded. The Blizzard Downloader requires that TCP ports 3724, 1119, 4000, 6112, 6113 and 6114 are forwarded. It can also benefit from having ports 6881 through 6999 forwarded. The World of Warcraft Voice Chat feature uses UDP Port 3724.
i use the hotspot feature to play warcraft and i am running ubuntu 10.10 ... i need to forward these ports ... any way to easily download an app to configure the phone like you would a router? its probably easy i just cant find it.
I've managed to confirm that I can reach my home network via ssh from a remote location through my SMC Barricade when it is directly connected to the desktop machine but when the second router is put back into the chain ssh requests time out. The second router is a Linksys WRT 54GL running the Tomato firmware. The chain looks like this: ISP's router (bridged) --> Barricade -->WRT54GL-->desktop
The Barricade has port 22 forwarded to the Linksys' WAN address and it in turn forwards to the desktop address. It appears that it is a setting on the Linksys firmware that is preventing the remote connection. I've looked through the various settings many times but cannot see anything that would cause the problem.
What will be the easiest way to ssh connect a VM on VirtualBox, exporting its desktop to host, while it is already running ? I found; Howto Access via ssh a Virtualbox Guest machine.
How do I automatically forward mail to a different user on a different machine in my LAN? I have been beating my head for several hours trying to accomplish this. I have sendmail configured as an MTA solely to receive system mail from daemons. For my personal mail I just use KMail and POP. I want all mail on any system in my LAN to forward mail to my office system, where my normal account can receive the messages. Although my office machine is powered on the most often, the box is not available 24/7.
So any other system that can't immediately forward mail should keep that mail queued as long as necessary. I have no problem forwarding root's mail on each local machine to a local user account on that same machine. I have been able to forward the mails but not the way I want. The mails get forwarded to the local /var/mail/me location rather than into the remote office machine /var/mail/me. Adding another alias in the local /etc/mail/aliases has no effect.
Creating ~/.forward in the local user's home directory also has no effect. Both efforts always result in the mails being forwarded to the local location rather than remote. I can send user-to-user email to and from any machine on my LAN. There are no network problems between any machine. Basic forwarding does work, just not to a remote machine at a different account. I won't pretend to know much about mail systems, let alone sendmail.
I am trying to run xeyes on a remote machine via ssh connection. Both my local and remote machines are Ubuntu 10.04. I connect to remote server via ssh -X and It does not forward to display to my local machine...
Code: root@goliath:/opt/install/bits# ssh -X -l root duke root@duke's password: Linux duke 2.6.32-21-generic #32-Ubuntu SMP Fri Apr 16 08:10:02 UTC 2010 i686 GNU/Linux Ubuntu 10.04 LTS [Code]....
I have a bit of a strange scenario. I have a machine with a fixed IP (192.168.0.108), running Linux. It has an external IP 99.99.99.8 via a 1:1 NAT on a Cisco ASA/router. Port 3389 (MS RDP) is open for 99.99.99.8. I want my Linux machine to listen on port 3389 and redirect all traffic to that port to a Windows machine (192.168.0.100). In this way, my Linux box is able to respond to requests on all ports, but port 99.99.99.8:3389 connects to Remote desktop on the Windows PC. I do not have access to the Cisco NAT config. I was able to get this setup to work by using an SSH tunnel.
I ran this command on the linux box: ssh -L 3389:192.168.0.100:3389 ergosteur@192.168.0.108 Any ideas? Perhaps using iptables or something?
I have several (say, 50) machines running ubuntu.I want them to be centrally controlled.That is, each machine should get permit from central machine before installing any software etc.I googled quite a lot but could not find the solution...
Up to now I've been playing with Ubuntu whilst storing important data elsewhere for about 2 years. Now I'm ready to move to Ubuntu completely but want to address my security.I'm currently using a desktop and server behind a hardware firewall / Internet router. The router has DynDNS and forwards port 80 to the webserver and a port I picked at random to the desktop 22 for SSH with private keys. SSH passwords are disabled.
The first question is, is there a danger of running different security levels on the two machines? I don't care about the server, there is no data on it so I currently forward port 80 and am considering forwarding ports 631 (CUPS) and a port for LDAP. Will this effect my desktop (which has info I don't want to loose).The next question is whether port forwarding / hardware firewall is actually a safeguard against attack.
I'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
I want to create a tunnel from my home computer to a linux server by SSH, then i can use the tunnel as a tcp forwarding proxy(SOCK 5) to access the web via the linux server. But i got "Internet Explorer cannot display the webpage" on my home computer, and when i check the "/var/log/secure" in the linux server(fedora), I found: "sshd[17926]: error: connect to xx.xx.xx.xx port 80 failed: Permission denied"
I've got two virtual machines running, the first VM (VM1) has two network interfaces, one bridged with my real lan, one a private subnet. The second VM (VM2) has one nic, only on the private subnet.
I have VM1 acting as a router for VM2, giving access to my real lan for internet access. The problem I'm having is I cannot get VM1 to forward ports 80 (http) or 222 (ssh) to VM2 from my real lan.
Here is the script I've cobbled together from various (foreshadowing!) locations:
Right so yesterday my internet worked fine. Today - no connection at all. The light for my cable on the router doesn't even show up. I originally had indicator-network installed, so when the internet first stopped working, I tried a few other options such as tethering to my phone via usb and bluetooth (which I have successfully used in the past). However, these didn't work, and I figured that as connman is still in beta, maybe that was why. So I reinstalled network-manager and network-manager-gnome via a usb stick, uninstalled indicator-network, and rebooted the computer. Still no internet.
When I click on the applet, it says "No network devices are available". This is odd, as I definitely have a network device... it is part of the motherboard. So I thought I'd do the SMARTlan test or whatever it's called. It's part of my BIOS, so I ran that and it returned results that I (kinda) expected: when the cable wasn't plugged in, it returned one set of results. When it was only plugged into my computer (and not the router), it returned another set of results. And when it was plugged into both my computer and the router, it returned a third set of results. So that leads me to believe the cable itself is fine.
And when I move the cable to a different port on the router, nothing changes. The corresponding light still doesn't come on. Network-manager, telling there are no network devices. The BIOS can see the ethernet port and the cable. And the router is functioning perfectly for my parents' computer and my ps3. And I have checked the cable to my computer for physical damage - it follows the same path as the one to my ps3, and on top of that, nothing physical can possibly have happened to it in the last day. This happened once before, except I don't think the network devices were lost.
