Is there a way to use the firewall to essentially lock certain programs like firefox and transmission to my vpn connection-so that in the event that my vpn connection goes down these programs do not use my default ISP Internet connection.
View 1 Repliesgufw - transfer gufw rules to a new computer.Set-up over time, a gufw contains dozens of rules.Is there a way to easily copy and transfer these rules to a new computer - without spending hours of setting it up again from scratch, by hand
View 4 Replies View RelatedVERY GREEN to Ubuntu. My setup:
1. computer A connects to the internet through usb dial up modem
2. computer A & B are wirelessly networked through an ADHOC network.
3. computer B doesnot need to connect to the internet.
I've installed the GUFW. If I enable it I can not see the other computer files. I use static IPs for both. I tried setting a rule but I get stumped were it asks for the port. I'm not all that familiar with ports.
I did one of the recommended port scans and all ports passed but failed on pinging. How do you turn pinging on & off with GFUW?
View 9 Replies View RelatedJust want to stealth ports on my laptop. Had problems with firestarter when I installed in on 10.10. Set Firestater back to defaults and then dumped it with:
Code:
sudo apt-get purge firestarter
Set up Gufw to defaults and now am not sure what I am seeing with iptables.
iptables -L shows .....
Do these settings look correct for default settings for Gufw? or do I still have some problems with the old firestarter settings not being removed. All I want is all ports stealthed. I know that ping is enabled but I believe that is a default setting in ufw. Could I restore iptables to default with:
Code:
sudo iptables -F
and then enable Gufw and set default?
I just installed gufw and was in quite a hurry. A root acces prompt came up as I started gufw for the first time, and I quickly responded with appropriate password. All I saw in this hurry was that it had something to do with the usr/share directory.So, here's my question: Does gufw require root access when first starting up
View 6 Replies View RelatedWhat is the best IPtables configuration for bind DNS server.
View 3 Replies View RelatedI did not use below configuration in my racoon conf,
remote anonymous {
exchange_mode main;
lifetime time 1 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
[Code]...
I've pruned your post from where you originally posted. In the future, please check the dates on threads which you're thinking about posting in. If you see they are dead (inactive for a few months or more) just let them rest in peace and start your own thread. You can always include links to reference the dead thread if you need to, as I've done here.
A create an application which has to bind to port less than 1024 and must be launched under non-root user. OS: Ubuntu 10.04. Decision 1: Using a firewall to redirect packets. Problem: This decision is not good for me. I need simple way to solve the problem. Decision 2: Use CAP_NET_BIN_SERVICE. Problem: My execution file has 2,7G size. It is very big application with a lot of debug info. setcat command return an error:
[code]...
My understanding is SELinux adds type enforcement to standard Linux. This means that both the standard Linux and enhanced SELinux access controls must be satisfied to access an object. Which means that thing that is prevented to do in the normal standard Linux will be also prevented in the SELinux System? Does SELinux make it possible to run a non-root software to bind to a port < 1024? something that standard Linux won't allow? If not, what other suggestions do you have for allowing a program to run as non-root but able to bind to privileged ports? I know all about using the port re-direction such as ipchains, iptables.
View 4 Replies View RelatedI am having difficulties in establishing a vpn connection using vpnc (or NetworkManaager-vpnc).
As long as the openswan IPsec daemon is running, vpnc-helper quits with the error message
Quote:
Failed to bind to 0.0.0.0:500: Address already in use
[user@computer ...]# vpnc-helper --local--port 0
If I use NetworkManager-vpnc, then establishing the connection simply fails.
Using the --local-port 0 option does not change anything.
If I stop the ipsec service (service ipsec stop) then establishing the connectiong works, both with NetworkManager-vpnc and the console tool, but apparently the network traffic is not routed via the VPN - in my case this means that I cannot access hosts within the vpn and stuff.
Funny thing is - on my notebook from where I connect via WLAN, everything works fine. With Fedora 13 everything works fine, too.
Does anybody have an idea how to enforce that the vpn connection is actually used?
Today I first tried out gufw to block some host that constantly tries to log into my FTP server which invalid user names. I managed to change the default rules to allow so that ufw wouldn't block my usual business. Then I added a rule to block all TCP from that IP to port 21. Working fine.
But what is that IN/OUT distinction good for? I specify IP addresses as from and to, so why would I need to also say whether this is in- or outbound? An old Wiki article on ubuntuusers.de is dated Ubuntu 8.04 and doesn't make that difference at all.
I am configuring bind9 on fedora 9(sulphur).I have configured /etc/named.conf and created zone file in /var/named/I have started the service but when I am executing the command nslookup mydomain.com it is not able to resolve the name.Another problem I am facing when I do telnet localhost 53,I am able to connect.but when I do telnet myip 53 it does not connect.Seems to be a firewall problem but I ve disabled iptables selinux completely even I ve disabled dnsmasq but still not working.
View 1 Replies View Relatedwhat is bind vs bind-chroot vs caching-nameserver ?what is the different between eatch others ?
View 7 Replies View RelatedEvery time I install Jessie, I also install gufw as a graphical firewall frontend for desktop users, but I've also always had to create my own menu icon because the default one never showed up. I opened up the .desktop file today and took a look to see why it was never displayed in Gnome.
There was a line next to the bottom that basically told it to only appear in Unity. Deleting this line allowed it to appear in the Gnome menu. My question is this. Why is this line even in here?
Screenshot: [URL] .....
I'm brand new to Linux and perhaps foolishly jumped right into Debian (Jessie). I've managed to get Dropbox downloaded/installed/whatever the proper parlance is, but in order to access it I have to input Code: Select all~/.dropbox-dist/dropboxd. When I close the root terminal, Dropbox disappears.There's no icons in the menu. Likewise with GUFW. It might be superfluous since UFW seems to be active whenever I check it through the root terminal. Is there any way to configure Dropbox to start automatically and maintain its status even if the root terminal is closed? I've looked around these forums and the internet in general and not found any similar problems. Also, I installed Spotify but whenever I click the icon nothing happens.
View 8 Replies View RelatedI have a problem with the unix firewall (gufw). I'm using Linux Mint Debian Edition. The problem appears when I double click on the icon to bring it up for configuring. Everything is grayed out so I click on the "unlock" button. Normally, this is when gufw comes alive with color. But all I get now is a note on the bottom of the gray screen that says "Wrong Identification". Uninstalling and reinstalling UFW and GUFW didn't fix the problem. I would like to have my firewall working for me.
View 3 Replies View Relatedthis is not on the master node, but rather the node that is being replicated to. The problem occurs when i query using ldapsearch or an `getent passwd` EG ldapsearch:
Code:
[root@cakeslave ~]# ldapsearch -x -b 'cn=Christian Unger,ou=People,dc=example,dc=org' -D "cn=replica,dc=example,dc=org" -H ldaps://cakeslave.example.org -w cakewalk
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[code]....
The cacert.pem in /etc/ssl/certs and /etc/openldap/certificate are identical (check using md5sum). I have done an strace and found that it looks at /etc/pki/tls/cert.pem .
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies View Relatedi have a xeon machine with ubuntu os machine specification is 3gb RAM 3 scsi hard drives each 73gb it have two ethernet cards one ethernet card is connected with adsl modem and the second is connected with LAN. now what is mikrotik doing for me is control access to bind mac adress with ip adress and control the band width for induvisual conection.
View 2 Replies View RelatedHow to install gufw? I could not find it when i clicked "install gufw" the message came as package not found.
View 2 Replies View RelatedMy host is ubuntu 9.04 and the guest is winxp sp3. I need to use QEMU to monitor the network communication for security researches. But I failed to establish the connection between the host and the guest.
To build a TAP connection, I input commands as the following t.
How should I establish the TAP and Bridge connection in the QEMU?
I have changed my sshd banner in /etc/motd code...
However, I would also like to change the banner that someone sees if they attempt to use another method of connecting to my ssh server (telnet, for example). Currently, this is what happens code...
Where do I edit the telnet/ssh banner, so it isn't so easy to fingerprint my os/ssh version simply by using something such as telnet?
I was hoping to set up a Kubuntu 10.04 Chroot on a PC with no internet access (I only have dialup anyway, not Broadband). All the information I have been able to find refers to downloading debootstrap in order to do this.I purchased a set of DVDs with all of the Ubuntu packages on them and created a single repository of them on my harddrive.Is there some way that I can create the Chroot using the packages on my hard drive without having to access the internet to download stuff as I do it?
View 6 Replies View RelatedI'd like to buy some stuff from the Software Center but I don't see how to confirm a valid certificate or see any indication of a secure connection on the screen where I enter my credit card info. Of course, I'm sure the page IS secure because who would design it otherwise (especially considering how our patron made his first fortune), and I could sniff out the network connection, but I don't see any information provided to the end user.
It seems like it could open up Canonical to all sorts of legal issues to not have security info and a privacy policy easily available in the payment section of the USC. Maybe it's there and I've missed it somehow. maybe it is on the next page, but I didn't press the "submit" button.
Thought about posting in the Networking board, but I believe this is a much more security-oriented thread. So let's say I bring my computer to a public place, say a library with one open, public, shared wireless network. I connect to that network. Let's assume that everyone else who's connected is using Windows. Can they see my computer (through Network Manager or other software) and attack it (SYN flood or something)? Or does it depend on the network settings?
View 9 Replies View RelatedIs my ssl connection secure if I'm going through a proxy. Is it possible to craft a malicious proxy to steal/crack authentication?
View 2 Replies View Relatedon my linux server i have many websites, before i use this command
netstat -anpl|grep :80|awk {'print $5'}|cut -d":" -f1|sort|uniq -c|sort -n
to see all the ips with many connection but the problem is is show me all the ips from all the websites from the server, can be another way to show me all the ips just from my website ?
I will be hiring Linux freelancers very soon to do some work on my Linux Centos 5 machine. And I need a way to see what he's doing on my computer over ssh, now I don't mean me reading the logs, I meaning seeing what he's doing in realtime (kind of like vnc, but except the freelancer will only use ssh to do his work and not on the desktop environment.)
View 10 Replies View RelatedSince important information like pass-phrases is sent via a Bluetooth link, I wonder how secure this is. I think it must be quite a weak point.
View 3 Replies View Related