Ubuntu Servers :: How To Get Firewall Working
Feb 18, 2011
How do I get my firewall up and running to secure the ubuntu servers.. I have 2x network cards & 1x pppoe connection atm.
eth0 192.168.1.200 / eth1 192.168.0.200
and the ppp0 connection
iptables looks like this so far.
# Generated by iptables-save v1.4.4 on Thu Dec 9 11:12:04 2010
*nat
PREROUTING ACCEPT [108:8763]
:OUTPUT ACCEPT [52:3594]
POSTROUTING ACCEPT [111:10071]
COMMIT .....
A far as I can see my ppp0 connection is open atm & I would like to close off any traffic except ports 80 10000 5900 21 & 22.
View 4 Replies
ADVERTISEMENT
Jul 26, 2010
Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
View 1 Replies
View Related
May 5, 2010
I have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses.I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
View 9 Replies
View Related
Aug 9, 2010
My isp gave me a router which has wifi.
I added an ubuntu box acting as a router, so the layout is this:
Now, the lan has 192.168.2.0 subnet, and the external interface of the router is in the 192.168.1.0 subnet
So the problem is that the wifi assigns 192.168.1.0 ip's which doesnt belong or get filtered through my router/firewall...
View 9 Replies
View Related
Nov 30, 2010
I am having a little trouble setting up a NAT firewall using iptables. I have 1 PC dedicated to being the firewall running Ubuntu 10.04 LTS. There are 2 NICs in this PC. One NIC is connected to the modem & the other is hooked into my router, sharing the connection through to the other PC on my LAN. Thing is that I am having troubles setting this up using iptables. I have it sharing the connection, but can't seem to make it forward 2 ports through to my webserver on the LAN. I am also wanting to setup init.d to control iptables. I have been trying to google this, but haven't found anything useful to get this accomplished. I put the following into rc.local to make the forwarding work:
/sbin/iptables -F
/sbin/iptables -N block
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A block -j LOG
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
View 1 Replies
View Related
Jan 5, 2010
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
View 9 Replies
View Related
Jul 26, 2010
I am having trouble getting ports to open, on the router that the server is connected to it is set to DMZ, so everything passing through the router should go to the server right? but when I use a port checker none of the ports that I need to be open are. so my question is does ubuntu have a built in firewall that no one told me about? or something that would block me from having the ports open?
View 3 Replies
View Related
Sep 8, 2010
I have linux server setup on a network with 2 interfaces. One (eth0) is connected to the regular network and the other (eth1) has a DHCP server and transparent web cache listening on it. The machines connected on the eth1 side are on a different subnet and the linux server is there gateway. Untrusted machines are introduced to this network to keep them isolated.
This isolation works well, too well. There are a small set of resources on the regular network I would like to make available to machines on untrustworthy network. I think I need to use iptables but alas I've had no luck in piecing together the command I need (in one case looking myself out and having to physically reset the machine).
View 3 Replies
View Related
Jul 20, 2011
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 1 Replies
View Related
Jul 21, 2010
I have 2 mail servers behind Cisco firewall ,both the mail servers have different domain configured on them ,but when I try to send emails from server1 to server2 it dont go and also I am not able to receive emails in between two servers,after checking logs I found that the two server are not able to connect each other on SMTP port with public IP .
I am not able to connect any of my server with public IP behind firewall.
View 3 Replies
View Related
Jan 29, 2010
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
View 2 Replies
View Related
Apr 19, 2011
I want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies
View Related
Mar 17, 2010
I'm using Plesk as my control panel. After the PIX was installed, I mapped the old IPs to the new IPs. Port 80 is OPEN. My PHP includes won't work when I use the domain, actually nothing works when I use the domain infront of it. I tried adding 10.0.0.1 [URL] to /etc/hosts and still had no luck
View 1 Replies
View Related
Sep 28, 2010
I have managed to get iodine working between my ubuntu intrepid box and my windows client with a caveat.
The firewall rules allows DNS queries inbound. The client tunnel endpoint gets assigned an IP address and the tunnel is established properly.
However when I try to ping from the client machine, the reply packets are not coming back.
I used TCPDUMP on the Ubuntu box and watch the dns0 tunnel interface, and noticed that the packets are reaching the Ubuntu box from the client, but I don't see ANY ICMP echo replies until I turn off the firewall from Firestarter.
I see that outbound access rule is to allow all.
View 1 Replies
View Related
Feb 9, 2010
My scenario is similar to this person scenario: http:[url]......Here at the clinics, we already have established leaf/shorewall firewalls. Our domain controllers are win2k3 boxes.I've installed ubuntu 9.10 on a sound desktop/server and installed two nics inside that box.How do I make Dansguardian talk to our domain controllers, and give users access to the internet via established groups? What would be the best way to do this?
View 2 Replies
View Related
Aug 1, 2010
If this gets moved I apologize for putting it in the wrong place...Purpose of server: RED GREEN ROUTER for SOHO or PARENTAL CONTROL Block known bad URL,IP... ie porn, malware, ads, others Block Good URL,IP if Desired by OWNER Scan mail protocols for viruses out and in if out is found log and mail MASTEROSSIBILTY??? scan all protocols in and out for viruses n block log out block log and mail MASTER a server build log and possibly a step by step assist for new users.Version of ubuntu server 10.04Hardware Gateway Pentium 4 2 network cardsUse of server RED GREEN ROUTER FIREWALL that blocks site list from shalla and my own list. general use would be for SOHO or Parental controlpick language...pick it again???...country...no...country for kb...kb layout...eth0(as RED)me it...timezone...HDD choice(i used guided-use entire disk)...user...proxy if needed(not for RED GREEN ROUTER!!!)...updates(i picked auto)...LAMP,openssh, mail server ...sqlpassword...grub...done
then
login as user/pass created in install
run following
[code]...
View 9 Replies
View Related
Jun 10, 2011
I installed ubuntu server and got it set up, and im trying to install shorewall as a firewall, but whenever i do sudo apt-get install shorewall i get a package not found error.
View 5 Replies
View Related
Jan 3, 2011
I currently want to set up a network with 2 Ubuntu servers (mail and web) in a DMZ in order to separate them from an internal network. I want to use a dedicated Linux firewall. This firewall will have 3 network interfaces on it. One network interface will connect to the external router/modem (router and modem in one box), one interface will connect to the DMZ and the other interface will connect to the internal network. The router/modem lets you put, I think it's 1 or 2, interfaces in a DMZ.
But, when I think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ (I think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?). What I mean is that even if, as far as the router/modem is concerned, none of the interfaces were in a DMZ, the area where the servers are would still effectively be a perimeter network and with such a set up would still be, effectively,a DMZ, right?
View 7 Replies
View Related
Jul 26, 2011
I had installed openvpn in linux machine (public ip) remote pc.. and installed client openvpn in windows xp machine (local network )remote pc... ...how can i accesss openvpn server to access local lan network without performing NATING in firewall.
View 2 Replies
View Related
Jan 17, 2010
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
View 2 Replies
View Related
Jan 17, 2011
I have problem on VPS running opensuse. When I enable firewall outbound connections stop working. I have tried everything I know (not much when it comes to firewall (iptables)) but could not solve this.
Here is my ifconfig:
Code:
I used xxx.xxx.xxx.xxx to hide real address.
View 2 Replies
View Related
Mar 25, 2011
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
View 9 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
May 27, 2011
I'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
View 1 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Jan 19, 2011
I just installed the lamp stack and so far my default site is working. But a 2nd site I made is not working.I created the config file in /etc/apache2/sites-availableit reads:Quote:
<VirtualHost myip:80>
ServerAdmin webmaster@mydomain.com
ServerName mydomain.com
[code]....
View 9 Replies
View Related
Mar 7, 2011
I have very interesting problem after ~10 PHP Fatal error, php 5(latest one) in apache2(latest one) in Ubuntu Server 10.10(with latest updates) just do not work. So if try any php page it's not working(user see white page), but HTML still work fine.What that can be? So only restart apache is help to back php. (we are running Wordpress blog 3.1)
View 2 Replies
View Related
Apr 25, 2011
I had a problem with apache2 and getting .htaccess working. I have done some things and i believe its working the ErrorDocument command is anyway. I believe there may be some problems with the rewrites though.Im trying to take a urlhttp://localhost/showthread/123and make it display whats on http://localhost/index.php?showthread=123The rewrite rule is Quote:
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^showthread/([^/.]+)/?$ index.php?showthread=$1 [L]
[code]....
View 8 Replies
View Related
Apr 23, 2010
I upgraded Samba to 3.5.2 to enable Windows 7 to log in to the PDC. ACL was working with the Samba 3.0.28a that came with 8.04LTS. After upgrade I can now log in to the domain with Win 7 but ACL permissions are not working on Win7, XP or anything. They still show on the server but any attempt to change permissions on the workstation fails with "Access is Denied" and only user/group/other permissions are doing anything. Anyone know what changes for the ACL were made between the two versions? I know they're working on switching to VFS modules but setting "vfs objects = acl_xattr"
View 1 Replies
View Related
Mar 7, 2010
I just finished setting up my home ubuntu home server. Installed LAMP and it works beautifully. The problem is everytime I upload a file through FTP into the server, the file changes permission even though I did chmod -R 755 www. Si everytime I upload a file to my server i need to run the command chmod -R 755 /var/www
View 1 Replies
View Related
