Though I have uninstalled and rm -rf'ed everything I can find having to do with ufw, I am still getting weird output from iptables -L If I type in
Code:
iptables -F
iptables -Z
iptables -L
I should get
[Code]...
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedIf the server restarts, does the information in iptables get lost? I have seen a number of pages where people recommend readding lines or creating bash scripts to get it to work again. What about files like squid.conf, ncsa_auth files, etc.?
View 10 Replies View RelatedIs there a way to stop kbuildsycoca4, and klauncher from spitting messages over all over my console windows every time I start a kde program from the console? I absolutely hate it when I'm typing a command and suddenly I get a million messages from kbuildsyscoca/klauncher and can no longer see what I was typing.For examlpe redirecting kate stderr to /dev/null, you'll still get messages from klauncher, and kbuildsyscoca4. Is there a way to silence this garbage for good?
View 2 Replies View RelatedI don't know were this goes so I'm just gonna put it here
Basically earlier today i figured i wanted to try out backtrack 4 but I could only have a maximum of 4 partitions on an hd at a time.
So i deleted my partition that contained my arch home directory (didn't really have any data on it and i figured i could just make a new one later) to create an extended partition to put backtrack on. Well all went well except now when I select arch instead of backtrack i get a disk check error.
This is the first part of the error, I can't exactly copy and paste it as its on my laptop. code...
I'm trying to switch over my old server(9.10) data to a different server(10.04). My old server only had 2 drive bays, whereas my new one has 4. I already have my new server up and running(for the most part), and want to add the old hard drive to it. How would I do this without losing any information. I believe even my old drive is formatted to ext4. I was going to just throw it in there, but I'm afraid of losing information as I really don't want to lose a 1tb of info. I did try to search, but my title had too many common words in it.
View 4 Replies View RelatedI am willing to learn. I purchased and am currently reading The Official Ubuntu Server Book, and I think I have found my first side project. First, the book said Ubuntu Server is pretty much coded with a scripting language called Python. I want to define the different init levels of my server. I want to define like init 5 to have a GUI interface, just for kicks. A GUI might come in handy when doing certain things in Ubuntu Server, I just don't know, simply because I've been working on the command line. So my first question is, do I need to learn Python to script in Ubuntu Server? I have very little experience coding let alone scripting. The book has example of Upstart scripts, but I was wondering if the language is Python?
So I guess my question is a general question to scripting If I were to focus my time in learning Python as well, would I be able to customize/utilize more of Ubuntu Server? I'm not exactly sure what to learn/read as well to this. I'm trying to broaden my horizons, and I've decided to experiment with Ubuntu Server.
How to get the following information using terminal in ubuntu I googled entire internet but could not find it:
1. What patches has been selected(installed) in my installed kernel(current kernel).
2. List of installed drivers.
How do I install this on my server? Here is an example: [URL]
View 3 Replies View RelatedJust wondering, what happens when you have multiple server softwares listening to the same port? will it be able to distinguish which service to use by the protocol information, or is it setting it up for failure?
IE: http and ssh both listening to port 80.
I set up a website in my home directory, which works fine except running some .cgi scripts. the suexec.log shows this error message :
"cannot get docroot information (/home/weixi)"
does anybody have any suggestion what's wrong with it? I use Fedora 11.
I have just been gifted with a Linux dedicated server for the next six months, with an option to renew after that time has expired, and I'd like to set it up for FTP/P2P use. I do have some familiarity with Fedora from work, but only as a pre-installed desktop OS. The company providing the server has asked me to choose a OS, so of course I picked the one with which I already have some knowledge. They've also asked me to provide partition and mount point information, and it's here that I'm having some problems. I've spent most of my free time today reading everything I could about partitioning for a server, and I'm still not comfortable making this decision on my own.
The server comes with two drives - one 500GB and one 1TB, and 8GB RAM. My thinking is to use the 500GB drive for the OS, and the 1TB for media storage. I know I still have a good bit of learning to do, but I just want to get the blasted thing set up so I can get on with the hands-on part of figuring out how it works.
When I try to run anything that uses iptables, even just iptables -L, I get:
Code:
1+drm33.2/modules.dep: No such file or directory
iptables v1.4.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. This is on a fresh Ubuntu minimal install, using my VPS hosts image (so they could have messed something up). I know there have been issues in the past with iptables on Ubuntu on xen. Is this a Ubuntu bug? Is there a solution?
incidentally depmod -a gives:
Code:
WARNING: Couldn't open directory /lib/modules/2.6.32.11+drm33.2: No such file or directory
FATAL: Could not open /lib/modules/2.6.32.11+drm33.2/modules.dep.temp for writing: No such file or directory
I'm coming from a RHEL/CentOS background where I'm used to editing /etc/sysconfig/iptables for host-based firewall stuff. I can't find a direct equivalent on Ubuntu and I'm pretty surprised. What I've found is the ufw utility which seems to do some of what I want and some things I may not want, but it seems pretty cumbersome to type "ufw allow proto tcp from <address> to any port <number>" etc over and over again, compared to just copying and pasting and editing a largely canned set of iptables rules on RHEL.
Is that how experienced ubuntu server sysadmins do things? Do you really use the ufw front end, or do you do a preup script in /etc/network/interfaces that calls a iptables --restore, etc?
Is there another way that I'm missing? I want to do things the most standard, ubuntu-like way that's consistent with repeatability and quality, basically.
Php file that basically runs a few commands and echoes the output. It's for checking things like temperatures etc, space free.
You can see it in action here: [url]
I've attached the actual php file.
Two questions:
1) What more can I add to it to give me even more information?
2) I want to add hddtemp but it requires sudo to run. How can I get around this?
I am having a little trouble setting up a NAT firewall using iptables. I have 1 PC dedicated to being the firewall running Ubuntu 10.04 LTS. There are 2 NICs in this PC. One NIC is connected to the modem & the other is hooked into my router, sharing the connection through to the other PC on my LAN. Thing is that I am having troubles setting this up using iptables. I have it sharing the connection, but can't seem to make it forward 2 ports through to my webserver on the LAN. I am also wanting to setup init.d to control iptables. I have been trying to google this, but haven't found anything useful to get this accomplished. I put the following into rc.local to make the forwarding work:
/sbin/iptables -F
/sbin/iptables -N block
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A block -j LOG
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
I am configuring an internal only IMAP server for archival emails. I am absolutely baffled why my connection is being refused. UFW is disabled and IPTABLES has a rule to allow all connections on 143 and 993. When I telnet this response is given:
Code:
telnet localhost 143
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Even nmap shows the port closed. Here is my iptables rule:
HTML Code:
-A ufw-user-input -p udp -m udp --dport 143 -j ACCEPT
I noticed you can use names for ports like ssh, instead of the actual port number in iptables, but I can't find a list of what they are?
View 3 Replies View RelatedI have a clean install of Ubuntu server Lucid Lynx with the virt-host task installed. I need to find the location of the iptables rules that are being loaded when the system boots. These are the rules for the virbr0 interface.
View 1 Replies View RelatedHow to configure iptables to allow only 22,80,3306 ports for only a dynamic public ip/dyn dns domain name on a ubuntu server?
View 9 Replies View RelatedIn Lucid I have some ufw rules but I figured that I need to limit the ICMP messages that the box responds to and also limit their number. There are iptables rules to accomplish this but since I already have ufw rules it is safe to use iptables only for ICMP rules ?
View 4 Replies View RelatedI'm using Ubuntu server 9.10 with 2 NICS (Internet-router-eth0, eth1-LAN). I use iptables to generate rules for 20 computers, but when I execute the script, ALL TRAFFIC DROPS, including the server. What am I doing wrong?
Code:
#!/bin/sh
#eth0 192.168.0.50 - connected to Internet
#eth1 192.168.1.51 - connected to LAN
#192.168.1.52 - workstation1
#set default policies
iptables -P INPUT DROP
[Code]...
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -s 192.168.1.52 -j ACCEPT. The reason I'm doing this is, I just want to open necessary ports in the server and restrict LAN usage.
Why would this iptables cause this mail delivery error? I think it's to do with dns lookups not being routed properly... if remove the last rule, mail works fine.
ssh is also very slow to connect when the last rule is enabled.
postfix mail error:
Code:
Jan 24 11:32:18 xxxx postfix/smtp[15065]: 9F2162C519: to=<xxxxx@hotmail.com>, relay=none, delay=1005, delays=965/0.01/40/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) iptables
[Code]....
I'm deploying new ubuntu server which should act as a router. I've already set up the NAT for local network, and also did some shaping for different groups of users, but now I'm facing new problem.I need to make a scheduled URL filter. I know it's not a problem with cron and simple script, but maybe there is existing way to do that? And also, I need to make statistics on web-traffic. I need to have list of URLs visited by users (source ip, destination url). Is it possible with iptables? or with any other software but without using proxy servers.
View 9 Replies View RelatedI am trying to make start an iptables.cf script on my server.
I have copied it into /etc/init.d/
And try to make it load with /etc/init.d/iptables.cf start
Then "not permission" (I was the root then).
So, sudo /etc/init.d/iptables.cf start
Then, "command not found".
I'm trying to write a program which would get information from a webpage and display the information on my desktop sort of like a widget. I kind of remember there being something like this already made, but for the life of me I can't remember what it's calledDoes anyone know?
View 1 Replies View RelatedI have eth0 for administration, and vlans eth0.2 eth0.3 and br0 for resource seperation. My esternal interface is ra0.each internal interface is on a seperate subnet, and I have dhcpd giving connecting devices ip addresses out of their assigned network. I want all of the devices to be able to access the internet through NAT, I need to allow them to communicate with port 80 on eth0's subnet
eth0 10.0.0.0/24
eth0.2 10.2.0.0/24
eth0.3 10.3.0.0/24
[code]...
I'm new to linux, but enjoy using it very much, especially without a GUI, console is fun! I need to set up port forwarding. We have 3 servers, 1x running Ubuntu server 8.04 (used as transparent proxy), 1x server 2003, 1x windows xp.
The linux box has the following ips:
eth0 (internal) 192.168.1.5
eth1 (external) 192.168.0.7
Windows server 2003:
192.168.1.6
Windows XP:
192.168.1.9
Router:
192.168.0.1
The router automatically forwards specific ports to 196.168.0.7 (Linux eth0). From there I want to forward port 8585 to 192.168.1.6 and 3000 to 192.168.1.9. Is there a way that I can do this using iptables?
The commands that I think I'm gonna use look like this:
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8585 -d 192.168.1.6 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3000 -d 192.168.1.9 -j ACCEPT
Would this be a correct way of doing it? My biggest problem is that I can't test it without going live, and if I go live and something doesn't work, the entire building will be left without internet, people will hate me. Also, The proxy captures all data on port 80 and forwards it to 3128 so that the proxy can monitor the usage, and a few systems runs fine with it, others however can ping websites, and internet explorer says "website found, waiting for reply" but the webpages cannot be displayed.