Ubuntu Servers :: Set Up As A Firewall - Direct Internet Connection Through Where Will Block
Apr 19, 2011
I want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies
ADVERTISEMENT
Sep 14, 2010
How can we force an application which is using a direct Internet connection inherently to connect through a proxy server connection. Like redirecting the direct traffic generated to a proxy server.
View 5 Replies
View Related
Jan 26, 2010
I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.
View 14 Replies
View Related
Jan 5, 2010
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
View 9 Replies
View Related
Jul 6, 2010
When I enable my ufw it completely shuts me out and I have no internet connection. When I do:
Code:
sudo ufw status numbered
I get:
Status: active
To Action From
-- ------ ----
[ 1] 80 ALLOW IN Anywhere
[ 2] 80 ALLOW OUT Anywhere (out)
But I need to disable my ufw in order to reconnect back to the internet. Why is that? Doesn't the above rules indicate that I should have inbound and outbound traffic even if my firewall is up?
View 5 Replies
View Related
Oct 21, 2013
I am running Debian on my server (OpenMediaVault) and i am connected to a VPN service, using openvpn. BUT! How do i make sure that the internet connection, stays through my VPN service, or gets blocked, if the connection through the VPN tunnel fails? Jeah, yeah call me paranoid..
I have read this: [URL] ....
I don't know how i use the source code. Is there a script somewhere i can just download? And i don't want the LAN connection to be blocked.. only outgoing traffic!!
View 14 Replies
View Related
Sep 19, 2010
What is the absolute quickest or easiest way to block an incoming connection by their IP address? I'm running an apache2 LAMP server on Ubuntu 8.10. For example, let's say I'm watching my server error logs and I see someone using a script to check for phpmyadmin and other such folders. Right away I know this is a hack attempt. Firestarter does not allow ANY way to block an incoming connection by IP (to my disappointment) and adding the IP to an apache configuration file requires an apache restart (way too much trouble and time).
View 5 Replies
View Related
Oct 2, 2010
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies
View Related
Dec 6, 2010
What can you recommend software to link sharing, and priority services such as VoIP, email, web, ftp others. The only thing I got it [URL], but it is not developed since 2008 ri do not know if it works.
View 4 Replies
View Related
Jan 20, 2011
I have discussed sharing an internet connection with my neighbor so we can both save money. We both have multiple computers connected to consumer grade routers. I've tinkered with WDS configurations but it was very unreliable and cumbersome to manage for reasons I won't get in to here. I'm thinking of getting my ubuntu server box to connect to my neighbor's wifi (via a USB wifi adapter) and share the connection through my router to my own subnet, (wired and wireless).
Can anyone shed some light on how I can best accomplish this?I can see a number of hurdles with this, maybe there are some I have yet to discover:Getting the USB wireless adapter to connect and stay that way via commandline.Configuring ICS from the USB connection to ethernet out to my router.Probably moving DHCP duty from my router to my server.Getting it all to work reliably well.
View 2 Replies
View Related
Aug 19, 2011
So I have been struggling to make this happen for a bit and cannot figure it out. I want to communicate directly from my non-GUI Debian to my Puppy Linux PC. I have set up my Puppy PC for direct connection as per the instructions in the network wizard. I need to set up my Debian to do the same.
I have done the
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
in /etc/network/interfaces.
I still cannot ping the Debian machine from the Puppy one. Are there any other steps to the direct connection? (I already have the crossover cable in place)
I have also tried this with both PCs connected to a Netgear router. I CAN connect to the debian machine if it is on the router at the IP I assigned it and the Puppy PC is configured to use the router.
Is there a file I can edit or a process I can turn off? I think it's close I am just not sure what I am missing.
View 6 Replies
View Related
Jan 10, 2010
I've got a Laptop with wireless broadband connection which needs to be connected to a desktop machine so that the internet connection could be shared. Both has got Ubuntu 9.1. I don't have a router or a switch. I just need direct connection with a cross over cable.
View 5 Replies
View Related
Jun 9, 2010
I have been experiencing extensive networking problems with 10.04 and I was wondering what options there are for downgrading to a different (hopefully more stable) release. I cannot seem to get a wired connection direct from the modem. I don't know if its just me but I feel an operating system that can't do something simple like this (without extensive terminal codes and file edits etc) is not for me. Here are my system specs:
3.06 GHz E6600 Core 2 Duo
2x2GB GSKILL DDR2
MSI G41M4-F (Realtek Ethernet)
500 GB Seagate 7200
I also have a PCI NIC card Intel PWLA8391GTBLK GIGABIT 1PC I just want to connect to the internet in a hassle free manner. Is there a release of ubuntu that I can "downgrade" to that will make networking hassle free? I have previously used 8.04 on a different machine with no problems. Is downgrading from 10.04 trivial? I currently do not have any important files as this is a new build and file backup is not an issue. Is there anything I should keep in mind or be aware of before downgrading?
View 5 Replies
View Related
Mar 11, 2011
How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
View 5 Replies
View Related
May 28, 2010
Link 1 = my network [url]
My network:
Subnet 1
Subnet 2
When someone creates a network loop (a cat 5 cable is plugged into two ports on a switch), the 2 subnet get flooded and become very slow.
How can I prevent subnet 1 from getting flood if someone create a loop on subnet 2.
- eth2 go offline automatically until the network loop is canceled.
View 2 Replies
View Related
May 2, 2010
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
View 1 Replies
View Related
Mar 25, 2010
I have recently installed Ubuntu 8.04 LTS Server Edition, with no GUI. I can't connect to internet, and therefore I can't use commands like "apt-get update" I do not even know how to configure this server yet. I need my server to connect to Internet through my wireless card (I have no cable connexion for now).
View 4 Replies
View Related
Feb 16, 2011
I have two systems in both systems there I installed ubuntu 10.10. I need to know how to share an internet connection over the two systems at a time?
View 9 Replies
View Related
Jul 19, 2011
I am back to the same issue internet connection sharing using NAT .I use the following command it work for me for an hours.
Code:
sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A POSTROUTING -t nat -j MASQUERADE
Code:
sudo iptables-save | sudo tee /etc/iptables.sav
Edit /etc/rc.local and add the following lines before the "exit 0" line:
Code:
iptables-restore < /etc/iptables.sav
Code:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
After restarting my server NAT is not working .client system can ping to my server through the server's eth1 ip but Internet is not accessible to the client pcs.
View 2 Replies
View Related
Dec 9, 2010
I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?
Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.
View 5 Replies
View Related
Jul 4, 2010
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies
View Related
Jan 14, 2010
I was trying to assign the static IP address of my internet connection to my home server and managed to make a mess of it. I've configured the router to assign it the address every time but when I rebooted everything the server is cut off from the network completely (rather unfortunate with a headless server...). The only file I've edited on the server when trying to do this is /etc/network/interfaces, everything else network related is default. My intention in editing the file was to make the server accept the IP address assigned by the router since the router was already configured to assign the right one. I put in
Code: inet dhcp in the /etc/network/interfaces file, is that wrong? What is that line supposed to be?
View 9 Replies
View Related
Mar 27, 2010
if i set up an older computer as a local DNS server for my home network, can i plug my wireless router into one of the ethernet ports to share the internet connection to my wireless devices?
View 2 Replies
View Related
Jun 21, 2011
I have three machines(2x Dell Optiplex GX620, 1x Dell Optiplex 330) and I salvaged a D-Link Ethernet card from another PC, and I want to put it in the Optiplex 330. I was wondering if there was something I needed to do before I take the server offline and install it and how do I find the drivers for it? Or does Ubuntu go ahead and do that?
And my second question is, once I get the network card installed, how do I share the internet connection of that machine with another server? And how would I SSH in to the server connected to the other? I'm guessing that I have to set up some ports to do that, but I don't know how as I am very new to the Ubuntu Server scene and I am doing this for educational purposes.
View 3 Replies
View Related
Dec 14, 2010
I launched my website. At the moment the site has an firewall (iptables) enabled with very simple rules. All incoming traffic is blocked, except for the ports http and ssh. Everything is working perfect, but I want also to be able to block certain kinds of attacks. There are some really good examples on the internet, but I don't now if they contain all kinds of attacks which are relevant to my situation. To be clear, I only server web content through port 80 and use ssh to remote login.
View 3 Replies
View Related
Dec 29, 2010
I did search, but could not find a solution.Right I've installed Ubuntu Server 10.10 on an old machine, installed fine and the system is running. I have a windows 7 desktop that is connected to the internet via wireless. The desktop then has an ethernet connection which is shared to the ubuntu server. The network looks like this.
Modem > Router > Desktop > Switch > Ubuntu Server My problem here is that there appears to be no connection from the server to the desktop. The server cannot connect to the internet.
When i ifconfig the ubuntu machine shows.eth0 link encap:Ethernetinet address: 192.168.137.2 Bcast:192.168.137.255 Mask 255.255.255.0 However on the windows desktop (the machine sharing the internet) these are the details for the connection to ubuntu server.ip 169.254.170.50 mask 255.255.255.0
is this a dhcp problem? is my server configured wrong?
View 4 Replies
View Related
Mar 10, 2011
tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies
View Related
Aug 23, 2010
Did a quick search through the site and could not find the answer i was looking for. Currently i am running Fedora core 12.I would like to get amarok installed with all the mp3+ support with it.I do not have internet at home. just on my phone (so i can download and transfer small files), and at work with a jump drive.How would i go about getting this done?
View 1 Replies
View Related
Jan 5, 2010
i have installed apache and php in my fedora 11 system and httpd works fine except that it doesnt have internet connection for example rapileech doesnt work it says "cannot connect via port 80" and if i put an rss feed collector in a website it doesnt work but everything else works fine , also when i put the same file in a shared web host it works fine
View 3 Replies
View Related
Jun 13, 2010
i have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
View 5 Replies
View Related
