Ubuntu Servers :: Ufw Or Iptables Script

Oct 4, 2010

I'm coming from a RHEL/CentOS background where I'm used to editing /etc/sysconfig/iptables for host-based firewall stuff. I can't find a direct equivalent on Ubuntu and I'm pretty surprised. What I've found is the ufw utility which seems to do some of what I want and some things I may not want, but it seems pretty cumbersome to type "ufw allow proto tcp from <address> to any port <number>" etc over and over again, compared to just copying and pasting and editing a largely canned set of iptables rules on RHEL.

Is that how experienced ubuntu server sysadmins do things? Do you really use the ufw front end, or do you do a preup script in /etc/network/interfaces that calls a iptables --restore, etc?

Is there another way that I'm missing? I want to do things the most standard, ubuntu-like way that's consistent with repeatability and quality, basically.

View 1 Replies


ADVERTISEMENT

Ubuntu Servers :: Setup Iptables Rules In /etc/if-up.d/iptables?

Apr 16, 2011

I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables

Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.

View 2 Replies View Related

Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading

Nov 26, 2010

I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.

View 2 Replies View Related

Ubuntu Servers :: Iptables Not Working In Xen VPS?

Jun 27, 2010

When I try to run anything that uses iptables, even just iptables -L, I get:

Code:

1+drm33.2/modules.dep: No such file or directory
iptables v1.4.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded. This is on a fresh Ubuntu minimal install, using my VPS hosts image (so they could have messed something up). I know there have been issues in the past with iptables on Ubuntu on xen. Is this a Ubuntu bug? Is there a solution?

incidentally depmod -a gives:

Code:

WARNING: Couldn't open directory /lib/modules/2.6.32.11+drm33.2: No such file or directory
FATAL: Could not open /lib/modules/2.6.32.11+drm33.2/modules.dep.temp for writing: No such file or directory

View 1 Replies View Related

Ubuntu Servers :: Setting Up NAT Firewall Using IPtables

Nov 30, 2010

I am having a little trouble setting up a NAT firewall using iptables. I have 1 PC dedicated to being the firewall running Ubuntu 10.04 LTS. There are 2 NICs in this PC. One NIC is connected to the modem & the other is hooked into my router, sharing the connection through to the other PC on my LAN. Thing is that I am having troubles setting this up using iptables. I have it sharing the connection, but can't seem to make it forward 2 ports through to my webserver on the LAN. I am also wanting to setup init.d to control iptables. I have been trying to google this, but haven't found anything useful to get this accomplished. I put the following into rc.local to make the forwarding work:

/sbin/iptables -F
/sbin/iptables -N block
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A block -j LOG
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

View 1 Replies View Related

Ubuntu Servers :: Iptables -L Spitting Out Ufw Information?

Jun 16, 2011

Though I have uninstalled and rm -rf'ed everything I can find having to do with ufw, I am still getting weird output from iptables -L If I type in

Code:
iptables -F
iptables -Z
iptables -L
I should get

[Code]...

View 2 Replies View Related

Ubuntu Servers :: Connection On Port 143 - Iptables Are Open?

Feb 2, 2010

I am configuring an internal only IMAP server for archival emails. I am absolutely baffled why my connection is being refused. UFW is disabled and IPTABLES has a rule to allow all connections on 143 and 993. When I telnet this response is given:

Code:
telnet localhost 143
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Even nmap shows the port closed. Here is my iptables rule:
HTML Code:
-A ufw-user-input -p udp -m udp --dport 143 -j ACCEPT

View 3 Replies View Related

Ubuntu Servers :: Find Port Names For Iptables?

Jun 4, 2010

I noticed you can use names for ports like ssh, instead of the actual port number in iptables, but I can't find a list of what they are?

View 3 Replies View Related

Ubuntu Servers :: Iptables Rules Loading On Boot?

Jun 22, 2010

I have a clean install of Ubuntu server Lucid Lynx with the virt-host task installed. I need to find the location of the iptables rules that are being loaded when the system boots. These are the rules for the virbr0 interface.

View 1 Replies View Related

Ubuntu Servers :: Iptables Allow Ports To A Specific Ip Or Domain Name?

Jul 23, 2010

How to configure iptables to allow only 22,80,3306 ports for only a dynamic public ip/dyn dns domain name on a ubuntu server?

View 9 Replies View Related

Ubuntu Servers :: Ufw And Safe To Use Iptables Only For ICMP Rules?

Aug 5, 2010

In Lucid I have some ufw rules but I figured that I need to limit the ICMP messages that the box responds to and also limit their number. There are iptables rules to accomplish this but since I already have ufw rules it is safe to use iptables only for ICMP rules ?

View 4 Replies View Related

Ubuntu Servers :: Using Basic Iptables Config - But ALL Traffic DROPS

Jan 11, 2010

I'm using Ubuntu server 9.10 with 2 NICS (Internet-router-eth0, eth1-LAN). I use iptables to generate rules for 20 computers, but when I execute the script, ALL TRAFFIC DROPS, including the server. What am I doing wrong?

Code:
#!/bin/sh
#eth0 192.168.0.50 - connected to Internet
#eth1 192.168.1.51 - connected to LAN
#192.168.1.52 - workstation1
#set default policies
iptables -P INPUT DROP

[Code]...

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -s 192.168.1.52 -j ACCEPT. The reason I'm doing this is, I just want to open necessary ports in the server and restrict LAN usage.

View 2 Replies View Related

Ubuntu Servers :: Iptables Causing Slow Ssh And Name Lookup Errors

Jan 24, 2010

Why would this iptables cause this mail delivery error? I think it's to do with dns lookups not being routed properly... if remove the last rule, mail works fine.

ssh is also very slow to connect when the last rule is enabled.

postfix mail error:

Code:
Jan 24 11:32:18 xxxx postfix/smtp[15065]: 9F2162C519: to=<xxxxx@hotmail.com>, relay=none, delay=1005, delays=965/0.01/40/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) iptables

[Code]....

View 1 Replies View Related

Ubuntu Servers :: Using Iptables To Get Web Usage Statistics And Filter Urls?

Dec 16, 2010

I'm deploying new ubuntu server which should act as a router. I've already set up the NAT for local network, and also did some shaping for different groups of users, but now I'm facing new problem.I need to make a scheduled URL filter. I know it's not a problem with cron and simple script, but maybe there is existing way to do that? And also, I need to make statistics on web-traffic. I need to have list of URLs visited by users (source ip, destination url). Is it possible with iptables? or with any other software but without using proxy servers.

View 9 Replies View Related

Ubuntu Servers :: Make Start An Iptables.cf Script On Server?

Mar 5, 2011

I am trying to make start an iptables.cf script on my server.

I have copied it into /etc/init.d/
And try to make it load with /etc/init.d/iptables.cf start
Then "not permission" (I was the root then).
So, sudo /etc/init.d/iptables.cf start
Then, "command not found".

View 3 Replies View Related

Fedora Servers :: Iptables NAT To Multiple Vlans?

Mar 26, 2009

I have eth0 for administration, and vlans eth0.2 eth0.3 and br0 for resource seperation. My esternal interface is ra0.each internal interface is on a seperate subnet, and I have dhcpd giving connecting devices ip addresses out of their assigned network. I want all of the devices to be able to access the internet through NAT, I need to allow them to communicate with port 80 on eth0's subnet

eth0 10.0.0.0/24
eth0.2 10.2.0.0/24
eth0.3 10.3.0.0/24

[code]...

View 2 Replies View Related

Ubuntu Servers :: Port Forwarding Setup Using IPTables - Transparent Proxy

May 13, 2010

I'm new to linux, but enjoy using it very much, especially without a GUI, console is fun! I need to set up port forwarding. We have 3 servers, 1x running Ubuntu server 8.04 (used as transparent proxy), 1x server 2003, 1x windows xp.

The linux box has the following ips:
eth0 (internal) 192.168.1.5
eth1 (external) 192.168.0.7

Windows server 2003:
192.168.1.6

Windows XP:
192.168.1.9

Router:
192.168.0.1

The router automatically forwards specific ports to 196.168.0.7 (Linux eth0). From there I want to forward port 8585 to 192.168.1.6 and 3000 to 192.168.1.9. Is there a way that I can do this using iptables?

The commands that I think I'm gonna use look like this:
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8585 -d 192.168.1.6 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3000 -d 192.168.1.9 -j ACCEPT

Would this be a correct way of doing it? My biggest problem is that I can't test it without going live, and if I go live and something doesn't work, the entire building will be left without internet, people will hate me. Also, The proxy captures all data on port 80 and forwards it to 3128 so that the proxy can monitor the usage, and a few systems runs fine with it, others however can ping websites, and internet explorer says "website found, waiting for reply" but the webpages cannot be displayed.

View 9 Replies View Related

Ubuntu Servers :: IPTables Rules To Administer Entire Network Via Wireless

Jul 7, 2010

I have a set of iptables I have downloaded and modified for my use. I had it working for 1 lan and wan access. I now would like to have: wan access, 1 lan, and 1 wlan. I need to administer the entire network from my wireless laptop on the wlan network so I need to be able to access the lan from the wlan network, and have the wlan access the lan network. Here are my rules:

#!/bin/sh
# IPTABLES FIREWALL script for the Linux 2.6 kernel.
# This script is a derivitive of the script presented in
# the IP Masquerade HOWTO page at: [URL]
# It was simplified to coincide with the configuration of the sample system presented in the Guides section of [URL]
# This script is presented as an example for testing only and should not be used on a production firewall .....
echo -e " Firewall server rule loading complete "

View 3 Replies View Related

Ubuntu Servers :: Iptables / Netfilter Config Stops Sendmail From Working?

Oct 8, 2010

I have an ubuntu server virtual machine with a webhost. I am trying to configure the firewall. I am having a problem with sendmail and the required firewall configuraiton If I type the command:

iptables -F

Then sendmail works perfectly. I can see the emails sent in my googlemail inbox. I then configure my firewall as follows:

iptables -F
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 2252 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[Code]....

(I have moved SSH to a diffrent port) Once this is setup sendmail no longer works. I had assumed that sendmail will establish a tcp connection and the first rule will allow all established connections to pass. why this iptables/netfilter config stops sendmail from working.

View 5 Replies View Related

General :: Servers On Same Subnet / Same Iptables / Can't Access Webmin On One

Apr 8, 2010

Two servers, one is RHEL 4, and the other is RHEL 5. They are both on the same subnet, one is 10 the other is 11. I added the Webmin rule to the iptables config file but for some reason, the RHEL 4 server, I can access Webmin but the RHEL 5 server I can not. I checked the iptables file and they are the same for both servers, except two rules which are for other ports.

I'm reading about the iptables and had a problem when I manually added the port 10000 entry after the REJECT entry, but wondering if I need to move it up higher or maybe there's another possible block?

View 2 Replies View Related

Ubuntu Servers :: Iptables To Rate-limit Brute Force Attacks On SSH Server?

Sep 30, 2010

I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.

View 6 Replies View Related

Ubuntu Servers :: Port 21 Reported Open By Nmap And Netcat, But Blocked By Iptables?

Oct 11, 2010

Strange issue here when trying to verify firewall on Server 8.04. No ftp service running at all on server, but both nmap and netcat report port 21 as being open, even though it isn't.I am 100% sure that port 21 is not actually accessible and iptables rules are fine. Trying to connect to the port fails, yet nmap and netcat seem to report a "false positive"?Have also checked on a number of other servers I'm running, and this "false positive" seems to apply to all of them.

View 1 Replies View Related

Ubuntu :: Try `iptables -h' Or 'iptables --help' For More Information - ' Not Found.4.4: Host/network `98.200.58.73

Nov 3, 2010

I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):

Code:

#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above

[code]....

Safe.txt contains:

Code:

127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1

And the error message generated is:

Code:

root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8

[code]....

View 3 Replies View Related

General :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?

Sep 17, 2010

I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,

[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

[code]....

View 6 Replies View Related

Fedora :: IPtables Creates An Error During Startup - Applying Firewall Rules: Iptables-restore: Line 21 Failed

Jul 17, 2010

IPtables creates an error during startup as well as when I try to restart it: Here's the output of:

[Code]....

View 11 Replies View Related

CentOS 5 :: Custom Iptables: Remove The Existing Iptables First?

Apr 28, 2009

To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?

View 4 Replies View Related

Red Hat / Fedora :: Best Book For IPTABLES Contains Everything Of Iptables

Jun 18, 2011

I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.

View 2 Replies View Related

General :: Save Iptables When Iptables-save Doesn't Exist?

Apr 14, 2011

I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.

I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:

/user/local/lib/iptables
/sbin/iptables
/lib/iptables

I've tried iptables save, iptables-save and iptables save active.

"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.

how I can save the iptables?

View 1 Replies View Related

Ubuntu :: Using UFW To Configure Iptables?

Mar 12, 2010

I've got a machine on my network that's just running default Ubuntu 9.10, but I was considering setting up a network dhcp service on it to manage my machines. As such I was just wondering about configuring the iptables for it.

Reading about, I believe all incoming connections are dropped by default in a standard installation of Ubuntu anyway. If so, is it simply a case of enabling UFW and using it to allow the appropriate port for the dhcpd service and not touching anything else and everything should remain secure?

View 1 Replies View Related

Ubuntu :: Use Ufw Instead Of Iptables On The Terminal?

Aug 13, 2010

I started to use ufw instead of iptables on the terminal, but was wondering if ufw could be installed on a redhat based system? I'm asking, because my office has a mix systems and would prefer to use ufw on these rpm based systems.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved