Ubuntu :: Using UFW To Configure Iptables?
Mar 12, 2010
I've got a machine on my network that's just running default Ubuntu 9.10, but I was considering setting up a network dhcp service on it to manage my machines. As such I was just wondering about configuring the iptables for it.
Reading about, I believe all incoming connections are dropped by default in a standard installation of Ubuntu anyway. If so, is it simply a case of enabling UFW and using it to allow the appropriate port for the dhcpd service and not touching anything else and everything should remain secure?
View 1 Replies
ADVERTISEMENT
Apr 4, 2010
I am trying to figure out how I can configure IPtables to only allow VNC traffic to an internal server over SSH.
My configuration is WAN < --- > Gateway (Ubuntu 9.10 Server) < --- > Internal Server (that I want to control with VNC over SSH)
View 12 Replies
View Related
Oct 8, 2010
I have configured iptables in my system and is working. But I cant find iptables kernel folders such as iptables/extensions/Makefile to make a utility Where to locate them? or how to download and install?
View 11 Replies
View Related
Mar 19, 2009
can i configurfe iptables except using terminal ? like 32-bit interface application
View 1 Replies
View Related
May 31, 2011
I need to configure 60000 lines in iptables. I am using script to create a file and iptables-restore to configure them.
I am getting error on commit and I see that if the file size if larger than around 39000 it failed.
Is there a limit to number of lines in iptables ?
View 2 Replies
View Related
Apr 26, 2010
I am encountering problems to configure my firewall (through iptables) to allow apt-get features, like update and install.I have the latest debian server running in a virtual machine in my windows xp and therefore I have two interfaces in this debian server:- NAT Interfaceinet: 10.0.2.15- Host Only Interfaceinet: 192.168.56.101So far my iptable rules drop all packets for default, in exception icmp and ssh that I allow to ping and connect from my windows xp. Both of them I use only the Host interface (192...) to connect to another 192... interface on my windows.
Those are working fine, but apt is not. I know, in this very moment it shouldn't. But I made a lot of attempts trying to configure the iptables allow connections through the 80 and 21 ports from/to NAT and Host. I think I made all possible combination (or not, because it didnt work). But I'm wondering if someone more experient can help me solve this problem.
View 11 Replies
View Related
Feb 16, 2011
I have a mail server with IPTABLES enabled.I want to allow access to:
41.0.0.0/8
58.0.0.0/8
61.0.0.0/8
[code]....
View 7 Replies
View Related
Feb 25, 2010
I'm looking to use Linux (Ubuntu 9.10) as a network bridge between two subnets. I can configure iptables to permit all traffic on eth0 (subnet 1) to pass to eth1 (subnet 2) but before transmitting that traffic I want to perform further analysis. Is it possible within iptables or via a third-party product such a pyroman, to write a "hook" that then directs that traffic to another application installed on the same host?
View 2 Replies
View Related
Aug 11, 2011
I am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:
Code:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:
Code:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
Code:
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?
View 4 Replies
View Related
Jan 13, 2010
I am using centos 5.3 , and also using webserver in local network
Here is all configuration
1, server
eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1
2, webserver
eth0 10.0.0.2
I want set iptables on server 1 , to acces webserver from other city ,
How to configure iptables
View 2 Replies
View Related
Nov 3, 2010
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
View 3 Replies
View Related
Apr 16, 2011
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
View 2 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Sep 17, 2010
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
View 6 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Apr 28, 2009
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies
View Related
Jun 18, 2011
I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies
View Related
Apr 14, 2011
I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
View 1 Replies
View Related
Apr 4, 2010
I am trying to follow this tutorial below so that I can get Text to the right of icons on the GNOME desktop. [URL] Everything so far has worked fine, except when I get to step 3 where I compile Nautilus. When I try to run the command ./configure --prefix=/usr It tells me bash: ./configure: No such file or directory
View 5 Replies
View Related
Mar 19, 2011
I found a tool made for Ubuntu called Xautoclick. I downloaded it and it is called "xautoclick-0.30.tar.gz" The installation notes say "tallatBe sure you have the proper development packages for your distribution installed (i.e. something like xserver-xorg-dev, gtk2-dev, et cetera). After that, run:
./configure make sudo make install" I have no clue what to do... I typed in "./configure" in the terminal and it says "bash: ./configure: No such file or directory?
View 3 Replies
View Related
Feb 8, 2010
kpilot worked just fine with my Palm Tungsten T3 on OpenSuse 10.3. I recently upgraded to 11.2 and have had numerous problems. It took me a while to get the hardware talking (documented in another thread), but now the sync is proving to be problematic. A hotsync happens - and I can also sync fully with jpilot, but the sync isn't going anywhere. I'm hoping to sync with kontact, but it's impossible to tell as kpilot hangs whenever I try to configure the conduits through the "Configure kpilot" menu item. When syncing, the log complains of missing conduits:
Version: KPilot 5.3.0 (KDE 4.3.0)
Version: pilot-link 0.12.3
Version: KDE 4.3.1 (KDE 4.3.1) "release 6"
Version: Qt 4.5.3
[Code]....
View 6 Replies
View Related
Aug 9, 2011
I have tried to install and configure Hudson in centos distro version 5.Installed hudson with tomcat by deploying .war files.after configuration was completed, builded a project.It displayed build was completed successfully.but I was not able to download output of build.
So I rechecked configuration,found that i havent set artifact file pattern to archive. how to set artifact file pattern and how to get build output. how to manage hudson by using configure system and configure options.what is the correct way to configure public hudson?.
View 3 Replies
View Related
Jun 5, 2011
I want to install a program from this website http:[url].... and i download the option " hydra-6.3-src.tar.gz".i tried following the instructions on this page: https:[url].... but when i get to the ./configure step it says "bash: ./configure: No such file or directory"
View 9 Replies
View Related
Aug 13, 2010
I started to use ufw instead of iptables on the terminal, but was wondering if ufw could be installed on a redhat based system? I'm asking, because my office has a mix systems and would prefer to use ufw on these rpm based systems.
View 5 Replies
View Related
Dec 20, 2010
So I've used UFW for quite some time now and its been great. But I'm thinking its time to take the plunge into iptables. I want to start blocking repeated connections from IPs trying to brute force my SSH.
I've been reading up on iptables, and it doesn't seem too bad. But I have a few questions I'm hoping people can help with.
1) If I've been using UFW, do I need to do anything special to switch to iptables. I was just going to do "ufw disable". But do I need to uninstall it, or something special. Because even when I do ufw disable, there are still lines in the iptables talking about ufw.
2) regarding those lines, do I need to get rid of them? Is there a way to revert the iptables back to default? These are the lines.
Code:
3) I've read some things that the order of rules in the "chain" matters, but I don't fully understand it. Does it just mean that whatever comes first within the chain takes precedence? So does that mean that if I want to add a new rule, I can't just add it, but I have to make sure it gets listed in the right order?
4) I don't fully understand what these "chains" are either. I can kind of understand the three main ones, INPUT, FORWARD and OUTPUT. But then ufw seems to have added a lot of other ones. What are those?
5) again on chains, if I add a drop IP to the INPUT chain. From my understanding it prevents it from connecting to you. Do I need to put it in the forward chain also? Or just worry about the input chain to prevent connections to me.
View 5 Replies
View Related
Aug 27, 2009
I'm new to Ubuntu and Linux and still trying to figure things out. Are UFW and iptables the same, or are they two different firewalls? The reason I ask this is that I can load up Firestarter, (which, from what I've read controls iptables), then go into a terminal mode and run "ufw status", and it shows disabled. What I'm ultimately trying to do is to open up a port so Vuze and/or Transmission Bitorrent will work, but have not had any success.
View 2 Replies
View Related
Jan 14, 2010
i ran this
Code:
iptables -N rate-limit
iptables -A rate-limit -p tcp -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 3 -j RETURN
iptables -A rate-limit -j DROP
iptables -I INPUT 1 -p tcp --dport 22 -j rate-limit
i am no longer able to ssh in to the machine , how can i reset iptables and firestarted back to default?
View 3 Replies
View Related
May 6, 2010
IPtables, implementing each type of NAT
-Full Cone NAT
-Restricted Cone NAT
-Port Restricted Cone NAT
-Symmetric NAT
using IPTables.
Explanation:
Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Restricted Cone: A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.
Port Restricted Cone: A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.
Symmetric: A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.
On the netfilter mailinglist, Pedro Goncalves suggested the following:
192.168.2.170 is "public" address and 10.0.0.1 is "private" address
/-"Full Cone NAT", with the following rules:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1
/-"Port Restricted Cone NAT", with just a single rule:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
View 1 Replies
View Related
May 10, 2010
I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
View 1 Replies
View Related
Jun 27, 2010
When I try to run anything that uses iptables, even just iptables -L, I get:
Code:
1+drm33.2/modules.dep: No such file or directory
iptables v1.4.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. This is on a fresh Ubuntu minimal install, using my VPS hosts image (so they could have messed something up). I know there have been issues in the past with iptables on Ubuntu on xen. Is this a Ubuntu bug? Is there a solution?
incidentally depmod -a gives:
Code:
WARNING: Couldn't open directory /lib/modules/2.6.32.11+drm33.2: No such file or directory
FATAL: Could not open /lib/modules/2.6.32.11+drm33.2/modules.dep.temp for writing: No such file or directory
View 1 Replies
View Related
