I've setup ufw rules on my system but noticed that the rule i created to allow traffic from my local network is still dropping some RST and ACK packets. here's part of the output of dmesg
[Code]...
I've setup ufw rules on my system but noticed that the rule i created to allow traffic from my local network is still dropping some RST packets.here's part of the output of dmesg
[43627.361500] [UFW BLOCK] IN=wlan0 OUT= MAC=00:16:ea:03:9c:3a:00:1f:a7:3d:d5:eb:08:00 SRC=192.168.0.4 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2210 PROTO=TCP SPT=59521 DPT=9000 WINDOW=0 RES=0x00 RST URGP=0
[code]....
I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?
View 1 Replies View RelatedI am currently having problems with my server. Its being DDOSed. I have a vps with Centos 64bit. The attack I want to block is udp flood. I was trying to do something like this: iptables -I INPUT -p udp --dport 123 -m limit --limit 40/s -j DROP but instead of blocking certain hosts it blocks the whole port and during the attack its unreachable. How to limit packets per host or any other way to protect from udp flood.
View 11 Replies View RelatedI two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedI need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf
View 2 Replies View Relatedi have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
For system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.
View 4 Replies View RelatedI have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
#define DEBUG
#include <fcntl.h>
#include <string.h>
[code]...
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View RelatedMy question is quite simple:What are type of applications where socket in blocking mode can be used ?
And where non-blocking mode to be used ??
TCP is blocking by default.
I have a SSH server on Ubuntu 10.04 running behind a NAT. I have done the port-forwarding at the router. However say for example I want to restrict people connecting to the SSH server by country IP's. When I configure ufw with the following rule it still lets the IPs that are restricted through. Any idea why
sudo ufw allow from xxx.xxx.xxx.xxx/24 to any port 2556
My ISP (Cox) is blocking port 80 and I would like to know if there is a way to open it again. I am to taking about 8080, 8000 or 81 I want to use 80 so I can host my website and every one can access it without the need to put [url]:[PORT] at the URL
View 2 Replies View RelatedI'm trying to install libbz2-dev on my labtop.I'm running Kubuntu 10.04.Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
View 3 Replies View RelatedI am trying to backup my system with a script I found here. It gives me an error message of invalid blocking factor for --exclude=lost+found I have no idea what this means. I tried to search this form for that message and received no hits.
View 2 Replies View RelatedI can see what Firestarter is blocking in the Firestarter/Events tab, but after reading all the man pages of UFW, I still don't know how to check what the UFW is blocking.
View 9 Replies View RelatedAfter reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.
[Code]...
I'm trying to use VNC on my headless desktop server that's running lucid, but I can only use SSH because a pop asking me to unlock the keyring shows up every time I try to use VNC. I don't have a monitor for that desktop, so I was wondering, is there any way to remove the keyring/to automatically unlock it during autologin? I don't remember what a site I found it on, but I used this to remove my keyring yesterday. It's no longer working today.
View 4 Replies View RelatedI need assistance blocking application in Ubuntu 10.04. block all applications for certain users if they do not exist in a certain directory.For example,we would like to prevent users from launching a portable copy of Firefox from a portable HDD or Flash drive.
View 1 Replies View Relatedim having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.
[Code].....
I have the default to deny all. The only rule I have in there is:
Code:
To Action From
-- ------ ----
[code]....
I might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.
Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0
I'm running into a problem with ufw when enabled and need to edit before.rules but i simply do not know how to safely do so. This is a known issue [URL] The problem for me is;i issue the command sudo vi /etc/ufw/before.rules and i get there,i use the arrow keys to get to this part to replace "-m conntrack --ctstate" to "-m state --state" and i do not know how to execute this safely.I am using enter keys,delete keys and.
View 3 Replies View RelatedI am using a NanoStation 2 in Router mode.The NS is connected wirelessly to my neighbor's router and a switch is connect via ethernet to the NS for LAN use.
The past few days I'm trying to use a VoIP client software to connect to my VoIP account.I use Ekiga Softphone to do so, which requires UDP ports 3478-3479 and 5000-5100 to be open.
So I have opened these ports both on my neighbor's router and on the NS.The problem that I'm encountering is that although I manage to register to the VoIP service, when I answer an incoming call the caller is able to hear me, but I'm not able to hear the caller.So I used wireshark and figured that there is no incoming traffic on my end.
I have used many linux VoIP clients with PCs connecting straight forward to an ADSL router and worked perfectly.
So first off, it probably seems this question has been asked thousands of times before. but I did do a search, mostly archived posts that ended up being something other than a true ip blocking of the port. [URL]..
So my port 80 is truly blocked. Ive tried setting up the port forwarding on my router, Ive tried manually allowing all traffic on port 80 through ip tables. Ive even dabbled with setting up something like openDNS to see So far nothing, Im only available on my local network.
There has to be some way to do a redirect though. even something as simple as an htaccess file redirecting [URL].. xxxx (the space is there to avoid my url being interrupted by a smiley
not blocking sites
Code:
dbhome /var/lib/squidguard/db
logdir /var/log/squid
dest block {
domainlist block/domains
[Code]....
under db I created a directory block where I created a domain file and a urls file dosen't seem to be working
Once again I'm trying to get Enemy Territory running on my system. However as usual my graphics card is being a bitch. First of all some system information:
Code:
$ uname -a
Linux abel 2.6.31-20-generic #58-Ubuntu SMP Fri Mar 12 05:23:09 UTC 2010 i686 GNU/Linux
[code]....
I've been able to run *.*msi files in the past through WINE. Apparently the latest version of Ubuntu is blocking the action of launching my *.*msi file. Any way of unblocking this? Uploaded with ImageShack.us. BTW, the app I'm trying to install is Steam.exe.
View 2 Replies View Related