Networking :: Iptables - Matching MAC ?
Feb 5, 2010Iptables manual page says:
Why doesn't it make sense for packets coming from a wireless interface?
ADVERTISEMENT
Programming :: Matching Two Tables Of Non-matching Sizes?
Mar 2, 2011I have two table files with x (1st column) ,y (2nd column) coordinates and intensity (3rd column). I need to match these two tables and divide the intensities at the consecutive coordinates on the 3rd column. The problem is the size of the tables are not same and I want to ignore the lines if they are not in one of the other file.
Here is Table 1:
Code:
-7.500-30.00013.006
-7.500-22.50037.952
-7.500-15.00060.962
-7.500-7.50040.922
-7.5000.00014.348
code....
Networking :: ISC DHCP - Class Matching Based On Mac Address
Aug 12, 2010We have a large number of devices on our LAN with the mac prefix of 00:60:60. We want to assign these addresses from a separate address pool. I've created two classes, one to match 00:60:60 and another that I want to contain any other device. When i try to start the server I get:
/etc/dhcp3/dhcpd.conf line 33: boolean expression expected
match if not binary-to-ascii(16,8,":",substring(hardware, 1, 3))
^#this carrot should be under the last parenthesis#
Configuration file errors encountered -- exiting
Here is the relevant section of /etc/dhcp3/dhcpd.conf
class "006060" {
match if binary-to-ascii(16,8,":",substring(hardware, 1, 3)) = "00:60:60";
}
[Code].....
I've tried a few variations on that line. I've spent days trying to find any examples of "match if not" and haven't found anything. I assume it's going to be something to do with parenthesis/quote placement. Oh and this is ISC DHCP Server V3.0.4.
Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading
Nov 26, 2010I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedGeneral :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?
Sep 17, 2010I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
Ubuntu :: Try `iptables -h' Or 'iptables --help' For More Information - ' Not Found.4.4: Host/network `98.200.58.73
Nov 3, 2010I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
Fedora :: IPtables Creates An Error During Startup - Applying Firewall Rules: Iptables-restore: Line 21 Failed
Jul 17, 2010IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
Ubuntu Servers :: Setup Iptables Rules In /etc/if-up.d/iptables?
Apr 16, 2011I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
CentOS 5 :: Custom Iptables: Remove The Existing Iptables First?
Apr 28, 2009To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedNetworking :: IPTABLES - OpenVPN And IP From ISP?
May 7, 2010I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
Networking :: Add Ip Address In IPTables?
Nov 11, 2010How can I add ip address which is multiple of 3 and to 255? That is I want to block ip address which is coming from multiple of 3 to 255.
As an example 192.168.0.3,192.168.0.6,192.168.0.9,192.168.0.12 etc.
Networking :: Allow Hostname In Iptables?
Mar 2, 2010how to allow a specific hostname with specific ports in iptables?
View 1 Replies View RelatedNetworking :: IP Forwading ( How To With Iptables ) ?
Apr 24, 2011We are stuck big time with IP forwarding where we have to use IP tables. Any advice will be appreciated.
Setup
Machine A --> Machine B -->Machine C
- Machine A connects with Machine B on "internal network"
- Machine B has 2 NIC (and two IP address) , one connected to Machine A (internal network) and one connected to Machine C (External Network)
We need all traffic coming from Machine A which flows to Machine B on port 60 to be directed/forwaded to Machine C (port 60).
Not allowed to configure Machine B as a gateway . Things work with rinetd program when we do a tcp redirect from Machine B port 60 to Machine C (port 60).
But just unable to make it work with IP tables rules. We tried following,but in vain
iptables -t nat -A PREROUTING -s Machine_A -d Machine_C -p tcp --dport 60 -j DNAT --to-destination Machine_C .6:60
/sbin/iptables -A FORWARD -i Machine_B -o Machine_C -p tcp --dport 60 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Any valued inputs?
Networking :: How To Set Iptables For Ftp Tratf
Jul 26, 2010pc need download file from internet ftp server, but can't now, how set iptables ?
iptables mod
[root@ad ~]# lsmod |grep ip
ip_nat_ftp 7361 0
ip_conntrack_ftp 11569 1 ip_nat_ftp
[code]....
Networking :: Iptables Not Forwarding To Another Ip?
Dec 13, 2010I have 2 Linux boxes one acting as a router with a direct connection to the internet, second as a server using the first box as a gateway to the internet. I need to forward requests that I get from the outside to port 8400 to my internal server box at 192.168.0.7:8400
Router IP 192.168.0.5
Server IP 192.168.0.7
iptables -t nat -A PREROUTING -p tcp -d [internet ip] --dport 8400 -j DNAT
[code]...
These rules are on the router (192.168.0.5) I've been trying to find a solution for hours with no success. Basically the problem is I can forward ports on the same box but not to a different ip.
Networking :: Iptables Port 161 UDP/TCP?
Mar 18, 2011iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -p udp --dport -j ACCEPT
iptables -A FORWARD -p tcp --dport -j ACCEPT
and the rules are placed in iptables, i can see them when I do iptables -L. But when I do netstat -an | grep 161 I can see that port 161 (SNMP) is not listening. Why?
Networking :: Iptables To Deny UDP?
May 9, 2011I just want to allow only some udp ports and deny all tcp access as my script below:
Code:
# Generated by iptables-save v1.3.5 on Sun May 8 17:33:16 2011
*filter
[code]....
Networking :: Optimizing The Iptables?
Jan 19, 2010I am working on optimizing the iptables. I came across some way of optimizing the rules by removing the redundant rules and merging the rules . Is there any other way to increase the optimization of iptables ?The network that we applied the iptables is a simple LAN network. (College Network)
View 1 Replies View RelatedFedora Networking :: Iptables Can't Allow DNS & DHCP To LAN?
Aug 3, 2010how to let iptables to allow dns & dhcp distributions from the server to the clients only w/out exposing the port dhcp port udp 67,68 and tcp port 67,68 as well from the outside world.DHCP only uses udp, but still I also allowed tcp ports as well just to be sure & also I already allow DNS ports in the firewall w/c is not inluded below. linux newbie here,
when i issued the command below to allow those ports only to the internal network the firewall still blocking it. what seems to be the problem?? #iptables -A INPUT -m iprange --src-range 192.168.0.1-192.168.0.254 -p udp --dport 67 -j ACCEPT
[Code]...
Ubuntu Networking :: How To Use IPtables For Different NAT Implementation
May 6, 2010IPtables, implementing each type of NAT
-Full Cone NAT
-Restricted Cone NAT
-Port Restricted Cone NAT
-Symmetric NAT
using IPTables.
Explanation:
Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Restricted Cone: A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.
Port Restricted Cone: A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.
Symmetric: A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.
On the netfilter mailinglist, Pedro Goncalves suggested the following:
192.168.2.170 is "public" address and 10.0.0.1 is "private" address
/-"Full Cone NAT", with the following rules:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1
/-"Port Restricted Cone NAT", with just a single rule:/
HTML Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
Ubuntu Networking :: Getting Iptables Two Nic Configuration?
Jul 27, 2010i have a question regarding iptables.i have a server running ubuntu server 10.04 with 2 nic's, i want to use it to filter the internet trafic of the people in my network ussing dansguardian and squid. they both work fine.the only problem is how to get iptables to deal with this the right way.
eth0 = LAN
eth1 = internet
Ubuntu Networking :: Iptables Do Not Work The Way It Should On 10.04?
Aug 14, 2010i'm having a weird issue on 10.04. I have a bash script I wrote to drop incoming connections that are faster than a specified rate (6 per second in the example). I've been using the script successfully on 8.04LTS and CentOS for 2-3 year but it doesnt seem to work on 10.04
Code:
INTERVAL="2"
HITCOUNT="6"
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --set
iptables -A INPUT -d 123.123.123.123 -m state --state NEW -m recent --update --seconds $INTERVAL --hitcount $HITCOUNT -j DROP
Ubuntu Networking :: Iptables And DNAT ?
Mar 10, 2011I'm having a complicated iptables problem. I'm using a linux poweredge 1750 with 4 ethernet interfaces and 1 wireless interface as a router/firewall/wireless access point.
The Computers on the inside can connect and communicate just fine. The access the outside world and other internal devices with no problems.
DNAT from the outside works just fine for things like ssh, webmin and http. But some protocols and services (ftp with filezilla and runuo) use ports to connect. And then, it is like they hand off the rest of the communication to other seemingly randomly determined ports. And that is when the conversation gets dropped. How do I configure my router to notice these port changes and continue to DNAT the conversation?
Networking :: Iptables To Hide A Port?
Jan 13, 2010I am running a voip server on port 5060. I want to hide this to all the robots scanning the net permanently - I know this is not enough security - it is just to prevent them from wasting by bandwidth testing all usernames until fail2ban stops them !
I'd like to have port 5060 accepting requests only from 'trusted' hosts, while others (client with dynamic ip) use port 5065 - thus, port 5060 will only appear open for some trusted partners and the bots will skip to something else.
I have setup the iptables rules succesfully to accept only trusted hosts.
-A RH-Firewall-1-INPUT -s 93.x.y.z -p udp -m state --state NEW -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5060 -j DROP
I've added a PREROUTING NAT rule that change the port from 5065 to 5060 for others - but then, this gets caught in the INPUT rule as port 5060 -A PREROUTING -p udp -m udp --dport 5065 -j DNAT --to-destination 192.168.1.1:5060
This works so well that the packets coming on port 5065 are translated to port 5060 and get caught in the DROP rule...
Networking :: Throttling Bandwidth With Iptables And Tc
May 14, 2010I am trying to limit bandwidth of certain ip addresses on my server. I have been doing hours of reading and not getting very far...
So far I believe the iptables command is:
And now I just need the tc command to read those marks and limit bandwidth, I have a gigabit connection and would like to limit each of these ip addresses to 10mbit in and out.
Networking :: Preventing Access Through Iptables?
Jul 9, 2010I am trying to lock down our application and server with iptables. Anybody have any idea how to prevent accesses to the application from another application? Basically I opened up the ports 80 and 443 for the application server. However, the application points to other apps (ie. database, ldap). I want to limit what it can connect to or who can connect to it. Bascially I can limit who connects to the server itself but the application can still get input from outside servers.
View 4 Replies View RelatedNetworking :: How To Check If Iptables Is Currently Active
Jan 12, 2011I'm new with linux, I just want to know how to check if iptables is currently active, and how to disable it ?? I'm using SUSE 10.
View 6 Replies View RelatedNetworking :: Block IM With Iptables Or Squid?
Dec 24, 2008in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
View 2 Replies View RelatedNetworking :: Block Web Access With Iptables ?
Apr 25, 2010Just wondering if it is possible to block web access on a certain ip address with iptables.
Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.
Networking :: Can't APPLY Iptables Rules
May 22, 2011I added a few rules to my /etc/iptables.rules file and then used sudo iptables-restore < /etc/iptables.rules but i got an error saying "iptables-restore: line 29 failed".But the only word on that line.
View 1 Replies View Related