Debian Configuration :: Bad Argument '#' In Iptables

Jul 11, 2011

I follow this instructions but after iptables-restore < /etc/iptables.test.rules I see this error # iptables-restore < /etc/iptables.test.rules Bad argument `#' Error occurred at line: 3 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The line 3 is the same as the link - # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0

View 3 Replies


ADVERTISEMENT

Debian :: Iptables Cannot Save The Configuration?

Apr 28, 2011

I am configuring the iptables in the debain squeeze and then running the: iptables-save

View 4 Replies View Related

Debian Configuration :: Iptables Forwarding For Tomcat?

Nov 10, 2010

I've been trying to forward some ports using iptables for some time now, but still haven't figured out how to get it to work..What i'm trying to accomplish is to forward all traffic from port 80 to port 8080, and all traffic from port 443 to port 8443, this because i would like to run tomcat as a non-root user, and the original ports can only be used as root.. I've currently setup my iptables like this:

# Generated by iptables-save v1.4.2 on Wed Nov 10 16:44:45 2010
*nat
:PREROUTING ACCEPT [39350:6120333]

[code].....

View 2 Replies View Related

Debian Configuration :: Iptables Blocks FTP Connections

Jul 8, 2011

For some reason my FTP packets are blocked by iptables even though I thought I allowed them through

My syslog errors are along this line:

And my iptables ruleset:

View 4 Replies View Related

Networking :: Iptables Configuration On Debian Dmz Host?

Jul 6, 2010

I am trying to set up a DMZ host - that is, one multifunctional PC between the WAN and the LAN. I've started with a basic router, and expanding upon that as the need arises. I am currently trying to gain access (from the WAN) to a website hosted on one of the servers in the LAN, but I am having trouble accessing the host from the WAN; I think my iptables configuration may be too restrictive. On the DMZ host, I'm using Debian (Etch). I have setup dhcp3-server, a script to configure iptables and pound (reverse-proxy). The (virtual) machine has 4 network cards: eth0, eth1, eth2, eth3; eth0 is the WAN, eth1 through eth3 serve 3 different virtual LANs.

All machines in the LAN (except one windows 2008 server - I might want to address that problem later) get their IP adresses correctly via dhcp from the DMZ host. All machines on the LAN can access the internet (including the 2008 server if I configure it manually) as they should. If I access http://localhost on the DMZ host, pound reports "The service is not available. Please try again later." - as it should.

I can ping the DMZ host from the WAN on 10.0.0.79 However, if I try to access the DMZ host from the WAN (http://10.0.0.79) I get "Unable to connect" from firefox. I'm sure this is not a pound problem, so I think it's in the iptables, or maybe I should be installing some extra software that I'm unaware of.

[code]....

View 3 Replies View Related

Debian Configuration :: IPTables Output Block Not Local

Sep 19, 2015

I try to create some rules to detect an outgoing traffic from my debian jessie that is not from my IP or loop.

#!/bin/bash
/sbin/iptables -N C_OUT_N_LOCAL
/sbin/iptables -N C_OUT_N_LOCAL_LO
/sbin/iptables -A C_OUT_N_LOCAL -m limit --limit 2/min -j LOG --log-prefix "PK: output not local : " --log-level 4

LO_IP="127.0.0.1"
MY_IP="192.168.0.4"

/sbin/iptables -I OUTPUT -p ALL ! -s $LO_IP -j C_OUT_N_LOCAL_LO
/sbin/iptables -A C_OUT_N_LOCAL_LO -p ALL ! -s $MY_IP -j C_OUT_N_LOCAL

View 0 Replies View Related

Debian Configuration :: Lenny Not Loading Iptables Rules

Dec 30, 2010

I'm having some trouble with the configuration of the iptables. I want to setup a network server to serve as Fail Over (for my 2 ISPs), DHCP and DNS. I have 3 network cards, 2 connected to ISP's routers and 1 that serves as UPLINK for my switch.

I want to add some Iptables rules so I can achieve what I want to do. The problem is that the rules I try to use, they have to effect.... they don't load, here are the rules I am trying to add:

#iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
#iptables --table nat --append POSTROUTING --out-interface eth2 -j SNAT --to EXTIP

When I try to check to see if it loads, with the command:

#iptables -L

It returns empty

View 2 Replies View Related

Debian Configuration :: OpenVPN And IPTables - No Local Hostnames Accessible

Feb 7, 2016

I managed to set up an openvpn server, ip-forwarding and a nat iptable rule for that.

Almost everything works as expected, but my problem is:

Smartphone -> VPN -> Internet ==> works (by ip and hostname)
Smartphone -> VPN -> machine in my local network by IP ==> works
Smartphone -> VPN -> machine in my local network by its hostname => DOES NOT WORK
Machine w/ VPN server -> ping to machine in local network by ip or hostname => works

So, i wonder why i cant access a local machine through the vpn by its hostname. I guess I'm missing a forwarding rule??

iptables dump:
# Generated by iptables-save v1.4.21 on Sun Feb 7 20:56:52 2016
*nat
:PREROUTING ACCEPT [786:59064]
:INPUT ACCEPT [728:53047]
:OUTPUT ACCEPT [19:1487]
:POSTROUTING ACCEPT [20:1576]
-A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Feb 7 20:56:52 2016

View 0 Replies View Related

Debian Configuration :: IPTABLES Protocol To Reject All Incoming Ssh Traffic

Apr 4, 2010

a good IPTABLES protocol to reject all incoming ssh trafiic except for a single IP or IP range?

View 4 Replies View Related

Debian Configuration :: Setting IPTables Default Forward Policy?

May 3, 2010

I'm intending to replace my current router (486DX2 w/16MB running FREESCO which has been faithfully working 24/7 for well over a decade) with a debian box with a bit more grunt and newer features. I'm currently setting up my iptables ruleset and am after a bit of advice re the FORWARD policy. A few example rulesets I have found set the default policy to DROP and the have two lines for each port forward, one to allow the traffic and one to direct the incoming packets to the correct machine.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-destination 10.0.100.10:25
iptables -A FORWARD -i eth1 -p tcp --dport 25 -o eth0 -d 10.0.100.10 -m conntrack --ctstate NEW -j ACCEPT

I'm thinking of setting the default policy to ACCEPT to cut down on typing as my default INPUT policy is DROP and unless there is a valid FORWARD rule for a particular port, the packets aren't going anywhere anyway. Or have I misunderstood something. My googling returned heaps of example scripts & not much intelligent commentary. Alternatively, what do you all use to configure & maintain your debian gateways; hand rolled iptables rules, or any toolset recommendations?

View 4 Replies View Related

Debian Configuration :: How To Restore Iptables To Default Installation Values

May 9, 2010

After resetting a pc running lenny I get iptables errors at boot ("resource temporarily unavailable", "bad rule" etc). "setting up firewall" (Guarddog) is not followed by any errors and the firewall apparently operates ok.How can I restore my iptables to the default installation values?

View 2 Replies View Related

Debian Configuration :: IPTables - Local Host Cannot Get Returning Traffic

Sep 20, 2010

I have a strange iptables issues. I have just built a new Debian install and starting adding some real basic rules (see below) the problem seems to be that the localhost itself can't get any returning traffic. That is, it seems to be allowed outgoing traffic but not the connected, returning traffic. Ordinarily allowing Established Connections would resolve this, see the rule below, but it hasn't. Why this doesn't work. Removing the last DROP in the INPUT chains obviously makes the traffic work!

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j ACCEPT -p tcp --dport 22
iptables -A INPUT -j ACCEPT -s x.x.x.x
iptables -A INPUT -j ACCEPT -s x.x.x.x
iptables -A INPUT -j ACCEPT -s x.x.x.x -p tcp --dport 80
iptables -A INPUT -j ACCEPT -s x.x.x.x -p tcp --dport 8080
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP

View 3 Replies View Related

Debian Configuration :: IPTables Logging Rules Dropping WiFi Connection

Dec 1, 2015

I'm trying to use these cookie cutter rules that I found. But every time I use them, after a few seconds my wifi connection goes dead. The exception was the first time I used then. Which lasted me a couple of minutes.

By dead I mean I can no longer open a webpage or ping google.

iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

View 9 Replies View Related

Ubuntu :: Write A Base Script Which Will Divide An Argument By 10 And Then Use That Argument In Another Program?

Feb 23, 2010

I'm trying to write a base script which will divide an argument by 10 and then use that argument in another program. Since my argument can be a floating point number, I used bc to accomplish this. Here's an example of a simplified version of what I have so far:

<code>NUM=$(echo "scale=25;$1/10" | bc)
#make sure the first argument was formatted correctly
if [ $? -ne 0 ]

[code]...

View 4 Replies View Related

Debian Hardware :: Scanner Fail With Invalid Argument

Oct 29, 2014

This error is very difficult to solve, but also appears widespread across the Debian universe and also others like Arch and Fedora. I use a Canon LiDE 110 scanner and it has always worked very well under Linux. This same problem affects many other scanners not just the 110. Run any front end like xSane and after initially appearing to be OK it will fail with an Invalid Argument error.

But, it does not happen to everyone. I have several machines to experiment with so I did. I also used Debian Testing and Sid, Ubuntu 14.04 and 14.10 and various Mint versions and desktops.

The error is all to do with USB3. Plugging the scanner into a USB2 port does not in and of itself solve the issue. Nor does running the scanner through a hub. On my older laptop without USB3 hardware my scanner works like a charm using any modern Linux. On my very old spare desktop it also works fine despite having USB3.

But, on my shiny new Intel i5 on an ASUS H97I Plus it all falls apart. After much reading of forums and many dead ends we find the problem is modern machines with Intel xHCI Mode in the BIOS. It has to be off, not enabled, auto nor super auto. But when you turn it off you turn off USB3 support and your system falls back to USB2 only. My old spare machine has an AMD chipset and USB3 enabled does not cause this error.

So if you need to use your scanner and get this error then xHCI mode is the workaround. Fine if you have no real need for USB3, but most definitely a temporary solution.

Where in the system does this error come from? Too hard for me. Is it in Sane or in the libusb sub system or all the way up to the kernel? However if you have any USB device that has stopped working this setting in your BIOS has got to be worth a try. It is nothing to do with permissions or firmware.

sane-utils updated to 1.0.24-5 in sid (Dec 12, 2014) problem still exists.

View 5 Replies View Related

Ubuntu Networking :: Getting Iptables Two Nic Configuration?

Jul 27, 2010

i have a question regarding iptables.i have a server running ubuntu server 10.04 with 2 nic's, i want to use it to filter the internet trafic of the people in my network ussing dansguardian and squid. they both work fine.the only problem is how to get iptables to deal with this the right way.

eth0 = LAN
eth1 = internet

View 1 Replies View Related

Server :: Iptables Configuration For UDP Flood?

Feb 21, 2011

Banning the IP is the best way to protect your server but of course, attacker can use another IP and use a lot of your bandwidth until you find and ban the IP. So the only thing we can do to prevent this is, block the packets my iptables length module.

I check the bandwidth usage through "iftop". Incoming traffic is always like 120kb/second and that has to be that way because the traffic enters my server no doubt that it gets dropped by iptables later.

The actual thing what the Ddos ( UDP Flood ) does it that it causes an outbound traffic that eats up like 5mb/second easily and my servers lag. Only if the IP is banned, the outbound traffic comes to an end.

Now I want to use the length module to block it but it just won't work. I've tried the following and shuffled them too but no help.

Code:
iptables -I INPUT -p udp -m length --length 15 -j DROP
iptables -A INPUT -p udp -m length --length 15 -j DROP
Packet length is 15 according to tcpdump:

Code:
19:49:34.504864 IP fms-02.colt.net.belgamanagement.be.56413 > nyc.v1servers.com.20100: UDP, length 15

View 10 Replies View Related

Debian :: Crypsetup Invalid Argument Creating Partition On USB Stick

Jul 10, 2015

I have a problem trying to create an encrypted LUKS partition on a USB pen drive, but I don't know whether it is a hardware or software issue.

I just installed debian on this laptop with non-free packages:

Code: Select allroot@debianpc:~# uname -a
Linux debianpc 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux

Then just to learn cryptsetup I thought it was safer playing with a partition on an old usb pen drive. But when I try the command:

Code: Select allcryptsetup -v --debug --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 3000 --use-urandom --verify-passphrase luksFormat /dev/sdb2

I get the usual message (Are you sure? ...), I type yes then it fails with code 22:

Code: Select all# cryptsetup 1.6.6 processing "cryptsetup -v --debug --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 3000 --use-urandom --verify-passphrase luksFormat /dev/sdb2"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/sdb2 irrevocably.

Are you sure? (Type uppercase yes): yes
# Unlocking memory.
Command failed with code 22: Invalid argument

I had /var/log/messages open in tail on another terminal, but no message appeared. I tried the same command deleting one by one the parameters, but I got the same behaviour, so I don't think it is a parameter problem.

View 1 Replies View Related

Ubuntu :: IPTables Configuration Just Allow Outgoing To HTTP / DNS

Nov 18, 2010

Rather new to Ubuntu. I was wondering for advice on a basic iptables configuration blocking all incoming/forward and just allowing outgoing to http(s) and dns of course.

View 5 Replies View Related

Networking :: Dhcp Offer Get Through Iptables Configuration?

Jun 5, 2011

eth0 is configured through a dhcp server connected directly to it. [URL]...the answer of the server is a UDP to 255.255.255.255. Please tell me how can it pass through this iptables configuration, because it does.

Code:
iptables -nvL INPUT
(policy DROP)
3281 201K ACCEPT all -- eth1 * 192.168.69.0/24 0.0.0.0/0
0 0 ACCEPT all -- lo * 127.0.0.1 0.0.0.0/0
0 0 ACCEPT all -- lo * 192.168.69.1 0.0.0.0/0
0 0 ACCEPT all -- lo * 93.114.xx.xx 0.0.0.0/0

[Code]...

View 9 Replies View Related

Security :: Best IPtables Configuration For Bind DNS Server?

Dec 23, 2010

What is the best IPtables configuration for bind DNS server.

View 3 Replies View Related

Security :: Iptables Configuration Causes Web Content To Be Delivered 'slow'

Apr 26, 2011

In December 2009 I switched my web-hosting package with 1and1 to their best VPS package. What a difference! At this time I knew absolutely NOTHING about Linux sys admin stuff. Now, I know a little more I now run 'several' VPS instances (all with 1and1). Back to the problem then... On all my boxes I run CentOS 5.5 (Linux 2.6.18-028stab070.4) with various different versions of Plesk (9.5.2 and 10.2.0) The VPS instances themselves are on Virtuozzo nodes. As you may know, Virtuozzo has a firewall GUI allowing modification of iptables. I only use this when I make a mistake and cannot SSH. My 'original' iptables: (the VZ chains are controlled by the Virtuozzo container)

Code:

Chain INPUT (policy DROP)
target prot opt source destination
VZ_INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)

[code]....

if this iptables chain limits the number of connections to 3 per second and 100 per second respectively, is this still secure or is there no point in having this rule? If the rule is a good one to have, then how can I allow http connections to bypass this chain/rule?

View 6 Replies View Related

Debian :: Upgrading From Lenny To Squeeze - Alternatives Readline Error - Invalid Argument

Sep 23, 2010

Made sure kernel was 2.6.26+ Changed sources. apt-get update Then it all goes to hell at util-linux... When attempting to

Code:

[root@WdoACnbF01:pts/0][18:42][28.331mb][~]
[===>uname -a
Linux WdoACnbF01 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux
[root@WdoACnbF01:pts/0][18:44][28.331mb][~]

[code]....

update-alternatives: error: readlink(/etc/alternatives/automake) failed: Invalid argument

View 3 Replies View Related

CentOS 5 Server :: Port Configuration - Being Blocked - Iptables And Connection

Jul 4, 2009

I have a fresh installation of CentOS 5 I'm using for a server, and I'm having issues with port configuration. I have iptables running, and it started with no /etc/sysconfig/iptables file. I added a few basic rules (port 53, port 10000 for webmin), saved the file, and restarted the service. I tried connecting to webmin, scanned ports, and traffic was blocked. I set iptables to allow all traffic and restarted the service, and it still showed basically every port as being blocked. It seems port 80 and port 22 work for some reason, even when I tell iptables to block all ports.

I'm not sure what's going on here. Iptables is reading the /etc/sysconfig/iptables file, and if I use lynx localhost:someport it responds as it should according to the file. However, if I try connecting by IP, it's like there's some other firewall or something running that does whatever it's configured to do.....

View 2 Replies View Related

Security :: Iptables State Module - Configuration Error / Not Enable Incoming Packets From Connections Initiated From Inside?

Mar 30, 2011

I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :

Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....

In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.

Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".

Does this configuration not enable incoming packets from connections initiated from inside?

View 3 Replies View Related

Debian :: Debian Lenny Iptables Does Not Logs

Mar 29, 2011

I have problem with loging, actually iptables logs a data but it seems that for some reasons does not writes in a log file:

Code:
iptables -L -v
Chain INPUT (policy ACCEPT 406 packets, 124K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any xxxxxxxxxxx anywhere tcp dpt:xxxx

[Code]....

i checked /var/log/message and /var/log/syslog nothing is here related to iptables. then i create separate file for Iptables by adding this: kern.warning /var/log/iptables.log in my rsyslog.conf it does create iptables.log file inside /var/ but its still empty

View 4 Replies View Related

Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading

Nov 26, 2010

I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.

View 2 Replies View Related

General :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?

Sep 17, 2010

I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,

[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

[code]....

View 6 Replies View Related

Debian Configuration :: ProFTPd Configuration - Use To Host MySQL Databases And A Few Websites

Nov 18, 2010

I am having no luck configuring ProFTPd on a Debian Lenny production server we use to host our MySQL databases and a few websites. I had originally set it up so I could login and manage our internal sites, but I have the need to allow a few clients in to access their sites that we host. I am trying to root the users in their site directory, which would be "/sites/www.whatever.com/".

It just hit me while typing this. Is it possible to create a user without a shell to prevent login via SSH and set the home folder to /sites/whatever instead of /home/username? That would allow me to continue operating with my current configuration and root them in their site while preventing SSH logins.

View 6 Replies View Related

Debian Configuration :: Multipath Configuration On 5.0 64 Bit - Doesn't Create The Relative Devices

Jul 20, 2011

i have a HP MSA 2312fc SAN with 2 LUNs configured. The first LUN (LUN ID 1) is correctly connected to the system, but when i connect the second LUN (LUN ID 30), i find in the syslog this message: multipathd: 8:64: size 6835937472, expected 5267578112. Discard

Here is the multipath.conf

[Code]....

So I correctly see the two luns, but multipath doesn't create the relative devices. Under /dev/mapper I see: control mpath0 mpath0-part1 mpath0-part1 is the first lun, the one I mounted in a directory under filesystem. I can't find the device for the second lun

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved