OpenSUSE Network :: Blocking Outgoing Network Traffic On Workstation?
Sep 14, 2011
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
I have a remote network that I manage consisting of a DLink DFL-210 firewall/router, and behind that a Dell server running openSUSE 11.2 and a collection of Windows XP/Vista/7 computers.
The Linux box is running OpenVPN as a server (that is how I connect to this network) and a client (it connects to a second server - running XP - at a different location).
The DLink router is the DHCP server and provides addresses on the 192.168.51.0/24 network. The OpenVPN server provides the 10.8.51.0/24 address range.
The remote network that the Linux box connects to is 192.168.54.0/24 via the OpenVPN network 10.8.54.0/24.
I have added routes to the DLink router to route all traffic to the 10.8.51.0/24 and 192.168.54.0/24 networks to the Linux box.
With SUSEFirewall turned off, after I have connected via OpenVPN from my remote computer I can ping all active 192.168.51.0/24 addresses. Other computers on the 192.168.51.0/24 network can ping computers on the 192.168.54.0/24 network. But if I turn on SUSEFirewall, neither of these work. However, I can ping 10.8.54.1 from any computer on the 192.168.51.0/24 network.
How can I set up SUSEFirewall to allow these networks to communicate with eachother?
OS : CentOS 5.3 64bit How to trace incoming and outgoing network traffic for a give user? User 'A' logs in to the system and does various network connectivity As root user need to find what are the outgoing and incoming connection that are related with user 'A'. basically need to check the connection flow. netstat will show ESTABLISHED, LISTEN etc.. need something like tcpdump
Eg:- --user option for tcpdump tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A Can someone tell me any tool which can do such thing? Even if it can show the process ID of the client application which is trying to establish network connectivity will do.
I just set up a new router for our home office. I've enabled traffic logging, and I'd like to have the logs emailed to me. However, in order to configure email-notification, the router needs and outgoing mail server. Forgive me, but I don't really understand the terminology being used here. I've googled this a bit, but I'm not sure I now what "outgoing" vs "incoming" mean in the context. I tried using my gmail account as the outgoing mail server (smpt.gmail.com) but it requires TTLS encryption, and there's no option for that on my router.
So I figured I'd setup a simple mail server on my local network. I have a dedicated server machine, so I'd just configure a mail server there. But I got stumped at the first input box (in the yast module):"Outgoing Mail Server".That's what I wanted to use this server for. What is this "outgoing mail server"? I understand it in a normal emai context (I think) but this is confusing me. I've read through the HowTo on the openSUSE wiki, but it still doesn't answer this question.Isn't there some way to have a simple, local mail server (without MX records and the like) so I can send email from a local machine?
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
SuSE 10.0 X86 32 acting as my internet gateway and firewall.
eth0 is my internal interface network 192.168.0.0/24 IP 192.168.0.254 dsl0 is my internet connection and is a single ip PtP connection to my ISP.
My internal network is masquaraded onto the external network.
I run an smtp server on my gateway box that I need to be accessable to both the internal and external networks.
However I want to prevent machines on the internal network from establishing connections to external smtp servers, but still alow them to connect to the smtp server on the gateway to send email.
NOTE I do not want to force attempts to connect to [URL] 25 to be re-directed to my internal server I just want to drop or reject the connection.
The firewall up until now has just been configured through YaST, but am not afraid to edit script files if needed
The reason for doing this it to prevent spambots from being able to send through my isp, I keep my own machines clean but sometimes get asked to disinfect machines for other people (family members etc), where I need to connect to the outside world to get updates/virus defs etc, but don't want them spamming from my network.
I've setup vnc over ssh tunnelling however the Suse firewall seems to be blocking it. On the local host I have this in ~/.ssh/config:LocalForward localhost:5900 remotehost.com:5900 The problem is that this only works when I either disable the firewall or add an exception for VNC. Both of these actions defeat the whole purpose of ssh tunnelling since they leave my VNC port open to the outside world (very insecure).
My home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 184.108.40.206 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
Printer is connected via USB to server PC running OpenSUSE 11.1 Client PCs are running 11.1, XP, Vista No problem printing from the Windoze machines
Printing is trouble free with the 11.1 client's firewall disabled, but no printer is available with firewall running.
In hopes of diagnosing the problem I figured I'd open everything I could think of until the printer remained available with the firewall running. Then I planned to start removing exceptions one at a time 'til removing one caused the printer to disappear.
I've gone to Yast>Security and Users>Firewall>Allowed Services>External Zone and tried addingSamba Server NetBIOS server Samba Client Samba Server VNC
We are switching from an uncapped 512kb line to a 4MB line at the office... One catch though. The 4MB line will only be linked to a 30GB account, without the option to top up. I therefore have been asked to put something in place to regulate what the staff download at work. Basically block movie, music and torrent downloads should be sufficient, but they would also like to have a list of where staff have been in case of abuse. I have tried OpenDNS in the past, but the guys took great delight in getting around this, and did it within minutes... I can't enter a proxy setting into their browsers, because they all have local admin rights on their Windows boxes and will just disable that. How do I do this on a server level, so that they can't get around this?
I obviously a noob to Suse but after installing 11.4, and filezilla, i cant connect to my ftp server. Ive opened ports 21 22 and 990 explicitly in the firewall and all I get is a 425 error Cant Retrieve Directory Listing. It logs me in ok but doesnt allow data connections?
I would like to be able to monitor which programs are allowed to access the internet, but a search for programs to do this has turned up nothing. Preferably, I would like a notification to come up every time an application uses the internet. Is there any (n00b friendly) software available to do that?
I want to block all the outgoing ssh form my machine, i.e my machine will not be able to ssh to any outside machine using iptables. The distro is RHEL, I added the following entry in the iptables but unfortunately it didnt worked, -A OUTPUT -p tcp -m tcp --dport 22 -j DROP
Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
MY OS IS (Widnows XP ) I'm Using VMware Workstation 7 to run My BT4-Beta (backtrack 4)
in my OS Windows XP I have Internet I'm in big network our administrator using Cyberoam Client for Corporate to allow people using Internet.. so if any people connect this network they should has id in Cyberoam if they don't has id will can't connect to the internet.. they will redirect automatically to the log in page in Cyberoam.
So ! in VMware Workstation 7 i configure network adapter to Bridged and i see internet icon with green color but dose not browse internet and also i can't ping my computer this is mean network dose not appear to backtrack my computer is in the network when i try to do ping this is what happened.
And this output to try run network!
And this is my ifconfig
How to do Step by Step to connect the network using VMware WorkStation!
I'm experiencing very slow network speeds in one direction (out) on a clean install of debian.
iperf client running on laptop connecting to server with issue: Code: Select all$ iperf -c 192.168.10.187 -d ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 128 KByte (default) ------------------------------------------------------------ ------------------------------------------------------------ Client connecting to 192.168.10.187, TCP port 5001 TCP window size: 129 KByte (default) ------------------------------------------------------------ [ 5] local 192.168.10.131 port 55340 connected with 192.168.10.187 port 5001 [ 6] local 192.168.10.131 port 5001 connected with 192.168.10.187 port 52664 [ ID] Interval Transfer Bandwidth [ 5] 0.0-10.0 sec 247 MBytes 207 Mbits/sec [ 6] 0.0-11.5 sec 1.00 MBytes 730 Kbits/sec
I've tried with different cables on the server, no luck. Also note that the laptop gets full speed to speedtest.net as per my internet subscription (75/75 gbit fiber), so the laptop can be ruled out as a problem since it gets more than 75X performance to the internet compared to the local server.
The main purpose of this server is to be a virtualbox host. I've set up one guest system and ran iperf between the host/guest (bridged network). It gives better numbers, still the host -> guest direction is much slower than it should be:
Code: Select allClient connecting to 192.168.10.187, TCP port 5001 TCP window size: 108 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.10.163 port 48573 connected with 192.168.10.187 port 5001 [ 5] local 192.168.10.163 port 5001 connected with 192.168.10.187 port 48856 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 1.65 GBytes 1.42 Gbits/sec
On Linux Mint (Gnome) i used to go to Network drive. that is on the right hand side of Nautilus there is a short cut for Network. in there i could see my network hard drive and other laptops connected to the network, and i could access my files. but on OpenSuse, when i open the network folder, nothing comes up. may be it needs some sort of configuration.
I have a couple of interfaces in a Fedora 14 box: eth0: internet provided by an adsl router eth1: LAN
I set up system-config-firewall to masquerade all outgoing traffic in eth0, as I did in other Fedora 13 boxes, but it seems it doesn't work. It sets to 1 /proc/sys/net/ipv4/ip_forward and also set the appropriate rules in iptables. But all traffic is blocked from the LAN to the Internet. "ping www.google.com" works in the Fedora box, but doesn't work in the LAN computers using the F14 IP as gateway. I have another F13 computer elsewhere configured this way and it works fine. But this one has Fedora 14.
eth0 192.168.2.100 (internal Web, Mail) eth1 192.168.3.100 (Default Gateway nic for clients) eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)
They are all on the same machine
i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)
is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?
I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
Today I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux. From the same PC I can send and receive email, I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro
I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route.. Could this be a problem with /etc/resolve.conf?
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings. MS Gold partners are so nice...
I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux.
From the same PC I can send and receive email,I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route...
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings.
i used the angry ip scan software and found alot of the public ip addresses on our network are accessable from outside when they are not suppose to, For eg printers/ pcs etc. to make a start on locking down the network i was wondering if anybody knew th iptables command to add a rule which blocked all incoming traffic to specific ip adresses on the network and to a range of ip addresses.
Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
I've noticed recently that a lot of outgoing internet traffic is generated by my laptop (running Ubuntu 10.04 - 64 bit). This wasn't the case previously. I only found out because my wireless broadband traffic allowance suddenly was used up very quickly. I've installed ntop to try to find out where all this traffic is going to.
I did find that there were a very high number (at one stage over 11.000) of active TCP/UDP sessions (see attached screenshot). Although the traffic generated by each is only small (about 100 bits/bytes - not sure what) multiplied by thousands, makes a fair bit of traffic. I wonder if I've got some kind of a virus/bug or do I have a configuration problem with my laptop?