Search Results

Search found 1249 results on 50 pages for 'iptables'.

Page 15/50 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

  • Redirect traffic from 127.0.0.1 to 127.0.0.1 on port 53 to port 5300 with iptables

    - by Zagorax
    I'm running a local dns server on port 5300 to develop a software. I need my machine to use that dns but I wasn't able to tell /etc/resolv.conf to check on a different port. I searched a bit on google and I didn't find a solution. I set 127.0.0.1 as nameserver on /etc/resolv.conf. This is my whole /etc/resolv.conf: nameserver 127.0.0.1 Could you please tell me how can I redirect outbound traffic on port 53 to another port? I tried the following but it didn't work: iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to 127.0.0.1:5300 iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:5300 Here is the output of iptables -t nat -L -v -n (with suggested rules): Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 redir ports 5300 0 0 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 5300 Chain POSTROUTING (policy ACCEPT 302 packets, 19213 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 302 packets, 19213 bytes) pkts bytes target prot opt in out source destination

    Read the article

  • Need IP port forwarding to access an internel service running on an internal machine

    - by appleluo
    I am trying to configure iptables to do port forwarding for certain request. The scenario is like this: Login node A can be accessed from outside Compute node B that running the service can be accessed from A but not from outside. I want to set up iptables so that a request for the service on B from outside can be accessed through A. A has two ethernet ports: Internal eth0, with ip internal_A and External eth1, with ip external_A. B has 1 ethernet port, internal eth0. let's say its ip is internal_B The service listens to internal_B:5900. We open external_A:10000 for user access. I configure my iptables with the following commands: echo 1> /proc/sys/net/ipv4/ip_forward /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE /sbin/iptables -A PREROUTING -p tcp -t nat --dport 10000 -j DNAT --to-destination interal_B:5900 /sbin/iptables -A OUTPUT -p tcp -t nat -d external_A --dport 10000 -j DNAT --to-destination internal_B:5900 But it didn't work. Can anybody help me?

    Read the article

  • fail2ban on server with LXC Containers

    - by RoboTamer
    The issue is modprobe and iptables don't work inside an LXC Container. LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”. iptables error inside the container is: # iptables -I INPUT -s 122.129.126.194 -j DROP > iptables v1.4.8: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. I am guessing that it can't work because the LXC containers share one kernel, the main server kernel. How do I do fail2ban in this case. modprobe and iptables work in the main server so I could install it there and link to the logfiles somehow, my guess? Any suggestions?

    Read the article

  • Log with iptalbes which user is delivering email to port 25

    - by Maus
    Because we got blacklisted on CBL I set up the following firewall rules with iptables: #!/bin/bash iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner Debian-exim -j ACCEPT iptables -A OUTPUT -p tcp -m limit --limit 15/minute -m tcp --dport 25 -j LOG --log-prefix "LOCAL_DROPPED_SPAM" iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable I'm not able to connect to port 25 from localhost with another user than root or a mail group member - So it seems to work. Still some questions remain: How effective do you rate this rule-set to prevent spam coming from bad PHP-Scripts hosted on the server? Is there a way to block port 25 and 587 within the same statement? Is the usage of /usr/sbin/sendmail also limited or blocked by this rule-set? Is there a way to log the username of all other attempts which try to deliver stuff to port 25?

    Read the article

  • using iptables to change a destination port but keep the ip the same.

    - by Scott Chamberlain
    I am playing around with transparent proxies, The current way I am doing things is the program makes a request to a computer on port 80, I use iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that I am playing with. the proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy so I want to do something like iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80 The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip? Or am I doing this setup completely wrong, I am learning after all and constructive criticism is definitely appreciated.

    Read the article

  • How do I configure ubuntu server's iptables to allow java without opening the floodgates?

    - by rofls
    I'm new to servers, so please bear with me. I have my amateur site running. Problem is, I followed Rackspace's instructions on setting up iptables and am pretty sure that's why the java server I'm trying to use on port 8080 isn't working (it runs the script but my android test app doesn't connect to it). When I try running the same java server script on port 80 it doesn't even start. I also ran nmap on my domain and saw that indeed only port 80 and 22 (for ssh) are responding. Is it possible to run Java and apache happily on the same server? If so, how can I configure my iptables correctly. (I'm aware that I should probably do some sort of filtering in the java server itself, but will figure that out later).

    Read the article

  • iptables: How to create a rule for a single website that does not apply to other websites?

    - by Kris
    Virtual Dedicated Server hosts 10 websites. 1 firewall made with iptables If one of those 10 websites gets hit by too many ping requests coming from one IP address, how do I limit or drop it without dropping it for the other 9 websites? Do I create a firewall for every website ? If so, how? Or is it better to change my rules? If so, how? Thank you. Original question was posted here iptables: what's best practice when there're several websites but you want to use a rule for a single website? but it was too vague. Let me know if more info is needed.

    Read the article

  • Excessive denied requests for port 58322 in syslog

    - by Nathan C.
    My iptables is setup to block all unneeded ports as it should but I'm checking my syslog due to these random but all-to-frequent apache2 crashes and I noticed a lot of requests such as this. In all the archived syslogs that I have these are present from different IP addresses. There is a similar question with an accepted here: What service uses UDP port 60059? Jun 4 06:49:27 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=218.7.74.50 DST=MY.SERVER.IP.HERE LEN=129 TOS=0x00 PREC=0x00 TTL=115 ID=27636 PROTO=UDP SPT=9520 DPT=58322 LEN=109 Jun 4 06:49:31 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=95.160.226.177 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x00 PREC=0x00 TTL=116 ID=31468 PROTO=UDP SPT=47642 DPT=58322 LEN=111 Jun 4 06:49:54 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=78.137.36.10 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x00 PREC=0x00 TTL=118 ID=21872 PROTO=UDP SPT=57872 DPT=58322 LEN=111 Jun 4 06:50:14 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=111.253.217.11 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x00 PREC=0x00 TTL=116 ID=28882 PROTO=UDP SPT=51826 DPT=58322 LEN=111 Jun 4 06:51:02 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=189.45.114.173 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x16 PREC=0x00 TTL=113 ID=19985 PROTO=UDP SPT=41087 DPT=58322 LEN=111 Jun 4 06:51:09 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=87.89.202.28 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x00 PREC=0x00 TTL=116 ID=7874 PROTO=UDP SPT=17524 DPT=58322 LEN=111 Jun 4 06:51:20 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=24.44.124.35 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x00 PREC=0x00 TTL=118 ID=12978 PROTO=UDP SPT=45596 DPT=58322 LEN=111 Jun 4 06:51:22 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=81.174.48.236 DST=MY.SERVER.IP.HERE LEN=93 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=21352 DPT=58322 LEN=73 Jun 4 06:51:23 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=124.107.61.84 DST=MY.SERVER.IP.HERE LEN=131 TOS=0x00 PREC=0x00 TTL=114 ID=13038 PROTO=UDP SPT=14357 DPT=58322 LEN=111 Jun 4 06:51:30 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=88.8.23.200 DST=MY.SERVER.IP.HERE LEN=123 TOS=0x00 PREC=0x00 TTL=117 ID=21062 PROTO=UDP SPT=4291 DPT=58322 LEN=103 Jun 4 06:51:54 HOSTNAME kernel: iptables denied: IN=eth0 OUT= MAC=fe:fd:ad:ff:dd:95:c8:4c:75:f5:d6:3f:08:00 SRC=80.202.244.234 DST=MY.SERVER.IP.HERE LEN=129 TOS=0x00 PREC=0x00 TTL=114 ID=339 PROTO=UDP SPT=14020 DPT=58322 LEN=109 I'm not overly experienced with server configuration and debugging, so I only just installed logcheck after reading that previous question. I guess my question is what steps should I take after reading this log info to 1) further protect myself, 2) understand if this could be causing any other problems with my VPS, and 3) use this data to help others?

    Read the article

  • Transparent Squid : Logging client ip problem

    - by llazzaro
    Hello, I am using the following rules in iptables in my network to use a transparent proxy * iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128 * iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box * iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT But my squid log, always logs gateway IP (172.16.0.1) Do you know an alternative to not lose client IP? (of course avoid saing manual proxy setup!)

    Read the article

  • routing through multiple subinterfaces in debian

    - by Kstro21
    my question is as simple as the title, i have a debian 6 , 2 NICs, 3 different subnets in a single interface, just like this: auto eth0 iface eth0 inet static address 192.168.106.254 netmask 255.255.255.0 auto eth0:0 iface eth0:0 inet static address 172.19.221.81 netmask 255.255.255.248 auto eth0:1 iface eth0:1 inet static address 192.168.254.1 netmask 255.255.255.248 auto eth1 iface eth1 inet static address 172.19.216.3 netmask 255.255.255.0 gateway 172.19.216.13 eth0 is conected to a swith with 3 differents vlans, eth1 is conected to a router. No iptables DROP, so, all traffic is allowed. Now, passing the traffic through eth0 is OK, passing the traffic through eth0:0 is OK, but, passing the traffic through eth0:1 is not working, i can ping the ip address of that sub interface from a pc where this ip is the default gateway, but can't get to servers in the subnet of the eth1 interface, the traffic is not passing, even when i set the iptables to log all the traffic in the FORWARD chain and i can see the traffic there, but, the traffic is not really passing. And the funny is i can do any the other way around, i mean, passing from eth1 to eth0:1, RDP, telnet, ping, etc, doing some work with the iptable, i manage to pass some traffic from eth0:1 to eth1, the iptables look like this: iptables -t nat PREROUTING -d 192.168.254.1/32 -p tcp -m multiport --dports 25,110,5269 -j DNAT --to-destination 172.19.216.1 iptables -t nat PREROUTING -d 192.168.254.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 172.19.216.9 iptables -t nat PREROUTING -d 192.168.254.1/32 -p tcp -m tcp --dport 21 -j DNAT --to-destination 172.19.216.11 iptables -t nat POSTROUTING -s 172.19.216.0/24 -d 172.19.221.80/29 -j SNAT --to-source 172.19.221.81 iptables -t nat POSTROUTING -s 172.19.216.0/24 -d 192.168.254.0/29 -j SNAT --to-source 192.168.254.1 iptables -t nat POSTROUTING -s 172.19.216.0/24 -o eth0 -j SNAT --to-source 192.168.106.254 dong this is working, but,it is really a headache have to map each port with the server, imagine if i move the service from server, so, now i have doubts: can debian route through multiple subinterfaces?? exist a limit for this?? if not, what i'm doing wrong when i have the same setup with other subnets and it is working ok?? without the iptables rules in the nat, it doesn't work thanks and i hope good comments/answers

    Read the article

  • What is the correct iptables rule when NATing multiple private subnets?

    - by Jose Mendez
    I have a Centos minimal 6.5 acting as a router. eth0 is connected to a Cisco switch trunk port, allowing VLANs 200-213. I have several VLAN interfaces just as this link suggests: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces_802.1q-vlan-tagging.html And have IPv4 forwarding, so all my network devices from any of the networks 200-213 can communicate with each other using this linux box as their router. Problem is, I need them to access the Internet, so I added the following rule: iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j SNAT --to 1.1.1.56 1.1.1.56 is the "outside" address. This works fine, devices connected to the internal networks can ping Intertnet addresses BUT, they stop being able to talk to each other across subnets, so 192.168.211.55 can ping 8.8.8.8, but can't talk to 192.168.213.5. As soon as I do a service iptables restart to remove the rule, I can start talking across internal subnets again. What would be the correct way to set up NAT for multiple private subnets? Or maybe the correct way to set up forwarding?

    Read the article

  • iptables drops some packets on port 80 and i don't know the cause.

    - by Janning
    Hi, We are running a firewall with iptables on our Debian Lenny system. I show you only the relevant entries of our firewall. Chain INPUT (policy DROP 0 packets, 0 bytes) target prot opt in out source destination ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW Chain OUTPUT (policy DROP 0 packets, 0 bytes) target prot opt in out source destination ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Some packets get dropped each day with log messages like this: Feb 5 15:11:02 host1 kernel: [104332.409003] dropped IN= OUT=eth0 SRC= DST= LEN=1420 TOS=0x00 PREC=0x00 TTL=64 ID=18576 DF PROTO=TCP SPT=80 DPT=59327 WINDOW=54 RES=0x00 ACK URGP=0 for privacy reasons I replaced IP Addresses with and This is no reason for any concern, but I just want to understand what's happening. The web server tries to send a packet to the client, but the firewall somehow came to the conclusion that this packet is "UNRELATED" to any prior traffic. I have set a kernel parameter ip_conntrack_ma to a high enough value to be sure to get all connections tracked by iptables state module: sysctl -w net.ipv4.netfilter.ip_conntrack_max=524288 What's funny about that is I get one connection drop every 20 minutes: 06:34:54 droppedIN= 06:52:10 droppedIN= 07:10:48 droppedIN= 07:30:55 droppedIN= 07:51:29 droppedIN= 08:10:47 droppedIN= 08:31:00 droppedIN= 08:50:52 droppedIN= 09:10:50 droppedIN= 09:30:52 droppedIN= 09:50:49 droppedIN= 10:11:00 droppedIN= 10:30:50 droppedIN= 10:50:56 droppedIN= 11:10:53 droppedIN= 11:31:00 droppedIN= 11:50:49 droppedIN= 12:10:49 droppedIN= 12:30:50 droppedIN= 12:50:51 droppedIN= 13:10:49 droppedIN= 13:30:57 droppedIN= 13:51:01 droppedIN= 14:11:12 droppedIN= 14:31:32 droppedIN= 14:50:59 droppedIN= 15:11:02 droppedIN= That's from today, but on other days it looks like this, too (sometimes the rate varies). What might be the reason? Any help is greatly appreciated. kind regards Janning

    Read the article

  • why opening a port is so difficult in ubuntu?

    - by icn
    I have searched around and I have run these commands iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 5432 -j ACCEPT iptables-save > /etc/iptables.rules And I rebooted the box. I had no luck. What am I missing? IS there a universal way to do this thing in ubuntu? I remember in fedora I just need to edit a text file and make it happen. Thanks UPDATE I have run ufw allow 5432 and I ran ufw status I got this result Status: active To Action From -- ------ ---- 5432/tcp ALLOW Anywhere 80 ALLOW Anywhere 22 ALLOW Anywhere 5432 ALLOW Anywhere 5432/tcp ALLOW Anywhere (v6) 80 ALLOW Anywhere (v6) 22 ALLOW Anywhere (v6) 5432 ALLOW Anywhere (v6) I still cannot access 5432!

    Read the article

  • Cannot access firewalled jboss server from Internet Explorer

    - by Simon Gibbs
    I've produced a website for a client One Single Menu using JBoss and hosted it on Rackspace Cloud Servers running Ubuntu's Maverick Meerkat. Following advice, I esablished some iptables rule to protect jboss: iptables -I INPUT 1 -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -I INPUT -p tcp --dport 8080 -j ACCEPT iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -A INPUT -j DROP Now, several versions of IE on several computers on at least two different ISPs cannot access the onesinglemenu.com. Curl from within the datacenter, Firefox, and Safari on the same ISPs can all access the server fine. I even tried IE and Firefox on the same computer and IE failed but Firefox worked. The error behaviour is that IE hangs on connecting without reporting an error, even after a minute or so. No page is displayed at all. I find it quite odd that I'm having a browser specific connection issue, but it appears to be the case. Help!

    Read the article

  • IP tables blocking access to most hosts but some accesses being logged

    - by epo
    What am I getting wrong? A while back I locked down my web hosting service while hardening it or at least trying to. Apache listens on port 80 only and I set up iptables using the following: IPS="list of IPs" iptables --new-chain webtest # Accept all established connections iptables -A INPUT --protocol tcp --dport 80 --jump webtest iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT iptables -A webtest --match state --state ESTABLISHED,RELATED --jump ACCEPT for ip in $IPS; do iptables -A webtest --match state --state NEW --source $ip --jump ACCEPT done iptables -A webtest --jump DROP However looking at my apache logs I notice various log entries in access_log, e.g. 221.192.199.35 - - [16/May/2010:13:04:31 +0100] "GET http://www.wantsfly.com/prx2.php?hash=926DE27C156B40E55E4CFC8F005053E2D81E6D688AF0 HTTP/1.0" 404 206 "-" "Mozilla/ 4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 201.228.144.124 - - [16/May/2010:11:54:16 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-" 207.46.195.224 - - [16/May/2010:04:06:48 +0100] "GET /robots.txt HTTP/1.1" 200 311 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" How are these slipping through? I don't mind the indexing bots (though I am a little surprised to see them get through). I suppose they must be getting through using the ESTABLISHED,RELATED rules. And no, I can't for the life of me remember why the first match state rule is there So 2 questions: is there a better way to set up iptables to restrict access to specified hosts? How exactly are these 3 examples slipping through?

    Read the article

  • IP tables blocking access to most hosts but some accesses being logged

    - by epo
    What am I getting wrong? A while back I locked down my web hosting service while hardening it or at least trying to. Apache listens on port 80 only and I set up iptables using the following: IPS="list of IPs" iptables --new-chain webtest # Accept all established connections iptables -A INPUT --protocol tcp --dport 80 --jump webtest iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT iptables -A webtest --match state --state ESTABLISHED,RELATED --jump ACCEPT for ip in $IPS; do iptables -A webtest --match state --state NEW --source $ip --jump ACCEPT done iptables -A webtest --jump DROP However looking at my apache logs I notice various log entries in access_log, e.g. 221.192.199.35 - - [16/May/2010:13:04:31 +0100] "GET http://www.wantsfly.com/prx2.php?hash=926DE27C156B40E55E4CFC8F005053E2D81E6D688AF0 HTTP/1.0" 404 206 "-" "Mozilla/ 4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 201.228.144.124 - - [16/May/2010:11:54:16 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-" 207.46.195.224 - - [16/May/2010:04:06:48 +0100] "GET /robots.txt HTTP/1.1" 200 311 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" How are these slipping through? I don't mind the indexing bots (though I am a little surprised to see them get through). I suppose they must be getting through using the ESTABLISHED,RELATED rules. And no, I can't for the life of me remember why the first match state rule is there So 2 questions: is there a better way to set up iptables to restrict access to specified hosts? How exactly are these 3 examples slipping through?

    Read the article

  • iptables-restore: line 1 failed

    - by Doug
    Hello, I am new to servers, and I was following this guide and it failed on the first command instructed. Could anyone give me a hand? http://wiki.debian.org/iptables ~ZORO~:/etc# iptables-restore < /etc/iptables.test.rules iptables-restore: line 1 failed Edit: iptables.test.rules ~ZORO~:/etc# cat /etc/iptables.test.rules *filter # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allows SSH connections for script kiddies # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT # Now you should read up on iptables rules and consider whether ssh access # for everyone is really desired. Most likely you will only allow access from certain IPs. # Allow ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # log iptables denied calls (access via 'dmesg' command) -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy: -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT

    Read the article

  • What Iptables rules need I to forward a windows remote desktop connection?

    - by avastreg
    I have this situation: network mask. 255.255.255.0 router/gateway: Ubuntu server (only command line, no gui) with internal lan ip 192.168.0.2 and a dynamic dns on the external ip Windows pc on 192.168.0.1 with RDP (remote desktop connection) enabled on 3389 I want to forward the RDP service on the external address: how can i do that? What are the iptables rules I need to connect to my Windows pc from the outside world?

    Read the article

  • Can't login to Debian (OpenVZ guest) server after setting up IPTables. How to Fix it?

    - by EApubs
    I have an OpenVZ VPS server with Debian. I just setup IPTables to allow the SSH port rebooted it. (Also set the rules to auto load on startup). Now I can't login to the server! How to fix this? Here are the rules : Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:325 DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

    Read the article

  • Gre Tunnel Cisco Linux traffic forwarding

    - by mezgani
    I setup a gre tunnel a cisco router and a Linux machine, the tunnel interface in the Linux box named pic. Well i have to forward traffic coming from cisco through the Linux box. the rules i've set in the Linux box is described as follow: echo "1" /proc/sys/net/ipv4/ip_forward iptables -A INPUT -p 47 -j ACCEPT iptables -A FORWARD -i ppp0 -j ACCEPT iptables -A FORWARD -i pic -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp0 -o pic -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE I see the traffic coming from tunnel and forwarded to internet but no reply from sent packet. May i miss something like a routing rule.

    Read the article

  • puppet service not stopping service

    - by Gregg Leventhal
    notice ("This should be echoed") service { "iptables": ensure => "stopped", } This does not stop iptables, I am not sure why. service iptables stop works fine. Puppet 2.6.17 on CentOS 6.3. UPDATE: /etc/puppet/manifests/nodes.pp node 'linux-dev' { include mycompany::install::apache::init include mycompany::config::services::init } /etc/puppet/modules/mycompany/manifests/config/services/init.pp class mycompany::config::services::init { if ($::id == "root") { service { 'iptables': #name => '/sbin/iptables', #enable => false, #hasstatus => true, ensure => stopped } notice ("IPTABLES is now being stopped...") file { '/tmp/puppet_still_works': ensure => 'present', owner => root } else { err("Error: this manifest must be run as the root user!") } }

    Read the article

  • how to limit upload bandwidth per user in linux?

    - by Gihan Lasita
    Can anyone provide the tc command to limit upload bandwidth per user in Debian Lenny? I found that to mark packets per user with iptables I can use the following command iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner testuser -j MARK --set-mark 500 but I have no idea how to use tc update by running following commands, i managed to limit testuser upload bandwidth to 10Mbit iptables -t mangle -N HTB_OUT iptables -t mangle -I POSTROUTING -j HTB_OUT iptables -t mangle -A HTB_OUT -j MARK --set-mark 30 iptables -t mangle -A HTB_OUT -m owner --uid-owner testuser -j MARK --set-mark 10 tc qdisc replace dev eth0 root handle 1: htb default 30 tc class replace dev eth0 parent 1: classid 1:1 htb rate 10Mbit burst 5k tc class replace dev eth0 parent 1:1 classid 1:10 htb rate 10Mbit ceil 10Mbit tc qdisc replace dev eth0 parent 1:10 handle 10: sfq perturb 10 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 now the problem is, i do not want to limit testuser's FTP bandwidth but by running above commands FTP speed also limited to 10Mbit. Regards

    Read the article

  • puppet restart service failure

    - by Roman
    help me please with service restart # changing iptables` file { "/etc/sysconfig/iptables": ensure => "present", content => template("all_in_one/iptables.erb"), owner => root, group => root, mode => 600, } service { "iptables": ensure => running, enable => true, hasstatus => true, hasrestart => true, subscribe => File["/etc/sysconfig/iptables"] } output is: err Failed to call refresh: Could not restart Service[iptables]: Execution of '/sbin/service iptables restart' returned 1

    Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >