A networking program that controls the incoming and outcoming stream of data in a computer.
1
vote
1answer
28 views
Intercept incoming TCP/IP packets on Linux and perform NAT
I want to make a decision of what computer is behind the firewall sending the packet.
Imagine I have 2 PCs behind the firewall and I want to, based on (my algorithm), make a decision at the firewall ...
3
votes
0answers
85 views
Creating UFW rule to allow application to use dynamic ports
I am currently trying to get a Google Chromecast device to work through my Ubuntu 13.04 based computer. Currently, the Google Chrome extension shows "no devices found" as long as my UFW firewall is ...
1
vote
2answers
35 views
Missing iptables file on directory /etc/init.d/ (Fedora 17)
Is the the iptables file in Fedora 17 moved from /etc/init.d/ to /etc/sysconfig/ ? I need do some patching to the iptables file to solve the firewall problem (Setting chains to policy ACCEPT: security ...
0
votes
1answer
39 views
PF and types of NAT(Network Address Translation)
As you know, at least 3 types of NAT are used. Of course i need to two types of them.DNAT and SNAT. DNAT : hiding server behind NAT, SNAT : hiding your client behind NAT.
Question:
I read a quick ...
2
votes
3answers
89 views
what is the required ports to be opened on the firewall?
Currently I'll be installing one AIX server behind a firewall, I just asked to open port 443 to use the SSH protocol to access this UNIX server.
I already changed the default ssh port to be 443 ...
0
votes
0answers
31 views
how to list blocked connections events by the firewall?
So, I used firestarter that had logged blocked connections events with some useful details (but it is not being updated and I found somewhat unsafe as any moment we could click to deactivate the ...
0
votes
1answer
92 views
Looking to build a low powered linux based firewall
I am looking to build a low powered linux based firewall. I need a reliable piece of hardware that has two (2) LAN inputs and a built in wifi. Fanless and low power system. any recommendations? Any ...
0
votes
1answer
43 views
Is there any tools which can be used to make ports available from any firewall network?
I have been testing my application which has TCP/UDP ports for peer to peer with the help of server signalling commands for making communication, that works when I have Public IP or Lan IP and not ...
1
vote
2answers
39 views
what is `firewalld --nofork`
I carelessly killed the following process
root 470 1 0 Jun06 ? 00:00:13 /usr/bin/python /usr/sbin/firewalld --nofork
Is there any consequence from killing the process?
Are there ...
2
votes
1answer
29 views
RapidIO packet filtering in Linux
I was wondering if there is support in Linux Kernel for RapidIO packets filtering, something similar to iptables, but based on RapidIO header?
2
votes
1answer
66 views
ufw firewall rules for security.debian.org
What is a practical way to manage a whitelist of firewall outgoing connection rules for http://security.debian.org (on a server that blocks all outgoing connections by default)?
My understanding is ...
2
votes
3answers
217 views
How to setup transparent firewall using ArchLinux
I am trying yo setup a Transparent Firwall using ArchLinux.
My setup looks like this:
(ISP, IP: 10.90.10.254)
\
\
\ (eth0-> ip: 10.90.10.1 gateway: 10.90.10.254)
+-----------+
| ...
0
votes
0answers
36 views
In Linux is there any tools or package which can do STUN TURN ICE NATs and firewalls break end-to-end connectivity
In Linux is there any way to do this NATs and firewalls break end-to-end connectivity with existing package or tools?
e.g: close source cant use it for free
...
0
votes
1answer
59 views
Iptable rule to ssh over the internet
I've a server abc.example.com and a remote desktop zzz.example.com. I'm using SSH over a custom port, say, 6789. Whenever my firewall is off, I'm able to connect to the server successfully. But, as ...
3
votes
1answer
77 views
IPTables - Port to another ip & port (from the inside)
I currently have a NAS box running under port 80. To access the NAS from the outside, I mapped the port 8080 to port 80 on the NAS as follow:
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT ...
1
vote
1answer
53 views
Possible sftp connection behind a router that is impossible to open any public ports except some standart ports like http?
I want to ask about the problem that I have with my office computer. I cannot reach the router so I cannot redirect any incoming requests to my PC.
I have to get a huge file from another computer on ...
1
vote
0answers
28 views
Firewalld SELinux
Is there any way to better explanation firewall-cmd than the one given in Fedora18 wiki.
I am trying to convert iptables to FirewallD in cmd line without GUI but cannot find a decent example or ...
1
vote
0answers
62 views
PGP keyserver and proxy firewall issues
I am not sure this is a Linux question directly ... I use Arch Linux which uses package signing. This requires me to download a set of pgp keys with the pacman-key program. This works off the ...
4
votes
4answers
392 views
How to check whether firewall opened for a port but not listening on the port
We will be deploying a new application to a Server and the application will be listening on port 8443. We have asked Network team to open the firewall for the port 8443 on that server before deploying ...
1
vote
1answer
57 views
Adblock rule to block g+ / twitter / etc. [closed]
Looks like this rule works to blocking facebook domain, when not visiting the facebook domain (ex.: "like/share" etc. buttons on other pages then facebook):
! don't allow facebook outside facebook..
...
2
votes
1answer
506 views
iptables rules not realoading on CentOS 6.x
I have one single ipset addded to my iptables on a CentOS 6.x box and this rule is lost when the machine reboots.
I have found this answer showing how to make a Ubuntu system reload the iptables ...
2
votes
1answer
127 views
How can I disable UFW logging for a specific event?
My router sends out multicast packets in regular intervals that are blocked by UFW's standard policies. These events are harmless but spam my syslogs and ufwlogs. I can't change the router's behaviour ...
2
votes
3answers
349 views
Linux stack for a home network firewall/proxy?
I've got a generic home 'network' where my ISP supplied modem acts as router with a software firewall built-in. My PCs connect directly to this router to access the Internet.
I want to place a box in ...
1
vote
3answers
142 views
Packet analyzer to intercept and filter incoming traffic before any client app
I am curious if most Linux distros make it possible to intercept incoming network traffic as soon as it enters the system and filter its content based on some rules before any other client can use it ...
2
votes
0answers
121 views
Port Forwarding Between 2 Internet Machines
Here's my scenario:
Setup
There are 3 machines:
A: on the internet : has ip (a.a.a.a), has port pa open
B: my server / gateway : has ip (b.b.b.b), has port pb open
C: on the internet : has ip ...
1
vote
2answers
143 views
Is it possible to whitelist a specific program in iptables?
Is it possible to allow all traffic for a specific program in iptables? Otherwise using nmap and a strict iptables configuration at the same time seems impossible.
0
votes
1answer
14 views
EST/REL or REL/EST in iptables firewall scripts?
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
every Firewall rule usually starts with this.
Q: Does it matter that is it RELATED,ESTABLISHED OR ESTABLISHED,RELATED?
2
votes
3answers
239 views
What does this firewall record mean?
Running iptables -L -n gives me the following info:
Chain IN_ZONE_work_allow (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 ...
1
vote
1answer
111 views
How to allow access to web only through proxy?
I have a machine with Linux Slackware 13.37. Is it possible to configure iptables, so the users will be able to access web only through squid? The direct access through the browser will be blocked.
...
1
vote
1answer
427 views
Help to understand Iptables Forward chain with DNAT
I have one server where iptables configured with all chains DROP in filter table
eth0 :- 10.0.0.2 [ Intranet assume as LAN ]
eth2 :- 172.16.0.2 [ External clients assume as WAN ]
Now What I am ...
3
votes
1answer
141 views
IPFW Port Forwarding
This is my situation: I want to connect to an OpenVPN server from my office (we're using a proxy, only ports 80 and 443 are allowed).
Server IP address is: 176.31.250.232:843
My static IP address ...
3
votes
1answer
3k views
How to re-enable iptables on Fedora 18?
FirewallD is the default firewall in Fedora 18. I have been using iptables for quite some time and have a custom configuration which I need for logging of ip traffic. I am not used to the new ...
0
votes
0answers
141 views
Migrating a rule from Debian Iptables to PfSense
I have this firewall rule in my (ex) Debian box:
-A POSTROUTING -s ! 192.168.1.0/255.255.255.0 -j MASQUERADE
And I want to implement the same on my pfsense box.
1
vote
2answers
562 views
iptables blocking from internet side on eth1?
How to use iptables to deal with two Ethernet ports?
eth0 port for LAN use (192.168.1.50 Private IP).
eth1 port is connected to the internet via cable modem (80.0.xxx.xxx public IP).
ifconfig ...
0
votes
1answer
95 views
Fedora Firewall no option as of yet
I need a firewall because I was decade long user of internet security suites on windows. I am not a professional of networks or anything but a student who just needs to block unblock running ...
1
vote
1answer
260 views
What to use for firewall testing (port opened or not)
so... we know that we can test that if a port is open on the firewall with:
telnet SERVERIP PORT
..but afaik there are services that can't be tested with telnet, because ex.: telnet doesn't know ...
2
votes
1answer
148 views
How to configure OpenBSD pf to only allow inbound from given countries?
I have an OpenBSD 5.2 box what's running a webserver on port 80 and an SSHD server on port 2222.
How can I configure OpenBSD's pf to only allow connections from given countries to port 80 and 2222?
2
votes
1answer
181 views
How to interpret and react to Shorewall log?
I see the following pattern in every 2-3 sec, for several minutes in syslog:
Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn SRC=12.34.56.78 DST=98.76.54.32 LEN=60 ...
3
votes
1answer
152 views
Can I limit connections per second for certain UserAgents using UFW?
GoogleBot is hitting my server hard - and even though I have set the CrawlRate in Webmaster Tools it is still hiking up the load on my server and slowing down Apache for the rest of the normal web ...
0
votes
0answers
129 views
fail2ban ignoring ignoreip list
Despite setting the ignoreip value to the IP of our network, it would seem that fail2ban is ignoring this config and still bans us when multiple people access the server via SSH. The ignore list has ...
3
votes
1answer
518 views
How to understand why the packet was considered INVALID by the `iptables`?
I set up some iptables rules so it logs and drops the packets that are INVALID (--state INVALID). Reading the logs how can I understand why the packet was considered invalid? For example, the ...
1
vote
1answer
209 views
Firewall/routing rule in Centos for this setup
I have two ethernet interfaces, namely eth0 and eth1.
I want to implement an advanced routing rule but I am totally new to firewall/routing rules in CentOS.
Here is what I am trying to do:
Both my ...
0
votes
1answer
375 views
Allow incoming connections from Google Translate only
I have a small web server running on port 80, and I'd like to allow only Google Translate to have access to it.
First I tried running dig translate.google.com and dig translate.googleusercontent.com ...
3
votes
3answers
346 views
Can't add large number of rules to iptables
I made a very simple bash script (echo at start, runs commands, echos at end) to add approx 7300 rules to iptables blocking much of China and Russia, however it gets through adding approximately 400 ...
3
votes
1answer
500 views
nmap shows me that one service is “open|filtered” while locally it's “open”, how to open?
I have a Quake 3 server. And it's launched successfully.
The problem is that no one can connect to that server.
I am running: nmap -sU -p 27960 hostname and it's showing me that it's state ...
0
votes
3answers
4k views
How to block https facebook site using iptables [duplicate]
Possible Duplicate:
iptables to block https websites
I am using Zentyal Os as a firewall, it working fine like blocking http sites and but I am not able to block https facebook site.
My ...
1
vote
0answers
81 views
Perform Cisco's DNS Doctoring on FreeBSD
How to perform a change in the DNS response from a DNS server to be a different IP address than the DNS server actually answered for a given name?
...
2
votes
2answers
904 views
MySQL Linux Client Timeout/Keepalive
Is there a way to set a keepalive in the command-line MySQL client on Linux?
Our network recently moved to a VLAN setup, and our systems department no longer has control of the firewall. The ...
4
votes
1answer
1k views
Enable RTSP in iptables
I'd like to receive a RTSP stream via VLC, but when I try to run
sudo -u non_root_user cvlc -vvv -I dummy rtsp://ip:port/x.sdp
I get:
Unable to determine our source address: This computer has an ...
2
votes
1answer
210 views
Make box only communicate on lan only?
I am running a VM with Debian as the guest OS (I can choose another distro). It has nginx running along with some other software.
Some of the software tries to make outgoing connections (for example ...
