A networking program that controls the incoming and outcoming stream of data in a computer.
1
vote
1answer
28 views
Reach service on VM with private address
I have this configuration:
source: https://www.lucidchart.com/publicSegments/view/5256a1e5-afb0-4c7a-96fa-35750a00527d/image.png
Basically, I have to reach a service which is running on the virtual ...
1
vote
0answers
15 views
Firewall config prevents hibernate connecting to postgres in CentOS6.3
I have an operating environment in CentOS 6.3 that has tomcat7 and postgres9.2 installed. There is just one web application deployed in tomcat that tries to establish a connection from localhost to ...
2
votes
1answer
53 views
What are the pros and cons to editing iptables configuration file vs adding rules via the iptables command
I am working with a product on CentOS that occasionally needs to automatically add and remove rules from the iptables configuration. For example, during an update, we want to explicitly refuse ...
0
votes
1answer
39 views
how to investigate firewall blocked outbound tcp
CentOS webserver with CSF (Config Server Firewall) running. Blocking all outbound / Inbound traffic except listed ports 80 81 22 21 etc for web, mail & FTP services etc.
I'm use to seeing heaps ...
1
vote
0answers
19 views
FreeBSD ipfw keepstate vs setup keep-state
A lot of examples where people are using keep-state with setup together. For example:
ipfw add 1 allow tcp from any to me 22 setup keep-state
Because of setup, this rule will allow only SYN ...
2
votes
1answer
71 views
UFW: Allow traffic only from a domain with dynamic IP address
I run a VPS which I would like to secure using UFW, allowing connections only to port 80.
However, in order to be able to administer it remotely, I need to keep port 22 open and make it reachable from ...
0
votes
2answers
57 views
Isolate a hosts networking with iptables
I want to isolate a host on my home intranet using iptables on my linux router. So say for instance, I have a host that has the IP of 10.0.1.50 and I want it to be able to talk to the rest of the ...
0
votes
0answers
44 views
fedora 18/firewalld - SMTP port to forward not working
I'm trying to use a dummy/DEV smtp server (webster) which by default opens port 5000 to accept SMTP messages.
Previously with Fedora 16/iptables had no problems opening port 25, redirect to port ...
2
votes
0answers
24 views
FreeBSD pf firewall, new connections severly delayed when nating
I have a newly setup fbsd 9.1 with pf, which itself doesn't experience any slowness when for example downloading a debian iso from my local debian repo (ftp.se.debian.org). Any machine behind it, ...
1
vote
0answers
58 views
Full network logging via linux firewall ( iptables )?
How truly enable full network logging via iptables?
There is an option --log-prefix to add a tag to log entries. But the log entries don't show all complete packets.
What a grand way to enable full ...
3
votes
1answer
65 views
IPtables : Limit number of new ssh connections per minute
I need to ensure on my server that maximum new ssh connections per minute are not more then 5.
sudo /sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT
Above ...
1
vote
0answers
103 views
openwrt firewall - block a set of ip addresses from internet access
I'm running OpenWRT Attitude Adjustment r33556 / LuCI Trunk (trunk+svn9325) on my WNDR3800.
I would like to configure my firewall to:
Only allow a specific range of IP addresses to access internet, ...
0
votes
0answers
22 views
Custom firewall zone
Is there a way to create a custom zone using firewall-cmd in fedora. They give you some predetermined zones, but no way to create a custom zone with a custom name and add rules to that zone.
Is ...
2
votes
1answer
53 views
Linux GUI to track connections made from/to this computer
Is there a GUI to track any socket connection sent to this computer and which program that initiates it?
Also if possible track any incoming connection sent to this computer and which program that ...
1
vote
1answer
67 views
Intercept incoming TCP/IP packets on Linux and perform NAT
I want to make a decision of what computer is behind the firewall sending the packet.
Imagine I have 2 PCs behind the firewall and I want to, based on (my algorithm), make a decision at the firewall ...
6
votes
1answer
408 views
Creating UFW rule to allow application to use dynamic ports
I am currently trying to get a Google Chromecast device to work through my Ubuntu 13.04 based computer. Currently, the Google Chrome extension shows "no devices found" as long as my UFW firewall is ...
1
vote
2answers
122 views
Missing iptables file on directory /etc/init.d/ (Fedora 17)
Is the iptables file in Fedora 17 moved from /etc/init.d/ to /etc/sysconfig/? I need do some patching to the iptables file to solve the firewall problem (Setting chains to policy ACCEPT: security raw ...
0
votes
2answers
84 views
PF and types of NAT(Network Address Translation)
As you know, at least 3 types of NAT are used. Of course i need to two types of them.DNAT and SNAT. DNAT : hiding server behind NAT, SNAT : hiding your client behind NAT.
Question:
I read a quick ...
2
votes
3answers
123 views
what is the required ports to be opened on the firewall?
Currently I'll be installing one AIX server behind a firewall, I just asked to open port 443 to use the SSH protocol to access this UNIX server.
I already changed the default ssh port to be 443 ...
0
votes
0answers
35 views
how to list blocked connections events by the firewall?
So, I used firestarter that had logged blocked connections events with some useful details (but it is not being updated and I found somewhat unsafe as any moment we could click to deactivate the ...
0
votes
1answer
179 views
Looking to build a low powered linux based firewall
I am looking to build a low powered linux based firewall. I need a reliable piece of hardware that has two (2) LAN inputs and a built in wifi. Fanless and low power system. any recommendations? Any ...
0
votes
1answer
51 views
Is there any tools which can be used to make ports available from any firewall network?
I have been testing my application which has TCP/UDP ports for peer to peer with the help of server signalling commands for making communication, that works when I have Public IP or Lan IP and not ...
1
vote
2answers
58 views
what is `firewalld --nofork`
I carelessly killed the following process
root 470 1 0 Jun06 ? 00:00:13 /usr/bin/python /usr/sbin/firewalld --nofork
Is there any consequence from killing the process?
Are there ...
2
votes
1answer
36 views
RapidIO packet filtering in Linux
I was wondering if there is support in Linux Kernel for RapidIO packets filtering, something similar to iptables, but based on RapidIO header?
2
votes
1answer
96 views
ufw firewall rules for security.debian.org
What is a practical way to manage a whitelist of firewall outgoing connection rules for http://security.debian.org (on a server that blocks all outgoing connections by default)?
My understanding is ...
2
votes
3answers
361 views
How to setup transparent firewall using ArchLinux
I am trying yo setup a Transparent Firwall using ArchLinux.
My setup looks like this:
(ISP, IP: 10.90.10.254)
\
\
\ (eth0-> ip: 10.90.10.1 gateway: 10.90.10.254)
+-----------+
| ...
0
votes
0answers
53 views
In Linux is there any tools or package which can do STUN TURN ICE NATs and firewalls break end-to-end connectivity
In Linux is there any way to do this NATs and firewalls break end-to-end connectivity with existing package or tools?
e.g: close source cant use it for free
...
0
votes
1answer
70 views
Iptable rule to ssh over the internet
I've a server abc.example.com and a remote desktop zzz.example.com. I'm using SSH over a custom port, say, 6789. Whenever my firewall is off, I'm able to connect to the server successfully. But, as ...
3
votes
1answer
156 views
IPTables - Port to another ip & port (from the inside)
I currently have a NAS box running under port 80. To access the NAS from the outside, I mapped the port 8080 to port 80 on the NAS as follow:
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT ...
1
vote
1answer
83 views
Possible sftp connection behind a router that is impossible to open any public ports except some standart ports like http?
I want to ask about the problem that I have with my office computer. I cannot reach the router so I cannot redirect any incoming requests to my PC.
I have to get a huge file from another computer on ...
1
vote
0answers
30 views
Firewalld SELinux
Is there any way to better explanation firewall-cmd than the one given in Fedora18 wiki.
I am trying to convert iptables to FirewallD in cmd line without GUI but cannot find a decent example or ...
1
vote
0answers
87 views
PGP keyserver and proxy firewall issues
I am not sure this is a Linux question directly ... I use Arch Linux which uses package signing. This requires me to download a set of pgp keys with the pacman-key program. This works off the ...
4
votes
4answers
2k views
How to check whether firewall opened for a port but not listening on the port
We will be deploying a new application to a Server and the application will be listening on port 8443. We have asked Network team to open the firewall for the port 8443 on that server before deploying ...
1
vote
1answer
66 views
Adblock rule to block g+ / twitter / etc. [closed]
Looks like this rule works to blocking facebook domain, when not visiting the facebook domain (ex.: "like/share" etc. buttons on other pages then facebook):
! don't allow facebook outside facebook..
...
2
votes
1answer
996 views
iptables rules not realoading on CentOS 6.x
I have one single ipset addded to my iptables on a CentOS 6.x box and this rule is lost when the machine reboots.
I have found this answer showing how to make a Ubuntu system reload the iptables ...
2
votes
1answer
180 views
How can I disable UFW logging for a specific event?
My router sends out multicast packets in regular intervals that are blocked by UFW's standard policies. These events are harmless but spam my syslogs and ufwlogs. I can't change the router's behaviour ...
2
votes
3answers
437 views
Linux stack for a home network firewall/proxy?
I've got a generic home 'network' where my ISP supplied modem acts as router with a software firewall built-in. My PCs connect directly to this router to access the Internet.
I want to place a box in ...
1
vote
3answers
163 views
Packet analyzer to intercept and filter incoming traffic before any client app
I am curious if most Linux distros make it possible to intercept incoming network traffic as soon as it enters the system and filter its content based on some rules before any other client can use it ...
2
votes
0answers
149 views
Port Forwarding Between 2 Internet Machines
Here's my scenario:
Setup
There are 3 machines:
A: on the internet : has ip (a.a.a.a), has port pa open
B: my server / gateway : has ip (b.b.b.b), has port pb open
C: on the internet : has ip ...
2
votes
2answers
230 views
Is it possible to whitelist a specific program in iptables?
Is it possible to allow all traffic for a specific program in iptables? Otherwise using nmap and a strict iptables configuration at the same time seems impossible.
0
votes
1answer
19 views
EST/REL or REL/EST in iptables firewall scripts?
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
every Firewall rule usually starts with this.
Q: Does it matter that is it RELATED,ESTABLISHED OR ESTABLISHED,RELATED?
2
votes
3answers
380 views
What does this firewall record mean?
Running iptables -L -n gives me the following info:
Chain IN_ZONE_work_allow (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 ...
1
vote
1answer
136 views
How to allow access to web only through proxy?
I have a machine with Linux Slackware 13.37. Is it possible to configure iptables, so the users will be able to access web only through squid? The direct access through the browser will be blocked.
...
1
vote
1answer
471 views
Help to understand Iptables Forward chain with DNAT
I have one server where iptables configured with all chains DROP in filter table
eth0 :- 10.0.0.2 [ Intranet assume as LAN ]
eth2 :- 172.16.0.2 [ External clients assume as WAN ]
Now What I am ...
3
votes
1answer
151 views
IPFW Port Forwarding
This is my situation: I want to connect to an OpenVPN server from my office (we're using a proxy, only ports 80 and 443 are allowed).
Server IP address is: 176.31.250.232:843
My static IP address ...
3
votes
1answer
3k views
How to re-enable iptables on Fedora 18?
FirewallD is the default firewall in Fedora 18. I have been using iptables for quite some time and have a custom configuration which I need for logging of ip traffic. I am not used to the new ...
0
votes
0answers
150 views
Migrating a rule from Debian Iptables to PfSense
I have this firewall rule in my (ex) Debian box:
-A POSTROUTING -s ! 192.168.1.0/255.255.255.0 -j MASQUERADE
And I want to implement the same on my pfsense box.
1
vote
2answers
744 views
iptables blocking from internet side on eth1?
How to use iptables to deal with two Ethernet ports?
eth0 port for LAN use (192.168.1.50 Private IP).
eth1 port is connected to the internet via cable modem (80.0.xxx.xxx public IP).
ifconfig ...
0
votes
1answer
102 views
Fedora Firewall no option as of yet
I need a firewall because I was decade long user of internet security suites on windows. I am not a professional of networks or anything but a student who just needs to block unblock running ...
2
votes
1answer
450 views
What to use for firewall testing (port opened or not)
so... we know that we can test that if a port is open on the firewall with:
telnet SERVERIP PORT
..but afaik there are services that can't be tested with telnet, because ex.: telnet doesn't know ...
