I am new to manage linux server. We have many dedicated server in different regions. Some of them serve mysql and allow access each other. I can modify iptables configuration to add rule accepting port 3306 requests from some server in iptables by myself. Is there other way to manage many iptables efficiently ? Asked by qrtt1 Check out Firewall builder or you can also use puppet iptables module. Firewall Builder supports GUI based firewall [...]Continue Reading »
I have a host that acts as a gateway for other hosts. The configuration is such that eth0(192.168.1.3) is connected to internet via a router and eth1(172.16.2.50) is connected to internal network via switch. Given that, this host is also running a service that is bound to eth1 and serves the internal network. I want to extend this service to the outside world as well and was trying to manipulate iptables so that any request [...]Continue Reading »
I currently limit IP addresses that have access to my SSH service with a rule like this # accept already established iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp –source w.x.y.z/32 –dport 22 -j ACCEPT iptables -A INPUT -p tcp –source a.b.c.d/32 –dport 22 -j ACCEPT #drop everyting else iptables -A INPUT -j DROP iptables -P FORWARD DROP Where w.x.y.z and a.b.c.d are the allowed IPs. I have this [...]Continue Reading »
I have been struggling getting ip6tables to work. It is for a CentOS 6 server running DirectAdmin, hence the ports. Could someone please tell me why it does not allow any traffic? Any input on this is highly appreciated, as I am stuck at this for days now. /sbin/ip6tables -F /sbin/ip6tables -t mangle -F /sbin/ip6tables -A INPUT -i lo -j ACCEPT /sbin/ip6tables -A OUTPUT -o lo -j ACCEPT /sbin/ip6tables -P INPUT DROP /sbin/ip6tables -P OUTPUT [...]Continue Reading »
I’m trying to setup an iptables config such that outbound connections from my CentOS 6.2 server are allowed ONLY if they are of state ESTABLISHED. Currently, the following setup is working great for sshd, but all the Samba rules get totally ignored for a reason I cannot figure out. iptables Bash script to setup ALL rules: # Remove all existing rules iptables -F# Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP [...]Continue Reading »
I’ve tried several different combinations of rules and nothing seems to be working. I know that you can’t use prerouting table for a request coming from the localhost so I used the output table and that just returns errors when using wget. I have wget configured to use a proxy 127.0.0.1:8118. When I use the command below I get my public IP. If I change the command to remove the –no-proxy I get the IP [...]Continue Reading »
I have a VPS where I have successfully set up VPN. I connect with OpenVPN client. The VPN server interface is 10.8.0.1 and the client receives 10.8.0.? IP. And I am able to ping 10.8.0.1. I also seem to be able to do telnet to 10.8.0.1:80, 10.8.0.1:443, etc standard ports with working services on them but not 10.8.0.1:3306. This is the VPN connection as printed by ifconfig: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 [...]Continue Reading »
I know for a fact that iptables running is causing my instance of Apache Solr to be inaccessible. How do I know this? Because I ran: /sbin/service iptables save && /sbin/service iptables stop Once I did this, everything worked flawlessly. I would like to continue using my firewall however, adding the necessary rules for it doesn’t seem to be working. I have exhausted what I thought would work: /sbin/service iptables start /sbin/iptables -A RH-Firewall-1-INPUT -p [...]Continue Reading »
I am trying to forward packets arriving on the host machine to a virtual machine. Current aim is to forward xxx.xxx.xxx.xxx:3022 to the vm 192.168.10.2:22. I tried adding the following rules through the commandline, but without luck: iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -i routed0 –dport 3022 -j DNAT –to 192.168.10.2:22 iptables -A FORWARD -p tcp -i routed0 -d 192.168.10.2 –dport 3022 -j ACCEPT I think this could be because of a [...]Continue Reading »
I just want to prevent nmap and packets that are considered harmful to my VPS (Setup : Debian – Nginx webserver). After applying these rules and disconnecting from ssh I couldn’t reconnect anymore. So I contacted the provider and asked them to flush the rules from backend. Can someone tell me which rules are wrong, or bad configured ? Is there any unnecessary rules in there which is not needed ? I gathered these form [...]Continue Reading »
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?
- Can Windows RDC admin users be immune from being kicked?