Displaying 20 results from an estimated 10000 matches similar to: "iptables failure at the last line"
2016 Jun 20
3
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Good evening,
on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m
2011 Apr 24
3
Adding comments to /etc/sysconfig/iptables
Hello,
I'm a user (and big fan) of CentOS 5.6 and in my /etc/sysconfig/iptables
there are few blocking rules for some annoying visitors of my website
(I run a card game there since many years and some people are "special"):
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A
2016 Jun 21
4
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello Gordon and others
On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:
> On 06/21/2016 02:30 AM, Alexander Farber wrote:
>
>> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
>> --to-ports 8080
>>
>
>
> I think you have the ports backward, here.
>
here the problem description again:
I have
2016 Jun 21
2
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello again,
unfortunately the following /etc/sysconfig/iptables file does not work:
*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
#-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
--to-ports 8080
COMMIT
*filter
:INPUT DROP
:OUTPUT ACCEPT
:FORWARD DROP
-A INPUT -m state --state
2011 Apr 25
1
Blocking an IP address both as source and destination
Hello,
how do you block incoming AND outgoing traffic to a site?
I have 2 drop lines for a site in my /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s xx.xx.xx.0/24 -j DROP
-A INPUT -d xx.xx.xx.0/24 -j DROP
-A INPUT -p icmp -m icmp --icmp-type any -j
2008 Dec 02
2
iptables-save: INPUT DROP [26:8260]
Hello,
why does iptables-save print 2 numbers in square brackets?
Is it used for anything? Is it number of inspected packets
(and what's the other number then)?
And what does *filter mean?
Thank you
Alex
$ sudo iptables-save
# Generated by iptables-save v1.3.5 on Tue Dec 2 23:53:56 2008
*filter
:INPUT DROP [26:8260]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [376:82274]
-A INPUT -m state --state
2007 Sep 29
1
samba with iptables
Hi,
system info:
ubuntu 7.04 (Host OS)
samba 3.0.24 (installed with apt-get)
vmware-server 6.0.1
windows XP (Guest OS)
I was using the iptables script provided by iptablesrocks.org. It's been
quite useful, but I ran into a problem when I tried to connect samba.
Without any iptables rules, I have no problem when connecting host
os(ubuntu samba server) from guest os Windows XP.
I referenced
2003 May 15
0
My iptables (RH 7.2) firewall included
It's a shell script
#!/bin/bash
IPTABLES="/sbin/iptables"
# Load required modules
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod iptable_nat
/sbin/insmod ipt_MASQUERADE
# Then flush all rules
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
# In the NAT table (-t nat), Append
2016 May 31
3
iptables.service listed as: not-found inactive dead
Hello fellow CentOS users,
on a freshly installed 7.2 machine and after reading
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html
I try to enable iptables with following commands:
# cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)
# rpm -qa | grep iptables
iptables-1.4.21-16.el7.x86_64
2019 Oct 09
2
[Bug 1370] New: iptables-restore-translate
https://bugzilla.netfilter.org/show_bug.cgi?id=1370
Bug ID: 1370
Summary: iptables-restore-translate
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter:
2016 Jun 21
2
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote:
> On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote:
>
> > *nat
> > :INPUT ACCEPT
> > :OUTPUT ACCEPT
> > :PREROUTING ACCEPT
> > :POSTROUTING ACCEPT
> > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT
> > --to-port 80
>
>
2005 Jul 30
2
Qos wiht HTB for ADSL/Home
Hi,
My home setup is as following:
- 1024/128 kbit ADSL
- FC3
I set up HTB to prioritize traffic. I am not very pleased with the
obtained results.
The scope of my setup is to have some ssh sessions with remote servers
while browsing websites and running aMule Nothing complicated (I
think... ;).
The very high priority traffic (ssh), gets stuck when I start aMule and
make an FTP download.
2006 Mar 14
2
asterisk and iptables
Hi,
I have a problem with asterisks on Linux.
Looks like it is a iptables problem. My external client (eyebeam, on a
different computer) cannot register to the asterisk server, but the
asterisk server itself *looks* working.
If I dial one of the incoming phone numbers for the server, I can see
the call arriving in Asterisk (using asterisk -r).
I tried nmap on my server, and this is the result:
2015 Dec 29
1
Firewall trouble?
Alright, I have setup the new rules and am waiting to see if I have any
issues. If I do, I will keep working on it. I also read the article
below, which mentions exactly what you I was told about 2008 and newer
using different ports.
https://support.microsoft.com/en-us/kb/929851
Here is the new configuration:
root at dc01:~# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m
2016 Jun 29
0
[CENTOS ]IPTABLES - How Secure & Best Practice
Hello Leon.
In addition to everything else mentioned in this thread, I'd recommend you a great book on the topic.
"Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash"
It contains a really nice and detailed guide on iptables and most common attacks, nmap, psad and snort.
Regarding your config, I'd like to point several things:
1. You're not
2014 Apr 30
2
[Bug 917] New: Kernel OOPS on Kernel 3.14.2
https://bugzilla.netfilter.org/show_bug.cgi?id=917
Summary: Kernel OOPS on Kernel 3.14.2
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: critical
Priority: P5
Component: NAT
AssignedTo: netfilter-buglog at lists.netfilter.org
2016 Jun 29
1
[CENTOS ]IPTABLES - How Secure & Best Practice
Dear Members
Thank you for your replies.
@Anthony K. -- One of the articles that I have read mentioned that the
file gets read from the top to bottom and apply the rules accordingly. In
addition the article also explained that if there is no matching rule, the
default policy will be applied. The writer suggested that rules with the
highest chance to match should be in the beginning of the
2016 Jun 29
0
[CENTOS ]IPTABLES - How Secure & Best Practice
On 29.06.2016 12:00, Leon Vergottini wrote:
> Dear Members
>
> I hope you are all doing well.
>
> I am busy teaching myself iptables and was wondering if I may get some
> advise. The scenario is the following:
>
>
> 1. Default policy is to block all traffic
> 2. Allow web traffic and SSH
> 3. Allow other applications
>
> I have come up with the
2015 Dec 28
0
Firewall trouble?
On 28/12/15 15:33, Ryan Ashley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I recently tried adding a firewall to my Samba 4 server using the port
> information I found on the wiki. Below is a dump of the resulting rules.
>
> root at dc01:~# iptables -S
> - -P INPUT DROP
> - -P FORWARD DROP
> - -P OUTPUT ACCEPT
> - -A INPUT -m conntrack --ctstate
2015 Dec 28
0
Firewall trouble?
On 12/28/2015 10:33 AM, Ryan Ashley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I recently tried adding a firewall to my Samba 4 server using the port
> information I found on the wiki. Below is a dump of the resulting rules.
>
> root at dc01:~# iptables -S
> - -P INPUT DROP
> - -P FORWARD DROP
> - -P OUTPUT ACCEPT
> - -A INPUT -m conntrack