similar to: samba4 AD - strange slowness after enable iptables based firewall

I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new CentOS 6.3 system. In the olden days, I successfully used the attached iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this doesn't seem to be quite working on the new system. Specifically, while it seems to be routing ok, you cannot connect to anything on the inside net (e.g., with ssh or

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

Hi ! I''ve a router linux with 3 eths in order to share internet connection: 1:lo 2:eth0-> Internet Connection (DHCP) 3:eth1-> gateway wired hosts -> 192.168.101.254 4:eth2-> gateway wireless hosts -> 192.168.212.254 / 192.168.230.254 / 192.168.210.254 / ... eth2 haves diferents IP Aliasings because it connect to a switch which connect 4 access points (linksys), each

My firewall config is below... I am trying to figure out why another machine has access to port 5038 on my machine based on these firewall rules. I thought the reject at the bottom would take care of all other ports? It does not. I have restarted with "server iptables restart" and same thing. I can connect from another machine to my machine on port 5038. How do I prevent this?

Below is my firewall rules for iptables. everything is working fine except for NFS I cannot mount my drive. If I turn off iptables I can mount. Looking at this : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html Important In order for NFS to work with a default installation of Red Hat Enterprise Linux with a firewall enabled, IPTables with the default TCP port 2049

Hi, I have a fedora15 x86_64 host with one fedora15 guest running amavis+spamassassin+postfix and performance is horrible. The host is a quad-core E13240 with 16GB and 3 1TB Seagate ST31000524NS and all partitions are ext4. I've allocated 4 processors and 8GB of RAM to this guest. I really hoped someone could help me identify areas in which performance can be improved at both the guest and

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not

centos 6.x gluster --version glusterfs 3.2.7 built on Jun 11 2012 13:22:29 The problem is that when i'm trying to probe like this: gluster peer probe [hostname] It never probe's because the firewall is blocking (when I turn it of on both sides everything works) But I want to keep the firewall running. A google search give's me serveral possible ports to open , so I

I suppose a few questions pop up on this list about access Samba through a firewall. ?I have been very successful running Samba through a firewall, until today. ?I hit a stumbling block. I have a Linux Firewall with the public IP Address of 134.x.x.140 <it is not the exact ip address, but close>. ?I am using NAT and port forwarding to send traffic destined for 137, 138,139, and 445 for BOTH

On Tue, 16 Jun 2020, Leroy Tennison wrote: > I have a gateway machine (currently Centos 7 with IPV4 only) with two > NICs. One is connected to the internet, the other to an internal > network (10.0.0.0/24) of mixed hardware (windows7, android tablets, > android phones, linux boxes) using NAT. I wish to block all outgoing > connects to any external IP address on port 22 (ssh)

Alright, I have setup the new rules and am waiting to see if I have any issues. If I do, I will keep working on it. I also read the article below, which mentions exactly what you I was told about 2008 and newer using different ports. https://support.microsoft.com/en-us/kb/929851 Here is the new configuration: root at dc01:~# iptables -S -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -A INPUT -m

Hi, I seem to be facing an intrusion issue, inspite of firewall (script attached). What am I missing ?? Any suggestions / recommendation are welcome pls. Best regards, Sans -------------- next part -------------- #!/bin/bash echo 0 > /proc/sys/net/ipv4/ip_forward # Clear any existing firewall stuff before we start /sbin/iptables --flush # As the default policies, drop all incoming

Hi all. I created a smb-share on my el6 for all windows-pcs in my home-network (I'm the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can't open it. The error-message ist "Share not found" on our preferred language of course! SELINUX-CONFIG sh-4.1# cat

At 03:47 PM 6/16/2020, Kenneth Porter wrote: >The rule is in the wrong chain. The INPUT chain affects packets that >terminate at the same machine. You want to block packets that will >be passed on to the Internet, so your rule needs to be in the >FORWARD chain. (The OUTPUT chain affects packets that originate at >your machine.) > >Here's a nice collection of diagrams

I just looked up 42 and 68. I do not use WINS or BOOTP. I am removing range 1024-5000 and replacing it with 49612-65535 now. I already allowed 389 TCP. Lead IT/IS Specialist Reach Technology FP, Inc On 12/29/2015 03:58 AM, L.P.H. van Belle wrote: > Hai, > > Im missing a few things. > > And maybe time server port to open? Are your dc's time server also? > These are the

Hi. I need connect some LAN stations with SJphone to an Asterisk Server published on Internet. My Lan Clients access to Internet using a small linux firewall/proxy server. I use the next firewall script. That is a simple script with default policy ACCEPT, and NAT to share Internet. I can connect to the asterisk server, authtenticate the users in the server, and dial to any extension, but

Hi everyone, I had posted recently about getting Samba4 to work on CentOS 6.4 but having changes only replicating in one direction, from the Win2k3 AD but not back to it. I solved the problem, this time, by disabling iptables. I find it a bit hard to understand. These are the rules I have set up: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [52:5888] -A INPUT -m state

Folks I'm struggling with my firewall settings, and would appreciate some help. I have a gateway machine (currently Centos 7 with IPV4 only) with two NICs. One is connected to the internet, the other to an internal network (10.0.0.0/24) of mixed hardware (windows7, android tablets, android phones, linux boxes) using NAT. I wish to block all outgoing connects to any external IP address

Ok, I have a challenge - get two services working over a single port. (!) Sometimes it's a web service, sometimes it's a VNC service. Here's what I had in mind: 1) Server is normally a webserver listening on port 80, and normally has the following rules active: # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -t nat -A POSTROUTING -j MASQUERADE 2)