Displaying 20 results from an estimated 60000 matches similar to: "[CENTOS ]IPTABLES - How Secure & Best Practice"
2016 Jun 29
1
[CENTOS ]IPTABLES - How Secure & Best Practice
Dear Members
Thank you for your replies.
@Anthony K. -- One of the articles that I have read mentioned that the
file gets read from the top to bottom and apply the rules accordingly. In
addition the article also explained that if there is no matching rule, the
default policy will be applied. The writer suggested that rules with the
highest chance to match should be in the beginning of the
2016 Jun 29
0
[CENTOS ]IPTABLES - How Secure & Best Practice
Hello Leon.
In addition to everything else mentioned in this thread, I'd recommend you a great book on the topic.
"Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash"
It contains a really nice and detailed guide on iptables and most common attacks, nmap, psad and snort.
Regarding your config, I'd like to point several things:
1. You're not
2016 Jul 01
3
Securing RPC
Dear Community
I hope you are all doing well.
Recently I have been receiving several complaints from our service
provider. Please see the complaint below:
A public-facing device on your network, running on IP address
XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
111 and participated in a large-scale attack against a customer of ours,
generating responses to
2016 Jun 29
0
[CENTOS ]IPTABLES - How Secure & Best Practice
On 29.06.2016 12:00, Leon Vergottini wrote:
> Dear Members
>
> I hope you are all doing well.
>
> I am busy teaching myself iptables and was wondering if I may get some
> advise. The scenario is the following:
>
>
> 1. Default policy is to block all traffic
> 2. Allow web traffic and SSH
> 3. Allow other applications
>
> I have come up with the
2004 Jun 01
2
weired problem while connecting
hi all
i m connecting to my samba server from a windows xp client. whenever i
started my firewall script the client used to take 4 minutes to connect to
the samba server and i run IRIS (sniffer) on my windows xp box it captures a
packet as shown below
-------------------------------------------------------------------------------------------------------------------------------------
OPTIONS /
2004 May 31
4
please help me.
hi
if i remove the rule for transparent redirection from my firewall script
then it works well. what can be the connection of transparent redirection
with samba
please help me out. i m in a grate trouble. the detailed problem is below
Regards
Azeem
>From: "azeem ahmad" <azeem484@hotmail.com>
>To: samba@lists.samba.org
>Subject: [Samba] iptables and samba
>Date:
2013 Mar 29
1
iptables settings for X11 forwarding in CentOS 6.2
Hi,
We recently installed CentOS 6.2 on our cluster. During
the installation/debugging of various secondary software, we had
disabled iptables. When we re-enabled them, we found that the
front-end would no longer X11 forward (although it does so
when the iptables are off). What do we need to set in the
iptables to permit X11 forwarding? Currently we're using
iptables -P INPUT DROP
2004 May 27
4
iptables and samba
hi
i m using the script below
-------------------------------------------------------------------------------------------------------------------------------------
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
2018 Mar 11
3
Squid vs. iptables redirection: exception for certain domains ?
Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <info at microlinux.fr>:
>
> I've experimented some more, and I have a partial success. Here, I'm
> redirecting all HTTPS traffic *except* the one that goes to my bank:
>
> iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d
> www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
>
> This works
2006 Dec 28
4
filter policy drop and allow transparent proxy
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great? It seems a
bit strange as from reading several articles on it I thought the
following occurs.
1st line - if it doest match it gets dropped on the local filter input.
2nd line - redirects the traffic off the link layer into the network
layer ready for line 3.
3rd line -
2016 Jun 20
3
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Good evening,
on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m
2003 Nov 13
1
HTB traffic shaping + squid cache proxy
Hello!
My system is:
Internet ADSL(PPPoE) ---> ppp0 [LINUX server(router)] eth0 ---> LAN
Server(router) is running on LINUX Slackware 8.1. I have recompiled a
2.4.22 kernel, enabled all QoS support in the kernel config,
including HTB. My ADSL bandwidth is 256Kbit/s for download and
64Kbit/s for upload.
I use the following HTB+IPTABLES configuration, because I want to
reduce bandwith for
2006 Mar 14
2
asterisk and iptables
Hi,
I have a problem with asterisks on Linux.
Looks like it is a iptables problem. My external client (eyebeam, on a
different computer) cannot register to the asterisk server, but the
asterisk server itself *looks* working.
If I dial one of the incoming phone numbers for the server, I can see
the call arriving in Asterisk (using asterisk -r).
I tried nmap on my server, and this is the result:
2020 Jul 16
2
Iptables rules not working
On Thu, Jul 16, 2020 at 9:25 PM Phil Perry <pperry at elrepo.org> wrote:
> On 16/07/2020 16:48, Kaushal Shriyan wrote:
> > Hi,
> >
> > I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I
> am
> > running the below iptables command to allow SSH port 22 from a specific
> > source IP 219.91.200.59
> >
> > iptables -A INPUT -m
2006 Jul 21
5
linux transparent bridge running squid
Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge?
Internet – router - (bridge eth0 – eth1) – local lan
auto lo
iface lo
2016 Jun 21
4
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello Gordon and others
On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:
> On 06/21/2016 02:30 AM, Alexander Farber wrote:
>
>> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
>> --to-ports 8080
>>
>
>
> I think you have the ports backward, here.
>
here the problem description again:
I have
2016 Jun 21
2
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello again,
unfortunately the following /etc/sysconfig/iptables file does not work:
*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
#-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
--to-ports 8080
COMMIT
*filter
:INPUT DROP
:OUTPUT ACCEPT
:FORWARD DROP
-A INPUT -m state --state
2007 Sep 29
1
samba with iptables
Hi,
system info:
ubuntu 7.04 (Host OS)
samba 3.0.24 (installed with apt-get)
vmware-server 6.0.1
windows XP (Guest OS)
I was using the iptables script provided by iptablesrocks.org. It's been
quite useful, but I ran into a problem when I tried to connect samba.
Without any iptables rules, I have no problem when connecting host
os(ubuntu samba server) from guest os Windows XP.
I referenced
2018 Oct 04
3
help with samba and iptables
Hi community, i have a samba server that work's great, but my friends of
IT security said that is vulnerable without a firewall, i try to set an
iptables firewall using the official documentation but is not working
(obviously), this ti my config:
#!/bin/sh
echo n Aplicando Reglas de Firewall...
## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
## Establecemos
2014 Jan 07
2
Forward http traffic
Hello,
On CentOS 6.5 x86_64 I have (/etc/sysconfig/iptables):
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A