All Questions
58 questions
0
votes
1
answer
55
views
Any updates ways to block wildcard outgoing traffic to a domain?
Suppose I'm going to block a domain and its subdomains that I know it has.
I tried these ways, but none of them worked as expected or didn't work at all:
/etc/hosts.deny (I later figured out this ...
- 433
1
vote
1
answer
957
views
Cannot access Outline VPN on CentOS
I installed Outline VPN a few times on Ubuntu servers and each time it was fast and easy. Now I'm trying to install it to CentOS and the Outline VPN shell script executes smoothly and with no errors:
...
0
votes
1
answer
1k
views
CentOS/RHEL: How to disconnect established connection and prevent subsequent connections until reboot?
I'm trying to test a system that uses multiple interconnected hosts, with one of the hosts randomly selected as the leader and the others being members. The members connect to the leader on a specific ...
- 103
3
votes
1
answer
701
views
Linux: only allow outgoing connections to specific domains
I have a CentOS server and only want to allow outgoing connections to specific domains. (allowlist) My thought was to have a DNS proxy which adds the allowed ips (only ipv4 needed) to nftable named ...
- 83
0
votes
1
answer
2k
views
CentOS 7 custom routes with 2 NIC's
I have two interfaces o my CentOS 7:
ens192 - 10.70.87.200/24
ens224 - 192.168.11.200/24
tcp/22 has to be listening only on ens192
I want all internet traffic but a few networks do be going out via ...
- 1
1
vote
0
answers
495
views
iptables rejecting localhost connection
iptables is rejecting connection on localhost and i can't find what's causing it. I was given a centos 7 server to configure for a project and it had about 500 rules configured now after running my ...
- 111
0
votes
0
answers
1k
views
Block access to the server from public IP with iptables
I have 2 servers, I configured one server for http and php (the name is: web ) and another one for mysql (the name is: db).
In both of these servers, I have public and private IPs.
I wanted to have ...
- 113
2
votes
0
answers
25
views
Routing - Route specific Internal IP''s over VPN device
I'm running OpenVPN with some configs on a centOS7 machine. They connect to remote VPN sites and sometimes they change ip after a reboot. They are called tun0, tun1 etc.
Now i need some devices to go ...
0
votes
1
answer
405
views
How to route copied packets to second interface?
I have two AWS instances running CentOS 7, A and B, and I need to send all copied packets from A to a second interface on B (eth1). I have set up IPTables to copy and send packets:
iptables -t mangle ...
9
votes
1
answer
19k
views
How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
I started out with this:
# First, allow outbound traffic for all allowed inbound traffic
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow ...
- 341
1
vote
0
answers
113
views
Give access to CloudFlare IPs in iptables
I trying to DROP all requests except CloudFlare requests, and give SSH access to a certain ip.
so I write this rules :
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
...
- 113
2
votes
1
answer
266
views
Can iptables change its rules based on the network you're currently in?
Does iptables have a way to automatically adapt some of its rules or just straight out switch which rule sets it's using based on what your current network is?
I have a lot of uses for something like ...
- 228
16
votes
1
answer
45k
views
What are the IP ranges to block the entire Russian Federation? [closed]
Every single morning the Russian Federation keeps attacking our sites. Every single day I block their IP address and every single day they use a new sub net. I tried:
-A INPUT -s 4.53.0.0/16 -j DROP
-...
- 1,705
0
votes
0
answers
392
views
Iptables flush does not work
I am trying to make counters 0 for a specific ip chain.This is the command I used.
iptables --zero mychain
This was the official command given in netfilter MAN page. But this does not make counters ...
0
votes
1
answer
307
views
CentOS 6 IPTABLES list rules
I've entered some rules into IPtables on CentOS 6. But when I run 'service iptables status' I get a different result than when I go 'iptables -L'.
I need to open up port 1270 on this machine.
This ...
- 171
1
vote
2
answers
2k
views
IPTables - Allow (ACCEPT) specific IPs within a blocked (DROP) subnet
I'm fairly new to IPTABLES, but I've written a script that blocks several of Amazon EC2's IP ranges from an input file, blacklist.txt:
...
54.66.0.0/16
54.67.0.0/16
...
I also have a separate ...
- 11
1
vote
2
answers
847
views
Can't get port 23 open on CentOS 6.8
I have just upgraded from CentOS 6.6 to 6.8 (64bit). We have a site-licensed telnet client that allows multiple windows on a single database seat. I have disabled SELinux and rebooted the system.
# ...
- 11
1
vote
1
answer
2k
views
Fail2ban failed to start on Centos 7. Missing /var/log/secure file
A few days ago I bought vps and installed Centos 7 on it. Now I'm trying to set up fail2ban for ssh. I installed epel-release. Iptables was in use by default. This is what I'm getting when I'm trying ...
- 75
0
votes
2
answers
15k
views
Block port 111 on centos 7
I am using a server with centos 7 running kvm/virtualization, I access using VNC server.
Today I received an warning about my server being used to attack other server using port 111, I am completely ...
- 53
0
votes
1
answer
632
views
ipset -j SET --add-set notwroking in cetos
I recently installed ipset rpm and kmod-ipset rpm for my Centos (Linux 2.6.18-194.11.3.el5 i686) and try to hands with help of some examples from internet,
but when I try to ban user who tries to ...
- 43
0
votes
1
answer
751
views
Cannot restart apache on Centos 7
I cannot restart HTTPD on Centos 7. When I try to run the command it shows this error below. How can I overcome this?
--
-- Unit session-735.scope has begun starting up.
Apr 12 15:33:01 localhost....
0
votes
1
answer
613
views
How to manage my firewall with new Centos's utilities?
I just installed a Centos7 distribution on my server.
I came from Centos6, and I read that iptables utility has been replaced by firewalld and services utility by systemctl.
So I try to get my ...
- 131
0
votes
2
answers
99
views
Ping between two Linux systems via an intermediate Linux fails
I have a simple network with three Linux systems running CentOS 2.6.
Linux 1
(eth1: 192.138.14.1/24)
|
|
(eth4: 192.138.14.4/24)
Linux 2
(eth2: 192.138.4.3/24)
...
4
votes
1
answer
216
views
Is IPTABLES obsolete when behind a router?
I'm still quite noobish when it comes to networking. I was fiddling around with squid on centos and i was wondering whether turning on iptables when your centos box is behind your isp modem/router has ...
4
votes
1
answer
34k
views
Fail to start iptables.service: 'No such file'
I'm trying to directly use iptables instead of firewalld to manage firewall rules. However systemctl start iptables prints:
[root@centos-new ~]# systemctl start iptables
Failed to issue method call: ...
- 197
0
votes
1
answer
677
views
Samba ports still closed even with iptables rules flushed and disabled
I’m trying to install Samba on a server running CentOS 6 with WHM/cPanel, and I’m having some trouble with ports.
This is a brand new system as of yesterday, and I haven’t yet started locking down ...
- 344
0
votes
1
answer
9k
views
ssh: connect to host * port 22: Connection timed out
I have CentOS 7 running on a VPS machine and after a computer restart, I could no longer SSH to it.
$ ssh -v <IP>
OpenSSH_6.6.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /...
- 111
1
vote
1
answer
2k
views
iptables always needs restart
I have a CentOS 7 PC, on which I'm using iptables.
I have an Oracle 11gR2 instance on that PC and I need to access is from other PCs in the LAN.
My /etc/sysconfig/iptables:
# Generated by iptables-...
- 395
0
votes
1
answer
595
views
iptables out bound port to remote mysql
Following is my iptables file on my centos, I am unable to open 3306 port to connect to remote mysql server. I dont know what I am doing wrong although it looks fairly simple.
When I stop the iptable ...
- 1,713
1
vote
0
answers
321
views
Nodejs remote debugging ports closed
I have a problem with nodejs remote debugging. I'm using centos on remote server and phpstorm on my PC. When I open putty I type the command:
node --debug-brk=5858 main_server.js,
and get the output:...
0
votes
3
answers
21k
views
iptables not starting on CentOS 6
I am running CentOS release 6.5 (Final) and cannot figure out why my iptables is not starting.
I may have executed some other command to permanently prevent the start up of iptables; I do not remember....
- 11
0
votes
4
answers
4k
views
IPtables keeps resetting rules and blocking almost everything
Every time I reset IPtables, the rules keep coming back in about 10 minutes, blocking everything besides port 22 and 80.
When I do a "iptables-save", I see this
I can't find out where it's coming ...
0
votes
1
answer
74
views
CentOS - ipTables
I have some questions about ipTables.
Is it possible to open all ports between 2000 and 6000 and then have 2245, 5435,5434 closed?
Is it possible to open some ports from a ip address? Eg. The only ...
- 195
0
votes
1
answer
786
views
CentOS 7.x iptables
I have manually edited the /etc/sysconfig/iptables file in my CentOs 7.x installation , I have two entries and two processes running at the respective ports.
I am able to telnet/access port 2181 but ...
- 111
2
votes
1
answer
751
views
IPSet with IP6Tables ERROR
Can someone please solve my headache and tell me how to fix this?
[root@www ~]# ip6tables -I INPUT -m set --match-set blacklist6 src -J DROP
ip6tables v1.4.7: Couldn't load match `set':/lib64/...
- 21
1
vote
1
answer
2k
views
iptables blocking all traffic even with ports opened
Simple as I can put it: I can't access my servers with iptables enabled, with default rules. Need to disable iptables to get access. Trying to find the cause. Only difference in setup type is layer3 ...
- 13
3
votes
4
answers
15k
views
bridge does not forwarding packets centos
I am using CentOS 6.5 64
and use xen to create a virtual machine (CentOS)
ifconfig
[root@CentOS ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:54:B3:FA
inet6 addr: fe80::a00:...
- 533
0
votes
1
answer
1k
views
Routing internal traffic in centos to the internet using iptables
Hello friends i am struck in routing traffic from the office to internet i have a network structure like this http://asthana.me/images/ip.png I have assigned static ip to the cent os server(which ...
0
votes
1
answer
252
views
Turning iptables off on development server permanently?
What would be the downsides of turning off iptables permanently on a development environment? I don't like the fact that every time I restart virtual box I must do:
service iptables stop
service ...
- 87
0
votes
1
answer
2k
views
iptables stupid error (iptables -A INPUT -j ACCEPT)
[root@router ~]# iptables -A INPUT -j ACCEPT
iptables: No chain/target/match by that name.
How is that possible? I recompiled the kernel (3.11.8) and updated iptables to 1.4.16. The strage thing is ...
- 845
0
votes
2
answers
481
views
Server can't be accessed
I have a server I rent from OVH and I rebooted it and now I can't connect to it, OVH responded with
"The server has started (login is requested on the screen) but inaccessible
by the network (not ...
- 11
0
votes
2
answers
1k
views
Port based NAT-ing with iptables
On eth0 port we have public IP, and eth1 we have IP 10.31.0.1 which provides DHCP and Squid service.
Ports 8080,53,67,80,443 are open. Now for an application we have to open 1521,8443 ports so that ...
5
votes
3
answers
25k
views
Source Based Policy Routing & NAT (DNAT/SNAT) aka Multi WANs on CentOS 5
Originally posted at Unix and Linux but nobody was able to answer it, so m migrating the question here:
My question is regarding Source Based Policy Routing on CentOS 5 with 2 WANs plus a LAN (NAT) ...
- 111
0
votes
1
answer
5k
views
Manually Editing iptables
I'm using CentOS. What I'm wondering is, what happens if I manually edit /etc/sysconfig/iptables and save it? Is that the definitive source? When I type iptables -L I get something that doesn't match ...
- 103
0
votes
1
answer
1k
views
How can I add the port to iptables rules on centos?
I want to open the port 8040 on my centos, but I keep getting connection refused.
This is what I have done:
iptables -I INPUT -m state --state NEW -p tcp --dport 8040 -j ACCEPT
iptables -I INPUT -m ...
- 141
6
votes
1
answer
8k
views
How to configure a firewall on Centos using Vagrant and Chef
I've created a server box using Vagrant and Chef and everything is up and running correctly. However, when the box is installed from scratch the default iptables rules are in place and so I need to ...
- 1,412
1
vote
1
answer
2k
views
iptables routing marked packets from router to PC and routing them back to router
I'm trying to do deep packet inspection on HTTP packets. The purpose of this is to collect HTTP payload data and then create some proxy/cache-independent reports. Following this, the idea is to ...
- 11
0
votes
1
answer
229
views
IPTables Allowing Access without Rules
I'm sure this is mostly my misunderstanding of how iptables works, but I've set up some rules...
-A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 22 -m ...
6
votes
2
answers
27k
views
CentOS 6 - iptables preventing web access via port 80
I'm setting up a new web server with CentOS 6.2 and am not able to connect via the web. Everything looks set up correctly in httpd.conf and Apache is running, so I'm assuming it's an iptables issue.
...
- 163
0
votes
1
answer
431
views
CSF Unresolved issue
I began receiving service failures for CSF/LFD once the limit was reached in iptables preventing the service from working properly.
I flushed all iptables rules, and redid by rules using CIDR rather ...
- 547