All Questions
27 questions
0
votes
1
answer
37
views
Block income GRE ERSPAN traffic RHEL8
We have LinuxMachine(VoiceBiometrics) and customers VoiceBot.
LinuxMachine needs only SIP/SDP and RTP traffic from VoiceBot.
Customer network engineers configured on cisco device traffic mirroring(gre ...
- 31
0
votes
1
answer
109
views
Red Hat 8 - Decoding firewalld rejects
I have started testing the firewall on a Red Hat 8 system. My only question here is how
to debug the cryptic data that means almost nothing. How do I trace a rejection back to
the source of the ...
- 591
0
votes
0
answers
189
views
nftables rules apparently blocking ssh traffic - could it be special characters?
I have a set of nftable rules of the following form:
chain INPUT {
type filter hook input priority filter; policy drop;
ip saddr 11.37.79.97/29 counter packets 0 bytes 0 log prefix ...
- 101
0
votes
1
answer
237
views
Active Directory & firewall-cmd
I'm using a RHEL based VM as a router and I'm trying to get AD running on the network but I'm not being successful at it.
When I set up the interfaces on the LAN side to the trusted zone everything ...
- 25
6
votes
3
answers
1k
views
Which takes precedence: /etc/hosts.allow or firewalld?
On a RHEL 7 server, /etc/hosts.allow has a number of IP addresses with full access. The firewall (confirmed with firewall-cmd), there are no specific sources defined, and the default zone allows ...
0
votes
1
answer
1k
views
Firewall is active, added port to iptables but still cannot connect
We have RedHat 8 server. Firewalld is active.
I need to connect to port 5050 from my lap top and from the second server, so I added it to the rules
iptables -I INPUT -p tcp -m tcp --dport 5050 -j ...
- 268
0
votes
1
answer
479
views
what's the relationship between iptables and firwalld
I am using RHEL 7. I want to know what's relationship between firewalld and iptables.
If I want to do some port forwarding, should I use firewall-cmd or iptables ?
when applying rules using iptables, ...
- 163
0
votes
1
answer
90
views
Running netstat on 2 servers checking connections to the other one shows mismatch in number of connections
If I check how many connections serverA (192.168.1.1) has open to serverB (192.168.2.1), I get the following response:
[username@serverA ~] $ netstat -n | grep 192.168.2.1
tcp 0 0 192.168....
- 188
0
votes
1
answer
388
views
vnc dynamic runtime firewall ports >= 5901
In RHEL/Centos 7, TigerVNC-Server only needs 5901/tcp for desktop:1, then 5902/tcp for desktop:2, and so on.
I think any VNC-server would operate the same way.
If no one has typed vncerver for ...
- 7,762
1
vote
1
answer
5k
views
yum install fails with 401 Authorization required [closed]
I am running Red Hat Linux 6.2
Trying to install nfs packages using yum
Following is the
repository list
repo id repo name ...
- 222
-1
votes
1
answer
702
views
Disable firewall service
How do I disable the firewall in RHEL 6.8?
I tried
service iptables stop
chkconfig iptables off
service ip6tables stop
chkconfig iptables off
I can see that the service is off and disabled by ...
- 1,069
1
vote
0
answers
33
views
Firewall rule to route traffic from only 1 of 2 IPs on server
Trying to config firewalld on RHEL 7 running on AWS with 2 Dynamic IP sets, "IP Set A" and "IP Set B". Each IP set consists of an internal and external IP address. I have 2 http servers running on ...
- 11
0
votes
1
answer
499
views
linux redhat 7 ( or centos 7 ) + firewalld mask the firewall
I want to block the user to start the firewall on Linux machines
so I want to use mask on servers as the following:
systemctl mask firewalld
regarding that, I have few questions.
I see that when ...
- 13.7k
0
votes
3
answers
10k
views
how to check if firewall is stopped on redhat 7
What is the elegant way to verify if firewall is stop/inactive on redhat 7 machines?
example:
we stop the firewall:
systemctl status firewalld.service
and my approach to verify the firewall ...
- 13.7k
5
votes
2
answers
23k
views
How to DROP icmp requests with firewalld?
How to DROP icmp requests with firewalld?
An equivalent example instead using iptables would be:
$ iptables -A INPUT --protocol icmp --in-interface enp0s8 -j DROP
The above produces the desired ...
- 2,270
1
vote
1
answer
3k
views
Cannot telnet to listening port and firewall rules
I am trying to telnet to a host on port 50000, which I verified that is listening to a DB2 instance (db2inst1).
telnet [host] 50000
telnet [ip_adress] 50000
But it gave the error: Connection ...
- 53
1
vote
0
answers
465
views
Change port binding from 127.0.0.1 to 0.0.0.0 on Oracle Linux 6 (RHEL 6)
I need to expose my Rails port, which is port 3000.
I can see from netstat -ntlp that it is set up for only the local machine's users, i.e. 127.0.0.1. I need to change this to 0.0.0.0 but I am not ...
- 143
2
votes
1
answer
911
views
linux + iptables + /etc/sysconfig/iptables
on my linux machine I see the following:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source ...
- 1,527
1
vote
1
answer
211
views
What are the most restrictive external firewall / DNS listening port settings I can have for my DNS server (internal clients only)
This question relates specifically to hardening the configuration of DNS, firewalls and at the limit, ntp. (not proxys, http access,vpn's or other services).
This is about the externally-facing side ...
- 111
0
votes
1
answer
282
views
Understanding Iptables rules to prevent DDoS
Following IPTables rules exist on my system as some preventive measures against DDoS attacks
-A INPUT -s 255.0.0.0/8 -j LOG --log-prefix "Spoofed source IP"
-A INPUT -s 255.0.0.0/8 -j DROP
-A INPUT -...
- 3,376
2
votes
2
answers
1k
views
Best practises: Applying iptables firewall rules for SSH
I need to add some firewall rules in our QA environment using iptables. I have to do the changes remotely . Some of the changes also include disabling SSH for few Networks .
What are best practices ...
- 3,376
-1
votes
3
answers
2k
views
How to stop outbound ftp from being established. centos/ rhel
What is the method to block a machine from establishing connection to an outside ftp server. Both ftp and sftp.
inet, iptables, shutdown service?
- 103
0
votes
1
answer
2k
views
How to open server port on RHEL 6.6?
I am trying to open a port (tcp 27017) for access to mongodb on a newly created RHEL 6.6 instance at Amazon AWS. Following mongo docs, I did:
sudo semanage port -a -t mongod_port_t -p tcp 27017
I ...
- 11
2
votes
1
answer
2k
views
How to use both syn proxy and connlimit rules with iptables?
I want to write both syn proxy and connlimit rules. I want to send packets to syn proxy first because of performance issue.
Here is rule sample.
#syn proxy rule
iptables -t raw -A PREROUTING -i ...
- 1,147
2
votes
1
answer
1k
views
How to setup reverse FTP in RHEL?
Researched:
http://www.thecave.info/export-proxy-username-password-linux/
https://stackoverflow.com/questions/5334110/text-based-ftp-client-settings-behind-a-proxy
http://www.cyberciti.biz/faq/linux-...
- 1,145
9
votes
3
answers
31k
views
How can I make iptables service start automatically after reboot on CenOS/RHEL7?
I am having a few issues with a newly installed home server I am preparing. I have installed CentOS7 on it and I found that port 80 and 443 are off by default. I therefore added them to the iptables ...
- 91
22
votes
2
answers
40k
views
( /etc/sysconfig/iptables ) "Manual customization of this file is not recommended." Why?
Editing this file directly
/etc/sysconfig/iptables
can save me so much headaches so much time and so on...
and yet on the very top of the file it says..
Manual customization of this file is not ...
user74548