I would like to setup a rule through iptables or something that will let me so, only one ip can have XX connections per minute/hour or whatever time is set.
or something that will ban ips that are opening massive connections kinda like this ...
connection state ESTABLISHED,RELATED is not working in my iptaables...?
Accept If input interface is lo
Accept If state of connection is ESTABLISHED,RELATED
Drop If protocol is ICMP
Accept If protocol is TCP and destination port is 80
Accept If protocol is TCP and destination port is 99
Accept If protocol is TCP and destination port is 25
Accept If protocol is TCP and destination port is 110
Accept If protocol is TCP and destination port is 10000
Accept If protocol is TCP and destination port is 21
Accept If protocol is TCP and destination port is 30000:30500
Accept If protocol is UDP and destination port is 53
Accept If protocol is UDP and source port is 53
Accept If protocol is TCP and destination port is 445
Accept If protocol is TCP and destination port is 2390
this in my Incoming packets rules..
Outgoing packets are all accepted..
so if i made connection from the server the input rules shuld accept them because it is established and related connection.. But it wont work.. any ideas about it..?
my vps is running on cent os 5.2 final..
and the control panel is webmin.
for about only 3 months running, my server iptables has 36 ipaddresses blocked so far (most of them are from .edu.cn and .edu.tw, dunno why? maybe because of summer break hehe..).
Those IP got blocked mostly because of SSH bruteforce. Everytime I noticed any SSH bruteforce on my /var/log/secure, I just issued "iptables -A INPUT -p all -s [ipaddress] -j DROP"
so, I'm just curious, how about yours ? how many IP in your blocked lists?
I'm trying to help someone with a shoutcast bandwidth server issue.
They have almost maxed out their bandwidth on one server and need the shoutcast servers on another box (but needs to maintain the same ip)
I tried this:....
my question
i Have a server with centos and WHM cpanel , the last days i have read in the ssh log files (security) many failure logins from many IP adress
i read some about IPtables and everytime when i read in the log for an ip i block this Ip from IPtables , but this seems bad and boring exepiriance everyday.
so does anyone know the exact command for the IPtables , how to have access to my ssh ONLY from my ip address ?
my IP adress it is static and i want only from that ip to have access to the server and noone else from diferent ip
one user trying to send GET command to our server , when I viewing Apache Status in WHM I found about 100 connection from one IP (requestet none page only show GET / HTTP/1.0) , is this DDOS attack?
View 14 Replies View RelatedI execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I have ftp server (pure-ftp). with firewall.
i allowed 20 and 21 port in "CSF" firewall
now when i or our client connect to the server connection done.
and the they fire dir or ls command they will receive error
"425 Could not open data connection to port 2535: Connection timed out"
what is the problem.i have already allowed passive port 2500:3500 then why i received this types of error
My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:
- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.
I have configured a virtual host in httpd.conf for each ip, i.e.
Code:
<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>
and
Code:
<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>
This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.
Is it possible to send requests using the ip address from the relevant VirtualHost?
Windows server 2008
Apache 2.2
I am using virtuozzo firewall to secure access.
I enter 58.27.175.211/255.255.255.0 for Source Address and Netmask for port 22.
But still I can connect using 58.181.103.217 or 58.27.151.120.
Second is it possible to enter two different ip address in source address?
I just bought a new ip address and want to setup this new ip as my server's main ip, making the 'existing main ip' as the secondary ip.
Which means, this new ip will be the server's default ip address for all services, including when connecting to other server.
I'm using CentOs 4.5 and swsoft's panels: HSPcomplete & Virtuozzo Power Panel, and Webmin.
I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]
How can it be possible using URL Rewrite method in .htaccess file?
The problem usually goes like this:
- I can't access the webserver
- I'll try to restart httpd, and I'll get
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
To fix this, I run
[root@www1 ~]# lsof -i tcp:443
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)
There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.
Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?
I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!
View 2 Replies View RelatedI need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?
I mean ... Will this slow down the machine response?
What do you prefer or what do you think is better, iptables or apf for a firewall?
View 9 Replies View Relatedi install csf on centos,
my server is working but the network is unreachable,
i try to run "service iptables stop",
and the server is unreachable now,
i check from whm,it shows csf is working,
but i ssh the server and type "service iptables status",
it shows "firewall is stopped",
is it correct?
is not,how can i fix the issue?
Is there a way for me to whitelist myself or something?
I get up everyday and have to call LSN because my server has blocked me for some reason...
If I keep getting spam from a certain IP, can I add that IP to Iptables? Will it stop me receiving spam from that IP? I'm not quite sure how it all works.
Or what is the most effective method to stop spam?
I've got two VPS's and both have the same ruleset for outbound EG_TCP
Code:
EGF="1"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,123,443,873,2089,3306"
EG_UDP_CPORTS="53,465,873,6277"
Whenever I turn EGF to 1 my VPS locks me out of everything, I need togo into hyperVM to turn it off and restart my firewall.
What would cause this?
It's Fedora Core 5 on OpenVZ i've googled and cannot seem to find a reason why it would do that. Could be something in the host node kernel that may need adjusting?
I am working with iptables and am trying to figure out the best ruleset for cpanel servers.
I have a few custom ports for a few services, but other than that, does anyone have a recommended ruleset for the typical cpanel cluster?
how can i clear iptables?
i enter many ip in it that most of them is worng and i must clear it
Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?
View 6 Replies View RelatedI got blocked by my server. Hivelocity helped me to gain access by my server.
I was told that to avoid being blocked again I should type
iptables -A INPUT 202.155.151.185 -j ACCEPT
What I ended up was
iptables -A INPUT 202.155.151.185 -j ACCEPT
Bad argument `202.155.151.185'
Try `iptables -h' or 'iptables --
i have code :
1. IF=`/sbin/route | grep -i 'default' | awk '{print$8}'`
2. IP=`/sbin/ifconfig $IF | grep "inet addr" | awk -F":" '{print$2}' | awk '{print $1}'`
3. IPT="/usr/sbin/iptables"
4. NET="any/0"
5. DNS="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy"
6. SERV_TCP="22 80 443 "
7. SERV_UDP="53 123"
8. HI_PORTS="1024:65535"
........
i dont know line of 5's sense .I am must changed warrant is what?
Code:
# iptables -D INPUT -s 25.55.55.55 -j DROP
iptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory
What is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.
I have installed APF on box and set ports for in and out and enabled it.. of course, iptables is running from booting..
[root@localhost /]# runlevel
N 3
[root@localhost /]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost /]# chkconfig --list | grep apf
apf 0:off 1:off 2:off 3:on 4:on 5:on 6:off
but when I check it like this
[root@localhost ~]# service iptables status
Firewall is stopped.
[root@localhost ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: ^[[A [ OK ]
[root@localhost ~]# service iptables status
Firewall is stopped.
it said iptables is stop...even I start manually...
I am not sure APF is running correctly because of iptables..
# apf -r
Unable to load iptables module (ip_tables), aborting.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# uname -a
Linux servername 2.6.17.9 #1 SMP Sun Aug 27 17:08:11 ICT 2006 i686 athlon i386 GNU/Linux
is there any reason that I cannot use iptables? If I edit monokern option in apf to 1, I cannot use ftp in passive mode
I have CSF installed on one of our server.
CSF dont ban the IP and if manually it is done I get following error.
----------------
csf -d 195.88.65.47
Adding 195.88.65.47 to csf.deny and iptables DROP...
iptables: Index of insertion too big
DROP all opt -- in !lo out * 195.88.65.47 -> 0.0.0.0/0
Error: iptables command [/sbin/iptables -v -I INPUT 2 -i ! lo -s 195.88.65.47 -j DROP] failed, at line 864
-------------------
Also iptables is not running on server.
If status is checked it says its stopped.
I have many sites on my server I dont want to get any downtime.
Please let us know how can we fix this issue as soon as possible.
I have tried reinstall CSF but still the issue remains same.
I keep trying to flush my iptables on my linux server but every time i try to do so my server seems to freeze (i lose access and have to reboot it for it to come back online), how can I go about deleting those ips manually rather than executing the flushing command? what options do I have?
View 4 Replies View Related