recentpopularlog in

ezequiel : firewall   53

Clients in same WLAN can't reach each other - Installing and Using OpenWrt / Network and Wireless Configuration - OpenWrt Forum
Q: Ethernet switch + 2.4G Wifi + 5G Wifi is bridged into one interface and firewall zone (lan).
I updated to LEDE 17.01.0 (stable) and got following problem:
Clients connected to the same Wifi SSID can not communicate with each other (same interface/firewall zone)
PING OPO.lan (192.168.0.17) 56(84) bytes of data. From MJ.lan (192.168.0.58) icmp_seq=1 Destination Host Unreachable ...
I can still reach it from Ethernet or from the other WLAN (5G -> 2.4G and vice versa) but not when both are connected to the same... It works fine if i create 2 different SSIDs on an adapter and put a client in each one.
Multiple clients connected through ethernet can also reach all others.
forumthread  openwrt  wifi  networking  firewall  configuration  issue  workaround  links  router  sysadmin  tips 
9 days ago by ezequiel
How to configure ufw to forward port 80/443 to internal server hosted on LAN - nixCraft
I am using UFW to protect my network. How do I forward TCP HTTP port # 80 and 443 to an internal server hosted at 192.168.1.100:80 and 192.168.1.100:443 using UFW on Ubuntu Linux server?

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to forward incoming traffic to your server running ufw on port 80/443 to port 80/443 on another internal server hosted in your LAN/VLAN.
2017  iptables  ubuntu  firewall  networking  configuration  sysadmin  linux  cli  example  tips  blogpost 
6 weeks ago by ezequiel
How to do local port forwarding with iptables - Stack Overflow
Q: I have an application (server) listening on port 8080. I want to be able to forward port 80 to it, such that hitting http://localhost resolves my application (on localhost:8080).

This should be generalized for any port mapping (e.g. 80:8080 => P_src:P_target), and use best practices for modern *nix machines (e.g. Ubuntu).

N.B. This is all done locally, so there is no need to accept connections from anyone but localhost.
2015  forumthread  iptables  linux  firewall  cli  howto  tips  stackexchange  sysadmin  example  configuration  networking 
6 weeks ago by ezequiel
port forwarding - iptables redirect outside requests to 127.0.0.1 - Unix & Linux Stack Exchange
The iptables rule you are using will work, but there is one additional change you need to make:

sysctl -w net.ipv4.conf.eth0.route_localnet=1
2014  2018  forumthread  iptables  linux  firewall  networking  configuration  sysadmin  cli  howto  tips  example  stackexchange 
6 weeks ago by ezequiel
Securing CoreOS with iptables | Jimmy Cuadra
[...] One of the issues I ran into was how to secure a CoreOS machine's public network. By default, a fresh CoreOS installation has no firewall rules, allowing all inbound network traffic.

In order to secure a CoreOS machine, I had to learn how to configure the firewall. I use the common iptables utility for this purpose. [...]
2015  blogpost  coreos  iptables  howto  guide  configuration  firewall  sysadmin  networking  linux 
6 weeks ago by ezequiel
Four ways to connect a docker container to a local network · The Odd Bit
Update (2018-03-22) Since I wrote this document back in 2014, Docker has developed the macvlan network driver. That gives you a supported mechanism for direct connectivity to a local layer 2 network. I've written an article about working with the macvlan driver.
fedora  linux  docker  sysadmin  cli  tool  example  tips  networking  firewall  configuration  howto  blogpost  2018 
6 weeks ago by ezequiel
[Solved] Wireguard - Help with Firewall Rules - Installing and Using OpenWrt - OpenWrt Forum
Q: I have managed to get a split tunnel wireguard vpn working on my road warrior android devices, but I am not sure if I did it properly.

In my current setup, I created a wireguard zone, and added the following rules: [...]
2019  forumthread  iptables  openwrt  configuration  sysadmin  networking  firewall  example  images  tips  wireguard  vpn 
7 weeks ago by ezequiel
OpenWrt Project: Configure a guest WLAN
Guest WLAN provides internet access to your network members. It also provides firewall security rules to isolate your guest network from the rest. This recipe contains information provided by our forums members and one blogger as shown below: [...]
tutorial  guide  sysadmin  configuration  openwrt  wifi  router  howto  screenshots  tips  example  firewall  networking  security  links  cli  tools 
7 weeks ago by ezequiel
OpenWrt Project: Configure a guest WLAN using the LuCI web interface
Guest WLAN provides internet access to your network members. It also provides firewall security rules to isolate your guest network from the rest. This recipe is based on the more comprehensive Guest WLAN page, providing a more user-friendly approach through the LuCI web interface.
tutorial  guide  sysadmin  configuration  openwrt  wifi  router  howto  screenshots  webapp  tips  example  firewall  networking  security  links 
7 weeks ago by ezequiel
domain name system - How to prevent delays associated with IPv6 AAAA records? - Server Fault
Q: Our Windows servers are registering IPv6 AAAA records with our Windows DNS servers. However, we don't have IPv6 routing enabled on our network, so this frequently causes stall behaviours.

Microsoft RDP is the worst offender. When connecting to a server that has a AAAA record in DNS, the remote desktop client will try IPv6 first, and won't fall back to IPv4 until the connection times out. Power users can work around this by connecting to the IP address directly. Resolving the IPv4 address with ping -4 hostname.foo always works instantly. [...]
2013  ipv6  forumthread  issue  workaround  links  stackexchange  windows  rdp  firewall  networking  compatibility  tips  sysadmin  configuration  dns 
8 weeks ago by ezequiel
Happy Eyeballs - Wikipedia
Happy Eyeballs (also called Fast Fallback) is an algorithm published by the IETF which can make dual-stack applications (those that understand both IPv4 and IPv6) more responsive to users by attempting to connect using both IPv4 and IPv6 at the same time (preferring IPv6), thus avoiding the usual problems faced by users with imperfect IPv6 connections or setups.
rfc  wikipedia  wikientry  reference  article  internet  ipv6  firewall  networking  issue  workaround  links  browser 
8 weeks ago by ezequiel
MarkCloudWalker/gcp-enable-ssh: Enable cloud shell gcloud ssh and SSH in browser features to function in secure environments
The firewall rule allowing SSH access is enabled, but is not configured to allow connections from GCP Console services. Source IP addresses for browser-based SSH sessions are dynamically allocated by GCP Console and can vary from session to session. For the feature to work, you must allow connections either from any IP address or from Google's IP address range which you can retrieve using public SPF records.
github  opensource  google.cloud  script  software  cli  sysadmin  firewall  cloudcomputing  linux  ssh  remote 
9 weeks ago by ezequiel
Limiting access to ssh - Google Groups
Q: I'd like to limit access to ssh to GCE console (so the browser based SSH works) and to our own networks. Is there a specific network mask I can use to allow connections from GCE console?
2015  forumthread  issue  workaround  example  cli  tips  sysadmin  networking  firewall  google.cloud  cloudcomputing  ssh  links  software 
9 weeks ago by ezequiel
ddos - iptables rules to counter the most common DoS attacks? - Server Fault
Q: Recently I've got a lot of small scale DoS attacks. I am wondering what iptables rules should I use to counter the most common DoS attacks, and generally secure my web server.
[...]
So appreciate your rules to block the most common attack vectors.
2012  2018  forumthread  stackexchange  iptables  linux  firewall  security  example  tips  sysadmin  networking  cloudcomputing  remote 
10 weeks ago by ezequiel
Docker and IPtables - sysadmin stuff
TL;DR; By default, docker daemon appends iptables rules for forwarding. For this, it uses a filter chain named DOCKER.
2015  blogpost  firewall  sysadmin  docker  compatibility  issue  workaround  cli  example  tips  networking  linux  iptables 
11 weeks ago by ezequiel
How to fix the Docker and UFW security flaw - TechRepublic
It has been discovered the Docker doesn't always honor UFW rules. Jack Wallen demonstrates and shows how to configure Docker so that it will.

If you use Docker on Linux, chances are your system firewall might be relegated to Uncomplicated Firewall (UFW). If that's the case, you may not know this, but the combination of Docker and UFW poses a bit of a security issue. Why? Because Docker actually bypasses UFW and directly alters iptables, such that a container can bind to a port. This means all those UFW rules you have set won't apply to Docker containers.

Let me demonstrate this.

I'm going to set up UFW (running on Ubuntu Server 16.04), so that the only thing it will allow through is SSH traffic. To do this, I open a terminal and issue the following commands: [...]
2018  blogpost  firewall  sysadmin  ufw  docker  compatibility  issue  workaround  cli  example  tips  networking  linux  iptables 
11 weeks ago by ezequiel
jnovack/autossh - Docker Hub
jnovack/autossh is a small lightweight (~15MB) image that attempts to provide a secure way to establish an SSH Tunnel without including your keys in the image itself or linking to the host.

There are thousands of autossh docker containers, why use this one? I hope you find it easier to use. It is smaller, more customizable, an automated build, easy to use, and I hope you learn something. I tried to follow standards and established conventions where I could to make it easier to understand and copy and paste lines from this project to others to grow your knowledge!
docker.container  ssh  automation  remote  security  amazon.aws  google.cloud  firewall  sysadmin  docker  tips 
december 2019 by ezequiel
How to make your own free VPN with Amazon Web Services
Internet users are spoiled for choice when it comes to VPN services, but they either require a monthly subscription, aren’t secure, or are just plain slow. Thankfully, alternatives do exist. They require a bit more technical know-how, but if you want something done right, you have to do it yourself.
amazon  amazon.aws  vpn  howto  tips  article  2018  blogpost  example  linux  amazon.linux  2019  windows  firewall  networking  privacy  terminal  ssh  proxy  sysadmin  cloudcomputing  free 
december 2019 by ezequiel
Docker and iptables | Docker Documentation
On Linux, Docker manipulates iptables rules to provide network isolation. This is an implementation detail, and you should not modify the rules Docker inserts into your iptables policies. [...]
docker  networking  iptables  reference  documentation  example  tips  firewall  online  linux 
june 2019 by ezequiel
ufw-docker/ufw-docker at master · chaifeng/ufw-docker
[...]
Usage:
ufw-docker <list|allow> [docker-instance-id-or-name [port[/tcp|/udp]]]
ufw-docker delete allow [docker-instance-id-or-name [port[/tcp|/udp]]]
ufw-docker service allow <swarm-service-id-or-name <port</tcp|/udp>>>
ufw-docker service delete allow <swarm-service-id-or-name>
ufw-docker <status|install|check|help>
Examples:
[...]
(me: script linked from https://github.com/chaifeng/ufw-docker)
2018  script  ufw  networking  linux  firewall  sysadmin  automation  ubuntu  iptables  docker  github 
june 2019 by ezequiel
How to force Docker not to bypass the UFW rules on Ubuntu 16.04
[...] So let’s just go a bit deeper and face one of the most commonly occurring problems I tried to solve a few months ago as well. If you have ever tried to make the Docker work with the UFW, then you probably know what’s the said struggle. Let’s examine it!
2017  blogpost  cli  sysadmin  ufw  firewall  configuration  howto  tips  example  linux  docker  iptables  ubuntu  ubuntu.xenial 
june 2019 by ezequiel
UFW - Community Help Wiki
The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.
firewall  ubuntu  ufw  wikientry  documentation  cli  example  tips  sysadmin  networking  security  linux 
june 2019 by ezequiel
chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables
Problem:

UFW is a popular iptables front end on Ubuntu that makes it easy to manage firewall rules. But when Docker is installed, Docker bypass the UFW rules and the published ports can be accessed from outside.

The issue is:

* UFW is enabled on a server that provides external services, and all incoming connections that are not allowed are blocked by default.
* Run a Docker container on the server and use the -p option to publish ports for that container on all IP addresses. For example: docker run -d --name httpd -p 0.0.0.0:8080:80 httpd:alpine, this command will run an httpd service and publish port 80 of the container to port 8080 of the server.
* UFW will not block all external requests to visit port 8080. Even the command ufw deny 8080 will not prevent external access to this port.
* This problem is actually quite serious, which means that a port that was originally intended to provide services internally is exposed to the public network.

Searching for "ufw docker" on the web can find a lot of discussion: [...]
ufw  firewall  ubuntu  debian  tool  cli  sysadmin  scripting  docker  automation  configuration  security  iptables  article  links  issue  workaround  license.gplv3  freesoftware  github 
june 2019 by ezequiel
How to start/stop iptables on Ubuntu? - Server Fault
Q: How can I start/stop the iptables service on Ubuntu?
I have tried:
service iptables stop
but it is giving "unrecognized service".
Why is it doing so? Is there any other method?
(me: several links and answers describing several methods to store firewall rules, for example: 'ufw', 'netfilter-persistent', etc.)
2010  iptables  tips  example  links  networking  security  ubuntu  debian  firewall  sysadmin  configuration  linux  stackexchange  forumthread 
may 2019 by ezequiel
group - Unable to get iptables owner module (gid-owner) to work - Unix & Linux Stack Exchange
A: [...] Only the primary/default group of the owner of the packet will be compared. Therefore, any username you added to your vpn group after the user was created will be in the vpn group as a secondary user, and they won't be branched even though they are a member of the group! [...]
iptables  issue  workaround  forumthread  stackexchange  sysadmin  linux  firewall  configuration  howto  links  tips  example  2017  security  networking 
may 2019 by ezequiel
Firewall [help.ubuntu.com]
The Linux kernel includes the Netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering.
firewall  ubuntu  linux  howto  tips  guide  links  software  sysadmin  security  debian  tool  tools 
may 2019 by ezequiel
Shoreline Firewall (Shorewall)
Shorewall is a gateway/firewall configuration tool for GNU/Linux.
iptables  firewall  networking  linux  security  cli  tool  sysadmin  freesoftware  license.gpl 
may 2019 by ezequiel
DebianFirewall - Debian Wiki
WARNING: iptables is being replaced by nftables

A network firewall is a set of rules to allow or deny passage of network traffic, through one or more network devices. A network firewall may also perform more complex tasks, such as network address translation, bandwidth adjustment, provide encrypted tunnels and much more related to network traffic.
iptables  cli  howto  sysadmin  tips  debian  linux  networking  firewall  security  wikientry  router 
may 2019 by ezequiel
Automatically loading iptables rules on Debian/Ubuntu · major.io
If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.
iptables  cli  howto  sysadmin  tips  backup  2009  blogpost  debian  linux  networking  firewall  security  automation 
may 2019 by ezequiel
linux - Force clients to use proxy - Server Fault
Q: [...] The proxy server is running Ubuntu with Squid on port 3128 and DansGuardian on port 8080.
I'd like to force all clients to use the proxy server - specifically, port 8080 - for any HTTP/HTTPS access.
However, I don't want to transparently redirect because that doesn't work for HTTPS. I don't mind configuring each client, and I don't mind that each client knows it's using a proxy server. I just don't want the clients to be able to surf the web without the proxy settings. [...]
2013  forumthread  stackexchange  linux  iptables  cli  example  tips  sysadmin  firewall  configuration  networking 
may 2019 by ezequiel
netfilter/iptables project homepage - Documentation about the netfilter/iptables project
We have collected the most frequently asked questions (and their respective answers) from the mailinglists. Please read this FAQ first, before asking questions on the mailnglists.
iptables  networking  linux  kernel  firewall  software  license.gpl  freesoftware  documentation  howto  info  reference  links  downloads  source  news  faq  online  tutorials 
may 2019 by ezequiel
netfilter/iptables project homepage - The netfilter.org project
netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and later kernel series. Software commonly associated with netfilter.org is iptables.

Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).

netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework.
iptables  networking  linux  kernel  firewall  software  license.gpl  freesoftware  documentation  howto  info  reference  links  downloads  source  news 
may 2019 by ezequiel
iptables - Redirect port 80 to 8080 and make it work on local machine - Ask Ubuntu
Q: It works fine for all the world except my own machine. I am a developer and I need to redirect port 80 to 8080 for myself.

My IP is 192.168.0.111

My web server runs on port 8080

I wish to open website from http://192.168.0.111/ instead of http://192.168.0.111:8080/ from same machine where server runs. [...]
2014  2017  forumthread  stackexchange  iptables  firewall  linux  cli  example  tips  sysadmin  networking  security  proxy  webserver 
may 2019 by ezequiel
linux - force LAN hosts to go through proxy - Server Fault
Q: [...] I want the hosts behind my firewall to automatically go through the proxy server without each host needing to set up proxy on their own (mostly because I want to be able to change the proxy address in a single point, because I have different proxies for different network scenarios).

Is there a way to have IPTables force all outgoing traffic on port 80 and 443 to go through the proxy? If not, can I use some other readily available software to get the behavior I need?
2013  forumthread  stackexchange  firewall  iptables  linux  networking  sysadmin  configuration  cli  example  tips  proxy  dhcp 
may 2019 by ezequiel
firewall - How to use iptables in linux to forward http and https traffic to a transparent proxy - Stack Overflow
Q: [...] I now need to create an iptables rule that filters out and redirects all tcp port 80 and 443 traffic leaving my network through the eth1 interface and send it to a proxy server that resides on a loopback interface on tcp port 9090. [...]
2012  forumthread  stackexchange  firewall  iptables  linux  networking  sysadmin  configuration  cli  example  tips  proxy 
may 2019 by ezequiel
Iptables Restricting Access By Time Of The Day - nixCraft
Recently I was asked to control access to couple of services based upon day and time. For example ftp server should be only available from Monday to Friday between 9 AM to 6 PM only. [...]
2006  blogpost  networking  security  linux  firewall  example  cli  sysadmin  tips 
august 2018 by ezequiel
linux - How to make iptables rules expire? - Server Fault
Q: Someone told me this is possible, but I can't find anything on google or man pages.
I need to ban IPs for a certain amount of time, and then have then unbanned automatically.
2011  forumthread  stackexchange  firewall  linux  cli  example  sysadmin  network  security  script 
august 2018 by ezequiel
Disable networking for specific users - Ask Ubuntu
A: You can do that with iptables.
[...]
So to prevent the group Security from accessing the Internet the command would look something like this: [...]
firewall  security  linux  ubuntu  debian  mint  example  forumthread  stackexchange  2012  tips  sysadmin  networking 
april 2018 by ezequiel
How To Connect To CVS Via Proxy Server [tech.gaeatimes.com]
CVS is commonly used by open source project to provide access to their source code. Here is a simple way how you can connect to CVS server from behind a proxy server.
cvs  tips  howto  proxy  firewall  networking  2007  linux  unix  windows 
february 2015 by ezequiel
CVSGrab - CVSGrab - Read sources stored in CVS behind a firewall
People often complain that they cannot checkout files from a public CVS repository because they are behind a corporate firewall that blocks access to the pserver. The standard workaround, use ssh, works only for registered users, not anonymous users. Some firewall support also http tunelling, where access to the pserver is possible with a standard CVS client, but unfortunately it is not used or allowed in all organisations (or even with personal firewalls).
cvs  firewall  http  security  software  scm  cli  unix  linux  links  sourceforge  opensource  java 
february 2015 by ezequiel
Firewall [help.ubuntu.com]
The Linux kernel includes the Netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering. [...]
ubuntu  ubuntu.precise  firewall  sysadmin  reference  documentation  guide  linux  networking 
february 2014 by ezequiel
UncomplicatedFirewall - Ubuntu Wiki
The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls.
linux  ubuntu  ubuntu.lucid  ubuntu.precise  firewall  sysadmin  networking  howto  guide  reference  documentation 
february 2014 by ezequiel
The return of nftables [LWN.net]
Some ideas take longer than others to find their way into the mainline kernel. The network firewalling mechanism known as "nftables" would be a case in point. Much of this work was done in 2009; despite showing a lot of promise at the time, the work languished for years afterward. But, now, there would appear to be a critical mass of developers working on nftables, and we may well see it merged in the relatively near future.
linux  article  firewall  kernel  2013  networking  vm  development 
august 2013 by ezequiel
Enable port forwarding manually - Ekiga
You have come to this page because Ekiga did not manage to configure your network settings automatically. You can still use Ekiga, but you need to configure your network settings manually. We provide instructions for this here.
ekiga  linux  sip  firewall  configuration  networking  issue  workaround  fix  wikientry  voip 
september 2009 by ezequiel

Copy this bookmark:





to read