Newest firewall Questions

Q&A for system and network administrators

Netfilter - LAN -> VPN Clients

I have a remote office with a firewall running OpenVPN which clients can connect to. Firewall interfaces: * eth0 - 1.2.3.4 (public) * br0 - 192.168.1.1 (/24) * tun0 - 192.168.254.1 (/24, VPN clients)...

SSH Jump Host WITHOUT Agent Forwarding

Although a simple question, I have searched for days without success. M = My machine J = Jump Host S = Server Jump Host has my public key on authorized_keys. Server has J's public key on ...

Connect two OpenVpn networks and route client from one into other network

I am having 1 client as user and 2 server as vpn-server and service-server. On all servers is Ubuntu 14.04.5 LTS. The client (1.0.77.2) and vpn-server (1.0.77.1, 10.0.0.1) are in a own OpenVPN ...

What if I DROP and ACCEPT the same IP address in iptables? What will take precedence?

I am playing around iptables to filter the packets coming and going. What will be the result of following rules? iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT iptables -A INPUT -s 192.168.1.0/24 -j ...

How can I disable ping in esxi 6 host

I have an esxi6 host on public ip. All other VMs are behind pfsense firewall, so no issues. I can't put esxi behind that because I don't want to get locked out. So far I have disabled ssh access to ...

How do you expand /var in pfsense when you run it in memory?

I have a pfsense box running 32GBs of RAM. I enabled /var and other directories to be in RAM due to have so much space and wanted to improve performance. How do you alter and increase the size of /...

ACL Blocking domains/IPs in pfSense - Is it more efficient to null route from DNS

Starting to fine tune pfSense routers deployed at some businesses and in order to better protect privacy and security we started rolling out blocklists via pfBlockerNG. Loading up lots of lists ...

Site to Site and Point to Site VPN simultaneously on Azure

I'm trying to get P2S and S2S to work at the same time. They are working fine individually but when I try to make it work together it falls short. Windows 2012 R2 server and a USG110 Zyxel firewall. ...

Tinc correct iptables configuration

I've been able to get tinc setup when I flush all my iptables, but after enabling iptables and a delay I get a "Destination Net Unknown". I have three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3....

Drop first packet with iptables

Our servers are getting UDP-flood spoofed ip attacks. I think, we can solve this problem with iptables and i want to make a rule with iptables. When a ip tried to send a udp packet, iptables will ...

Remotely connect to a database instance on a Azure VM without RDP?

Preface I'm a developer by trade, so network security isn't really my purview. However, solving problems is my purview, and I've got one with which I need help. Also, please forgive me if I get any ...

Kubernetes LoadBalancer works Only for Port 80 and not Others on Google Cloud

I am having trouble exposing ports other than port 80 on my Google Cloud Kubernetes cluster. Below is the Kubernetes service yaml file, but for some reason only port 80 is exposed. I have SSHed into ...

Is “iptables-save” will reload iptable configuration?

I am little confused. I know that iptables-save command will help to take backup of iptables with > to a file. But will this command alone will reload iptable configuration. Sorry, I don't have a ...

Nginx refused to connect to port 443

So, I am trying make Nginx serve my website via https, but it keeps hitting me with a refused to connect error. So here are the outputs for: curl https://juristnet.ro (this is the website) curl: (...

IPtables : Don't redirect specific IP

I am tryng to redirect all web traffic to a computer using: iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 1000 It works but I would like to add a rule in order to ...

Firewall with Virtual Machines

I'm trying to set up a Firewall in a VM in my enviroment where the Network Cards (Wifi and various Ethernet) are in separate VMs, so that the Firewall VM is between the NetVMs and my host system. The ...

Is Azure's default firewall for ResourceManager VMs bypassing/allowing/supporting UPnP requests?

When creating a VM with the new Resource Manager, I can see that the default Network Security Group restricts every incoming access to all ports (except the administration port, SSH/RDP), which makes ...

Sending mail (via java) is working in eclipse but not in linux server

I am using java code to send a mail using smtp.gmail.com as smtp host. This code was working fine. But after a firewall upgrade in linux, its started to throw this error everytime I try to send mail. ...

PF based gateway firewall for Openbsd 6.0

Currenly I am looking to create an OpenBSD 6.0 pf based gateway. Based on what I read in the pf manual pages and OpenBSD pf FAQ, and some examples on the internet, I was able to configure a firewall. ...

Give a Windows 2008 VM Internet access but block Host LAN access?

Securing a guest VM to give it internet access, but block access to host LAN The above was a similar question asked for Linux but the following has specifics that are different. We need to have ...

What is the concept of “tcp-reset” and “icmp-port-unreachable” in the following example? [closed]

example: -p tcp -j REJECT --reject-with tcp-reset -p udp -j REJECT --reject-with icmp-port-unreachable

kubectl: The connection to the server XXX.XXX.XXXXXX was refused

I am trying to connect to kubernetes master (cluster) in Google Cloud Engine. The error that always I get when the kubectl try to access to kubernetes master is: The connection to the server XXX....

How can I route Multicast between segregated interfaces on Sonicwall

I realize this question might be a little too specific, and I've read all the other questions about multicast on VPN, multicast on multiple interfaces, etc. But, I've applied all the information ...

pfSense Captive Portal on devices that cannot use login page(STBs, etc.)

I am using captive portal with pfSense on a network in order to filter content and monitor bandwidth, etc. This has worked great with computers and mobile devices in the office as everyone has been ...

Connection refused on port 8100

I'm having difficulties accessing a listening service (Ionic) on port 8100 from a remote browser. I have iptables on the Ubuntu 16.04 LTS server set up as following: -P INPUT ACCEPT -P FORWARD ...

Transparent proxy with Shorewall?

Setup So, I have this setup: LAN <-net-> FW <-loc-> computer where net and loc are the name of the respective network interfaces. Aim I'd like to implement this whole set of rules ...

Cisco ASA 5505 - Reload WITHOUT resetting to default config

Twice now I've ran the 'reload' command on console on my ASA 5505 ver. 9.1(3), and it's completely wiped my config and reset to factory defaults. I've made sure I 'wr mem' before reloading. I saw an ...

Which Ports need to be accessible on a Domain Controller for Clients to logon? continued

With reference to one of the questions asked "Which Ports need to be accessible on a Domain Controller for Clients to logon?" I have a aligned issue being faced. Please see the following ports which ...

Ubuntu wireless AccessPoint. How to measure data consumption for each connected IP

I need to mesure a web site data consumption. My plan is to use a Ubuntu PC as an wireless AccessPoint and use the Ethernet port as a gateway to the internet. On the Ubuntu, allow just the ...

Routing all traffic via Raspberry Pi with OpenVPN on a OpenWRT Briged AP [migrated]

I want to route all traffic on my OpenWRT router via my Raspberry Pi that has a OpenVPN client connection. I have a simple setup: +-------------------+ +---------------+ | ...

Editing local Windows Firewall Policy via Powershell

I'm writing a large script that goes through and applies a load of local policy settings via Powershell. Most of this is done by exporting the current security config via Secedit, passing this to an ...

Close default SSH Port On Centos

I have been getting 1000s of failed logins per hour over the past few weeks and I'm sure 99% of them are from bots. I have installed fail2ban and I've been blocking some subnets, but i have also ...

How to resolve “fail to connect to MySQL Server at localhost:3306 with user root”?

I have tried over and over to connect to the local server using MySQL Workbench 6.3 on my computer using the following parameters, but it won't let me connect. Do you think it is a firewall issue? ...

Create vswitches pn ESXI for PFsense

iam trying to build a new network infrastructure on the new blace and i have: 3 ISP WAN Links one dedicated server with one Lan card One cisco Managed switch - SF200 Model server for ERP system so ...

Unable to remotely connect to Postgresql 9.5 instance

I am struggling to connect to a remote Postgres 9.5 instance running on Ubuntu 16.10. The usual: psql: could not connect to server: Connection timed out Is the server running on host "xx.xx....

Cisco RV325 - Error Policy Violation in Log

We are seeing new error logs when clients are trying to connect to our Cisco RV325 router. 2017-02-22, 06:09:30 Connection Refused - Policy violation IN=eth0 OUT=eth1 SRC=192.168.2.190 DST=72....

Debian 8 iptables firewall issue

I have weird problem with my firewall. I can't ping my server from my pc and ping anything from server. It is weird because I use only iptables and I use on it this rules: iptables -F iptables -X ...

Blocking a process to access certain urls

I would like to configure the firewall to block certain domains for a particular process. But these blocked domains should be available for use by other processes.

Windows firewall blocks port connection even it's allowed

I have setup windows firewall rules to allow port 443 and 9000 to be allowed though inbound and outbound connections, and allowed the apache httpd.exe though the firewall as well. But as shown by my ...

How do i properly ban a IP with iptables

Here is my current config for IPTables. But the IP i banned can still ping, ssh, web and so forth.. The IP im testing these rules with is: 195.154.220.14 # Generated by iptables-save v1.4.7 on ...

Redhat 4 server, connections to port times out despite rules in Iptables

I have an app standing at the port 8088 on a Redhat 4 server. I can curl from the server internally to the app and get desired response. However, even though I defined the rule in the Iptables, I ...

How do you port forward packets coming from a tunnel on a VPN Client?

I have a network of OpenVPN clients where I wish to open a port that forwards traffic coming from the OpenVPN Server to another device connected to the client. The client is a router running OpenWRT ...

nslookup, host, ssh connection works but ping not

I am connected to my server through SSH but it doesn't ping external address, it stuck when I try with: root@benchmark:~# ping google.com PING google.com (172.217.23.206) 56(84) bytes of data. ...

CIsco ASA 5505 v9.1 - NAT/ACL issue with DMZ

I have the exact same problem as described in this question: Cisco ASA 5505 DMZ Setup Issue However, the top-voted answer by Weaver did not solve my issue, so I ask the community again. I followed ...

How to block all ip's which are not in ipset list

I am trying to block all traffic except US and Canada. I added all US and Canada IP's to ipset geoblock and when i am trying this command. I am getting an error. iptables -A INPUT -m set --set !...

UFW Block Incoming request from specific port number

My server is being abused by someone with a large number of computers. I noticed they're all running on the same port, so to be clear, I'm getting incoming requests from: some-ip1:3333 some-ip2:3333 ...

Linux\QNX firewall rules

I have a device running Linux/QNX and it does not seem to use standard firewall commands to configure it. It blocks SSH and PINGs from other networks. I would like to open the firewall to allow all ...

is there any real Difference between snort and suricata?

Looking to move forward in deploying IDS/IPS on several FreeBSD firewalls and I was curious about the difference between snort and suricata. I know that Suricata is multi-threaded but in terms of rule ...

iptables match forwarded packet if src address is in same network as dst address

I am looking for a way in iptables to match forwarded packets where the source address is in the same network as the destination address, without specifying the network. Of course, when I specify the ...

Upload config to Cisco ASA 5505 via copy/paste (No TFTP)

I copy/pasted the running-config to a .txt file on my directly-attached PC. How do I paste or otherwise upload that config to the ASA? All resources I've found just talk about using TFTP, but there ...
Translating... 0%