Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-18-2002, 12:49 AM
|
#1
|
Member
Registered: Feb 2002
Posts: 30
Rep:
|
how to block ports
hi
i would like to block some ports on my linux proxy server so as to disable chat services. can some one guide me to it.
regards
|
|
|
02-18-2002, 05:03 AM
|
#3
|
Member
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126
Rep:
|
It works
If you are uding iptables,then for which port you want to block,try this command.
iptables -I FORWARD -p tcp -s [Your Network]/[Subnet Mask] --destination-port [Port or Prot Range] -j DROP
__Karunesh__
|
|
|
02-18-2002, 05:09 AM
|
#4
|
Member
Registered: Feb 2002
Posts: 30
Original Poster
Rep:
|
thank u very much for the reply, could u also help me with this problem.
i have used ACL statements on the linux proxy to block websites.
the clients are windows 2k prof. now when in the connections tab i specify to use "Automatic detect connection" it bypasses the proxy acl statements and lets users to see the restricted site.
But when i uncheck this option and specifically specify the proxy ip and port 8080 then it works fine. so could any one help me through the problem as to how come i can totally restrict the access no matter what changes the user makes.
|
|
|
02-18-2002, 10:51 PM
|
#5
|
Member
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126
Rep:
|
using SQUID ?
I think you are using SQUID web cache-proxy in your linux box.
So you can Run SQUID in Transparent Proxy Mode.After that you don't need to put proxy address and port in your browser's settings.
Simply redirect all traffic for port 80 towards your proxy port.
iptables -t nat -I PREROUTING -p tcp --src [Your Network]/[Subnet Mask] --dest 0/0 --destination-port 80 -j REDIRECT --to-port [Your Proxy Port]
|
|
|
02-19-2002, 02:28 AM
|
#6
|
Member
Registered: Feb 2002
Posts: 30
Original Poster
Rep:
|
Thanks Karunesh
yes i am using squid. could u also guide me as to where do i place this iptables statement ( i mean the path ) bcoz i m still getting my hands on linux.
Thanks
|
|
|
02-19-2002, 07:31 AM
|
#7
|
Member
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126
Rep:
|
Using iptables
If you r using Linux Kernal 2.4 then you can use iptables.
Look in /sbin/iptables.
|
|
|
02-20-2002, 11:47 PM
|
#8
|
Member
Registered: Feb 2002
Posts: 30
Original Poster
Rep:
|
yeh karunesh
i am using kernel ver. 2.4 but when i open the file /sbin/iptables
it showes me junck characters. i cant figure a word out of it.
whats the next step that i should do
thanks
|
|
|
02-21-2002, 02:02 AM
|
#9
|
Moderator
Registered: May 2001
Posts: 29,415
|
No, /sbin/iptables is the binary for managing firewall rules.
If you installed iptables using some form of package management it usually comes with some form of example, and that would be in /etc. For clues look in /etc/(rc.d/)init.d for a file called iptables or firewall or the like, it should say what config file it's using.
Else you could make your own executable script in /etc/(rc.d/)init.d, and link it to the runlevel you have networking in (3 and up, not 6), just look in those dirs for examples.
Else you could tack it onto /etc/(rc.d/)rc.local.
|
|
|
02-21-2002, 07:23 AM
|
#10
|
Member
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126
Rep:
|
EASY
Put all your iptables rules in a file and save it in /etc.Then make this file executable with chmod command.Now call this executable from /etc/rc.local.
|
|
|
All times are GMT -5. The time now is 08:13 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|