Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to allow for any access 10.10.10.10 to 22.22.22.22.
I want other 10.* can get access all except 22.22.22.22
I want 10.10.10.10 can all access
how can I do?
I want to allow for any access 10.10.10.10 to 22.22.22.22.
I want other 10.* can get access all except 22.22.22.22
I want 10.10.10.10 can all access
how can I do?
This single command should do what it sounds like you want:
But I'm not sure I properly understand what you've posted. This command would allow all packets coming from 10.10.10.10-22.22.22.21, which means packets from 22.22.22.22 would be filtered. If this wasn't what you were asking for then please rephrase your post.
I have 2 uplinks.
I got load balancing but not OK for fail over.
I found 1 script for fail over with ping command.Very good
But My ISP was denied ping for Dos virus attack.
So I need to replace ping with other command.
I found host command but the host command has not -I interface option as ping.
I thought if I use iptables for
example:
eth1=10.10.10.10(up link)
eth2=11.11.11.11(up link)
eth0=192.168.1.1
>host 22.22.22.22 when I type
I want listen this query eth1 to 22.22.22.22
not want listen from eth2
>host 33.33.33.33 when I type
I want listen this query eth2 to 33.33.33.33
not want listen from eth1
Is it can OK?
I am OK for your IPtables.
I used tcping
My script is auto delete gateway address when link down.
I used auto delete for fail over.
tcping can`t use when deleted gateway.
How can I use this tcping without gateway?
Please advice me sirs
Please
I am OK for your IPtables.
I used tcping
My script is auto delete gateway address when link down.
I used auto delete for fail over.
tcping can`t use when deleted gateway.
How can I use this tcping without gateway?
Please advice me sirs
Please
AFAICT this is a completely different issue, and as such it belongs in its own thread.
Please open a thread for this new issue in the Networking forum. Thanks.
/etc/sysconfig/iptables
# Generated by iptables-save v1.3.7 on Thu Jan 1 06:35:21 2009
*filter
:INPUT ACCEPT [60:4288]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [36:13344]
-A INPUT -s 203.81.71.113 -d 10.241.177.51 -j ACCEPT
-A INPUT -s 203.81.71.119 -d 10.241.184.99 -j ACCEPT
-A INPUT -s 203.81.71.119 -d 10.241.177.51 -j DROP
-A INPUT -s 203.81.71.113 -d 10.241.184.99 -j DROP
-A INPUT -s 203.81.71.113 -i eth3 -j DROP
-A INPUT -s 203.81.71.119 -i eth3 -j DROP
COMMIT
# Completed on Thu Jan 1 06:35:21 2009
eth1=10.241.177.51
eth2=10.241.184.99
eth3=eth3
Now I tested with tcping
Result 1
==============
[root@server ~]#tcping 203.81.71.113 80 -t 2
203.81.71.113 port 80 user timeout.
[root@server ~]#tcping 203.81.71.119 80 -t 2
203.81.71.119 port 80 user timeout.
I got following result when I stopped iptables
==============================================
Result 2
=============
[root@server ~]#tcping 203.81.71.113 80 -t 2
203.81.71.113 port 80 open.
[root@server ~]#tcping 203.81.71.119 80 -t 2
203.81.71.119 port 80 open.
sometime I got if "119 port open ","113 port 80 user timeout" when running Iptables.
I should get as Result 1 when running Iptables.
Please check for me sir what wrong in My iptables?
When executing that tcping command, 203.81.71.113 will be the destination address on the packet. Your iptables rules are looking for 203.81.71.113 as the source address on the packet.
The 10/8 network is private. the others in the range aren't so what you want to do doesn't make sense from a security standpoint.
Actually it does, if this is an external interface. Spoof attacks use such IPs externally. You should block such incoming traffic from entering your LAN.
You said that you wanted to open up 10/8 to 22/8. That is a large range of addresses you want to trust, most of which are public internet addresses.
Quote:
any access 10.10.10.10 to 22.22.22.22
By the way, you can use the telnet client to test a connection instead of the ping command:
telnet hostname 22
If the ssh daemon is running and port 22 is open, you will get a prompt from the server. You don't get farther than that, but this even allows you to learn the version of ssh used, from the reply message. This can be even more useful than the ping command.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.