06-04-2013
iptables On for eth0 and off for other interfaces
Hi all,
I am running a CentOS 6.4 box as an IDS and I need to configure one interface as the management interface which will require a firewall. However other ports (in promisc mode without IP) will have to be configured such that IPtables allows all traffic.
I need to achieve this by editing the /etc/sysconfig/iptables file.
So I want to keep all the existing inbound rules in there for some interfaces, but for other interfaces I need to allow all traffic in/out for IDS capture.
What is the best syntax to achieve this by fixed entries in /etc/sysconfig/iptables
Thanks,
Ll
10 More Discussions You Might Find Interesting
1. IP Networking
Hi there,
I got a problem with my linux eth0.
It worked well, just one day when i boot it, "Failed" to be active.
The eth0 is inactive! I tried to use KDE network configuration tool to add the type of the eth card, I can't make it active. It gave me warning of "the eth card can't be... (1 Reply)
Discussion started by: gusla
1 Replies
2. IP Networking
Hi there guys!
I have a small task that I have to accomplish, but I don't seem to be able to do that.
I have a server that I don't have physical access to, and I mostly control it with webmin. The server is running 2 websites. Both of these websites have their own domains that are linked to... (1 Reply)
Discussion started by: D-Lexy
1 Replies
3. Red Hat
when i finish installed rhel 4.4 to my hp dl585 box, ifcfg-eth0 and ifcfg-eth1 is not available.when i ifconfig -a,i can not see the eth0 and eth1, only lo0 and si0. Unlike to the other server i found eth0 and eth1 files in
/etc/sysconfig/network-scripts/.
what will i do? (2 Replies)
Discussion started by: kenshinhimura
2 Replies
4. Ubuntu
Greetings,
I have installed a Ubuntu server and attempting put a static IP address on interface ETH0. I edited the /etc/network/interfaces with the following:
auto eth0
iface eth0 inet static
address 192.168.203.270
gateway 192.168.203.1
netwask 255.255.255.0
network 192.168.0.0... (2 Replies)
Discussion started by: jroberson
2 Replies
5. UNIX for Dummies Questions & Answers
Hi,
Just installed Centos 5.1 on HP DL360, on this system I have to close to ten nic's. How can I find which one is eth0? When I do " ifconfig -a" I see all of them, but I can't tell which is eth0?
Please advice. (2 Replies)
Discussion started by: samnyc
2 Replies
6. Red Hat
Hi,
I have just installed RHEL 5.4 on a BL430c-class server and I am attempting to connect to the network only when I try and start eth0, I get the following error?
"Bringing up Interface eth0: hp device eth0 does not seem to be present, delaying initialization."
I am using a HP... (18 Replies)
Discussion started by: Duffs22
18 Replies
7. Red Hat
Hello,
I re-installed my laptop and installed a new copy of VMBOX, I created a VM Machine with my Rhel5 and a CEntos copy as well.
I am using a laptop HP DV4, I use wireless on the laptop.
Usually when I boot up in to either machine I would get eht0 and lo as usual now I just don't get... (4 Replies)
Discussion started by: NelsonC
4 Replies
8. Red Hat
Hi,
I have noticed some performance issues on my RHEL5 server but the memory and CPU utilization on the box is fine.
I have a 1G full duplexed eth0 card and I am suspicious that this may be causing the problem. My eth0 settings are as follows:
Settings for eth0:
Supported ports: ... (12 Replies)
Discussion started by: Duffs22
12 Replies
9. Solaris
Hi Al,
In course of understanding networking in Solaris, I have these doubts on Interfaces. Please clarify me. I have done fair research in this site and others but could not be clarified.
1. In the "ifconfig -a" command, I see many interfaces and their configurations. But I see many... (1 Reply)
Discussion started by: satish51392111
1 Replies
10. Red Hat
Hi guys,
I really need your help with this.
My network interface eth0 is up but not running. I checked udev rules and ifcfg-eth0 files to make sure the mac address are the same.
It just would not come up. Please please I will really appreciate the help here.
Thank you in advance. (3 Replies)
Discussion started by: cjashu
3 Replies
LEARN ABOUT DEBIAN
shorewall-routestopped
SHOREWALL-ROUTESTOP(5) [FIXME: manual] SHOREWALL-ROUTESTOP(5)
NAME
routestopped - The Shorewall file that governs what traffic flows through the firewall while it is in the 'stopped' state.
SYNOPSIS
/etc/shorewall/routestopped
DESCRIPTION
This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped.
Warning
Changes to this file do not take effect until after the next shorewall start or shorewall restart command.
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
the alternate specification syntax).
INTERFACE - interface
Interface through which host(s) communicate with the firewall
HOST(S) (hosts) - [-|address[,address]...]
Optional. Comma-separated list of IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are
also allowed.
If left empty or supplied as "-", 0.0.0.0/0 is assumed.
OPTIONS - [-|option[,option]...]
Optional. A comma-separated list of options. The order of the options is not important but the list can contain no embedded whitespace.
The currently-supported options are:
routeback
Set up a rule to ACCEPT traffic from these hosts back to themselves. Beginning with Shorewall 4.4.9, this option is automatically
set if routeback is specified in shorewall-interfaces[1] (5) or if the rules compiler detects that the interface is a bridge.
source
Allow traffic from these hosts to ANY destination. Without this option or the dest option, only traffic from this host to other
listed hosts (and the firewall) is allowed. If source is specified then routeback is redundant.
dest
Allow traffic to these hosts from ANY source. Without this option or the source option, only traffic from this host to other listed
hosts (and the firewall) is allowed. If dest is specified then routeback is redundant.
notrack
The traffic will be exempted from conntection tracking.
PROTO (Optional) - protocol-name-or-number
Protocol.
DEST PORT(S) (dport) - service-name/port-number-list
Optional. A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form
low-port:high-port if your kernel and iptables include port range support.
SOURCE PORT(S) (sport) - service-name/port-number-list
Optional. A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form
low-port:high-port if your kernel and iptables include port range support.
Note
The source and dest options work best when used in conjunction with ADMINISABSENTMINDED=Yes in shorewall.conf[2](5).
EXAMPLE
Example 1:
#INTERFACE HOST(S) OPTIONS PROTO DEST SOURCE
# PORT(S) PORT(S)
eth2 192.168.1.0/24
eth0 192.0.2.44
br0 - routeback
eth3 - source
eth4 - notrack 41
FILES
/etc/shorewall/routestopped
SEE ALSO
http://shorewall.net/starting_and_stopping_shorewall.htm
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)
NOTES
1. shorewall-interfaces
http://www.shorewall.net/manpages/shorewall-interfaces.html
2. shorewall.conf
http://www.shorewall.net/manpages/shorewall.conf.html
[FIXME: source] 06/28/2012 SHOREWALL-ROUTESTOP(5)