|
|
Sponsored Content
Special Forums
Cybersecurity
IP Tables not allowing ports
Post 302878951 by neutronscott on Monday 9th of December 2013 08:50:04 PM
12-09-2013
|
|
9 More Discussions You Might Find Interesting
1. Cybersecurity
I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies
2. Shell Programming and Scripting
I am trying to transpose tables listed in the format into format. Any help would be greatly appreciated.
Input:
test_data_1
1 2 90%
4 3 91%
5 4 90%
6 5 90%
9 6 90%
test_data_2
3 5 92%
5 4 92%
7 3 93%
9 2 92%
1 1 92%
...
Output:... (7 Replies)
Discussion started by: justthisguy
7 Replies
3. Programming
I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies
4. Red Hat
I have encountered some problems in my school work.
Here is the question:
The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography.
Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies
5. Homework & Coursework Questions
The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography.
4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering
I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies
6. Red Hat
Hi Friends,
samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box
conf as below
#testparm
Load smb config files from /etc/samba/smb.conf
Processing section ""
Processing section ""
Processing section ""
Loaded services file OK.
Server... (0 Replies)
Discussion started by: heman96
0 Replies
7. UNIX for Dummies Questions & Answers
Hello!
I run an HP Unix system which I host oracle databases on, as well as oracle based apps used by my company. My IA department needs to scan my files to ensure I am following IA procedures and check for vulnerabilities in scripts etc. The scan is coming from corporate, and they asked for... (2 Replies)
Discussion started by: hpuxguy
2 Replies
8. AIX
As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies
9. UNIX for Advanced & Expert Users
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies
LEARN ABOUT V7
ip-rule
IP-RULE(8) Linux IP-RULE(8) NAME
ip-rule - routing policy database management SYNOPSIS
ip [ OPTIONS ] rule { COMMAND | help } ip rule [ list [ SELECTOR ]] ip rule { add | del } SELECTOR ACTION ip rule { flush | save | restore } SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ] ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ] [ goto NUMBER ] SUPPRESSOR SUPPRESSOR := [ suppress_prefixlength NUMBER ] [ suppress_ifgroup GROUP ] TABLE_ID := [ local | main | default | NUMBER ] DESCRIPTION
ip rule manipulates rules in the routing policy database control the route selection algorithm. Classic routing algorithms used in the Internet make routing decisions based only on the destination address of packets (and in theory, but not in practice, on the TOS field). In some circumstances we want to route packets differently depending not only on destination addresses, but also on other packet fields: source address, IP protocol, transport protocol ports or even packet payload. This task is called 'policy routing'. To solve this task, the conventional destination based routing table, ordered according to the longest match rule, is replaced with a 'routing policy database' (or RPDB), which selects routes by executing some set of rules. Each policy routing rule consists of a selector and an action predicate. The RPDB is scanned in order of decreasing priority (note that lower number means higher priority, see the description of PREFERENCE below). The selector of each rule is applied to {source address, des- tination address, incoming interface, tos, fwmark} and, if the selector matches the packet, the action is performed. The action predicate may return with success. In this case, it will either give a route or failure indication and the RPDB lookup is terminated. Otherwise, the RPDB program continues with the next rule. Semantically, the natural action is to select the nexthop and the output device. At startup time the kernel configures the default RPDB consisting of three rules: 1. Priority: 0, Selector: match anything, Action: lookup routing table local (ID 255). The local table is a special routing table con- taining high priority control routes for local and broadcast addresses. 2. Priority: 32766, Selector: match anything, Action: lookup routing table main (ID 254). The main table is the normal routing table containing all non-policy routes. This rule may be deleted and/or overridden with other ones by the administrator. 3. Priority: 32767, Selector: match anything, Action: lookup routing table default (ID 253). The default table is empty. It is reserved for some post-processing if no previous default rules selected the packet. This rule may also be deleted. Each RPDB entry has additional attributes. F.e. each rule has a pointer to some routing table. NAT and masquerading rules have an attribute to select new IP address to translate/masquerade. Besides that, rules have some optional attributes, which routes have, namely realms. These values do not override those contained in the routing tables. They are only used if the route did not select any attributes. The RPDB may contain rules of the following types: unicast - the rule prescribes to return the route found in the routing table referenced by the rule. blackhole - the rule prescribes to silently drop the packet. unreachable - the rule prescribes to generate a 'Network is unreachable' error. prohibit - the rule prescribes to generate 'Communication is administratively prohibited' error. nat - the rule prescribes to translate the source address of the IP packet into some other value. ip rule add - insert a new rule ip rule delete - delete a rule type TYPE (default) the type of this rule. The list of valid types was given in the previous subsection. from PREFIX select the source prefix to match. to PREFIX select the destination prefix to match. iif NAME select the incoming device to match. If the interface is loopback, the rule only matches packets originating from this host. This means that you may create separate routing tables for forwarded and local packets and, hence, completely segregate them. oif NAME select the outgoing device to match. The outgoing interface is only available for packets originating from local sockets that are bound to a device. tos TOS dsfield TOS select the TOS value to match. fwmark MARK select the fwmark value to match. priority PREFERENCE the priority of this rule. PREFERENCE is an unsigned integer value, higher number means lower priority, and rules get pro- cessed in order of increasing number. Each rule should have an explicitly set unique priority value. The options preference and order are synonyms with priority. table TABLEID the routing table identifier to lookup if the rule selector matches. It is also possible to use lookup instead of table. suppress_prefixlength NUMBER reject routing decisions that have a prefix length of NUMBER or less. suppress_ifgroup GROUP reject routing decisions that use a device belonging to the interface group GROUP. realms FROM/TO Realms to select if the rule matched and the routing table lookup succeeded. Realm TO is only used if the route did not select any realm. nat ADDRESS The base of the IP address block to translate (for source addresses). The ADDRESS may be either the start of the block of NAT addresses (selected by NAT routes) or a local host address (or even zero). In the last case the router does not trans- late the packets, but masquerades them to this address. Using map-to instead of nat means the same thing. Warning: Changes to the RPDB made with these commands do not become active immediately. It is assumed that after a script finishes a batch of updates, it flushes the routing cache with ip route flush cache. ip rule flush - also dumps all the deleted rules. This command has no arguments. ip rule show - list rules This command has no arguments. The options list or lst are synonyms with show. ip rule save save rules table information to stdout This command behaves like ip rule show except that the output is raw data suitable for passing to ip rule restore. ip rule restore restore rules table information from stdin This command expects to read a data stream as returned from ip rule save. It will attempt to restore the rules table information exactly as it was at the time of the save. Any rules already in the table are left unchanged, and duplicates are not ignored. SEE ALSO
ip(8) AUTHOR
Original Manpage by Michail Litvak <mci@owl.openwall.com> iproute2 20 Dec 2011 IP-RULE(8)