All Questions
181
questions
0
votes
1
answer
52
views
I keep receiving login attempt to my server until it gets down
I have a Centos7 server and after years of correctly working, yesterday it started to being unreachable (The server apps I have there were not rechable, the SSH connection gave timeout, etc but the ...
- 103
1
vote
1
answer
364
views
Failover load balancing by iptables is possible?
I'm playing around with iptables in my home lab. My first goal is to take my active directory communication into one load balancing virtual IP. I used prerouting chain to do that. For testing purposes,...
- 21
0
votes
0
answers
433
views
How to alter firewall (iptables) log rules such that they stop flooding the primary console on AlmaLinux 8?
I have a constant deluge of firewall blocks showing up on my console in AlmaLinux 8:
How do you modify iptables rules / settings so as to disable these from showing up on the primary console and to ...
- 1,207
-1
votes
2
answers
247
views
Firewall not keeping relay attempts from reaching postfix
I have a centos-based vps managed with webmin and every once in a while I get a few hundred emails like this one:
From: MAILER-DAEMON@mail.<redacted>.com
To: postmaster@<redacted>.com
...
- 120
0
votes
1
answer
618
views
how to use firewalld in stateful mode
I have to setup an stateful firewall on centos8 using firewalld.
I'm new to firewalld but have experience with old style iptables for this purpose.
since it is recommended by Redhat here I prefer to ...
- 21
3
votes
0
answers
4k
views
how to allow outgoing traffic with firewalld / libvirt on CentOS 8?
I installed a CentOS 8 guest on a CentOS 8 host using libvirt. However firewalld is blocking all outgoing traffic from the guest to the internet unless I use target=ACCEPT for the libvirt zone.
The ...
- 213
0
votes
2
answers
4k
views
Can't access VNC port from local network
I've installed VNC on CentOS and enabled it on port 5901. I made sure that selinux, firewalld and iptables were disabled/stopped on the system for troubleshooting purposes. Now I can successfully ...
- 113
0
votes
1
answer
607
views
position and override the default nftables rules
I recently installed Centos8 on a virtual machine to try nftables as a replacement for iptables.
I installed it by choosing the full server with GUI option.
With nft list rulset I have a long output ...
2
votes
2
answers
2k
views
Block China on GCP/VM firewall
is there a way to geo block China from connecting my GCP VMs?
I see this item in my billing:
Network Internet Egress from Americas to China
Can I block the whole lot?
Is there a way to investigate ...
google-cloud-platform
0
votes
0
answers
94
views
Issue with firewalld and ebtables [duplicate]
I am just setting up a server that occupies firewalld as the main firewall, but I have a problem ... doing
systemctl status firewalld
it appears that the service is running, but with certain problems
...
- 1
3
votes
1
answer
1k
views
Firewalld forwarding same-zone traffic from Wireguard interface, without allowing access to Host-ports
I am running a RHEL-based Linux distribution on a VPS, that is supposed to be a VPN-Gateway Server. I am using Wireguard for interconnecting Clients with each other over this Gateway. The Server has ...
1
vote
0
answers
50
views
Having a Secure / Copy Protected DESKTOP Environment in Cent OS Linux
We have a VPS / Bare-metal server rented on a data-center and we access them over internet through user ID and password. It is running CentOS 7. That is direct access and there's no VPN in between. We ...
- 81
0
votes
0
answers
13
views
Allow application through firewall Linux [duplicate]
I installed clean CentOS 8 machine. copied my app to it. started. i can get response by
curl https://localhost:5001 -- insecure
but if I try a local or external ip or browser from remote location for ...
- 762
1
vote
1
answer
3k
views
How to remove ipset entry with timeout from firewalld using firewall-cmd?
Using Centos 8 with firewalld. I created 2 ipsets, one permanent, one with timeout:
firewall-cmd --permanent --new-ipset=blacklist_temp --type=hash:ip --option=timeout=86400
firewall-cmd --permanent --...
- 130
1
vote
0
answers
163
views
Is iptables-save and iptables-restore works if I am using firewalld?
We are using docker-compose to run our services and firewalld as our firewall. Now we need to modify some firewall rules, but since firewalld has possible risk that remove DOCKER-USER iptables chain ...
- 111
0
votes
1
answer
334
views
How to block traffic to specific subdomain in OpenVPN?
I have an OpenVPN server with some vpn clients and I want to block access to this subdomain for all of the clients : teamspeak.site.com
Is there any way to achieve this with OpenVPN configuration? If ...
- 33
2
votes
1
answer
786
views
firewalld, `--add-rich-rule` and missing blacklist set
My server uses Centos8 quite recently installed (~1 year).
After trying to ban an IP:
firewall-cmd --permanent --zone=extz --add-rich-rule='rule family="ipv4" source address="49.88.112....
- 135
2
votes
1
answer
180
views
Deny port redirection based on source IP - firewalld
I'm trying to forward a port to an external IP using firewall-cmd, but I need to deny access from certain ips.
To setup a port-forward of port 55500, I use:
firewall-cmd --permanent --zone=public --...
- 479
0
votes
2
answers
1k
views
Can't access tomcat externally in Centos 7
I just installed tomcat 8 on a Centos 7 server and I know it's working because I could get tomcat's index.html with wget http://localhost:8080. (I couldn't think of another way of testing in a remote ...
- 101
0
votes
1
answer
289
views
Single VPS, multiple IPs - different iptables rules based on IP
I currently have a VPS with just 1 IP address and I want to buy another IP and do the following:
have one public IP with incoming requests allowed only on port 7777 (UDP)
have a Mysql server running ...
- 3
1
vote
0
answers
72
views
How to limit ICMP Echo requests to 5, then drop for at least 30s (if the pings stop) with iptables?
I tried it with following 2 lines
iptables -A INPUT -p icmp --icmp-type 8 -i $EXT -m recent --set -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -i $EXT -m recent --update --hitcount 5 --seconds ...
- 11
0
votes
0
answers
684
views
Strongswan Centos 7 Config Issue
I have a problem with configuring Strongswan on Centos 7 ! First please notice that I want to connect with only username and password and I don't want to import any profiles on my phone ! My server ip ...
- 27
1
vote
0
answers
650
views
Why can't mount nfs server from client?
Follow these two guides installed NFS server and client:
https://www.howtoforge.com/nfs-server-and-client-on-centos-7
https://www.howtoforge.com/tutorial/setting-up-an-nfs-server-and-client-on-centos-...
- 311
1
vote
0
answers
2k
views
Translating a firewall-cmd command to iptables command
I read here that iptables package is part of the Linux Kernel and that every GUI firewall tools are in the end translated in some kind of iptable rules.
Now I am setting up Centos 8 server folowing ...
- 403
0
votes
0
answers
287
views
centos blocking 22 port even if firewall close
I'm trying ssh connection to server but it gives port 22: Connection refused error.
I checked firewall and it seems disabled
I also checked port 22 with telnet command and it seems blocked..
How ...
0
votes
1
answer
245
views
Is there any reason to keep firewalld running on a virtual machine with host firewall?
I'm setting up a CentOS 8 virtual machine created under Proxmox. Even when I choose the minimal install, I'm getting firewalld installed and enabled by default.
If I activate Proxmox's built-in ...
- 4,607
0
votes
1
answer
42
views
centos firewall, split webtraffic based on subDomain name
I have a CentOS 7 firewall and 1 public IP available (I maybe get a second) and
we have 2 subdomains
crm.domain.com (its a appliance crm)
www.domain.com (there should be the company website)
How ...
- 1
0
votes
1
answer
231
views
How to set firewall's log in debian?
I am familiar with debian,so i want to build my vps server with debian instead of centos.
There are log file /var/log/firewalld both in centos and debian.
In order to activate log function for ...
- 337
0
votes
1
answer
926
views
NGINX/Apache does not respond to requests behind NAT
Warning: I am a newbie to NGINX. I used apache2 but on CentOS I am not used to the way it is set up and also I want to try NGINX since its newer and more modern.
Edit: I have tested also with Apache(...
- 103
0
votes
1
answer
270
views
CentOS - Forwarding all ports except one
It is possible to forward all ports (TCP/UDP) in a CentOS server except by the ssh/sftp port (TCP port 22).
If it is possible how can I do this?
I thought in something using "FirewallD".
Thank you! ...
- 277
0
votes
0
answers
50
views
after installed Lets encrypt SSL site is not opening
I am using apache web server on centos 7. I hosted some files, and i installed. after that site was working fine for http. Then i installed Lets encrypt SSL afte this site is not opening.
I opend port ...
0
votes
2
answers
187
views
Server's unusual outgoing traffic about 12K GB and Incurred high server traffic costs
Last night my server(centos5) had unusual outgoing traffic, About 12kGB and right now my server is down because I have to pay that traffic's cost. My server is a small server for a small App. I don't ...
- 351
2
votes
2
answers
6k
views
How do I completely block port using firewalld?
Disclaimer: It's the first time I use firewalld, be gentle :) .
I have a CentOS machine and I want to implement the following requirements using firewalld:
Allow connections from anywhere to ports 1,...
- 161
0
votes
1
answer
2k
views
How to connect Linux Firewall IP whitelisting with database?
The problem is my dedicated box is getting ddosed. I would like to setup Linux firewall that would whitelist the ip addresses that would be listed in the database.
Basically the process should be - ...
- 3
4
votes
1
answer
5k
views
Block only port from being accessed outside except localhost
On Centos 6 machine, how can I block port 8888 from being accessed except by localhost/127.0.0.1 only using iptables?
Actually, I have another port that I want to listen on 8000 instead of 8888.
...
- 41
3
votes
1
answer
13k
views
Can't connect to mysql on remote server
I have several machines running CentOS, one of which is set up as the mysql server. I had been running this for a while, and was able to connect to mysql from the remote machines with no problem, but ...
0
votes
1
answer
226
views
Firewall block all but one ip spoofing
We have a server which accepts traffic coming from a few sources (ip addresses) and accept's it (using firewalld). All other traffic inbound is blocked.
How likely is the risk that somebody ...
- 11
0
votes
1
answer
61
views
Two similar services, two IPs, one server?
I'm running a CentOS 7 box. On this box I have two services which should both be exposed using port 443 for HTTPS traffic. Using a reverse proxy is no option, one service cannot be reconfigured to ...
0
votes
1
answer
4k
views
CentOS 7 - firewalld[8509]: ERROR: COMMAND_FAILED
[root@localhost ~]# systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: ...
- 173
3
votes
1
answer
4k
views
CentOS 7 SNMP port always closed
I have a CentOS 7 server in which I opened up ports for SNMP connections.
Even though I can see the ports open here:
[matias@Centos_7_VM ~]$ sudo firewall-cmd --list-all
[sudo] password for matias:
...
- 223
0
votes
1
answer
151
views
CentOS 6.8 dropping all connections
I have a CentOS 6.8 (Final) server (on Production). How can I allow the incoming connections to eth0 interface from a different private subnet? Currently, it is accessible on the same network (10.0.6....
- 1
3
votes
3
answers
18k
views
Why firewalld doesn't apply my drop rule?
In centos 7 I want to block traffic from a source IP (example 3.3.3.3) and for that I apply the following rule:
# firewall-cmd --permanent --zone=drop --add-source=3.3.3.0/24
# firewall-cmd --reload
...
- 886
2
votes
1
answer
1k
views
How can I debug firewall settings in centos?
I'm trying to change my default ssh port to 21212 but something seems to be blocking the new port.
After editing the ssh config and restarting the service, I can see from netstat -l that the sshd is ...
- 21
0
votes
0
answers
26
views
APF strangely blocks 443 port with specific time interval
I run on CentOS cloud server. Recently I installed SSL and enabled https for my site. After enabling https every 20-24 hours APF blocks 443 port but 80 is accessible as usual. After I restart APF 443 ...
- 279
4
votes
2
answers
2k
views
Configuring an alternate jail in fail2ban for manual use
I have a fail2ban instance that works well.
But I also like to occasionally examine the logs manually and try to ID system probes that are working around my standard f2b definitions.
What I'm ...
- 411
2
votes
1
answer
426
views
Various firewall problems after VPS reboot [Firewall-cmd or iptables?]
CentOS 7, VPS
NGinx, virtualmin, pm2, mongodb, mongo-express, openvpn
Hi guys, im new to VPS and linux in general but loving the flexibility and things im learning so please stay with me as im sure ...
- 133
1
vote
1
answer
6k
views
Firewalld Won't Start Due to Netfilter Issue
Firewalld won't start, and when executing 'systemctl status firewalld', I get the following errors:
ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno 2] No such ...
- 57
1
vote
1
answer
472
views
added dns port to iptables but it's not open CentOS 7
I added the dns server ports to iptables and even the named service is listening on it when I check it with netstat but when I check the port from outside it's closed.
iptables -n -L => output:
...
- 13
1
vote
1
answer
3k
views
Cannot Access RStudio Server On CentOS 7 Via Browser
I have a x86_64 system running CentOS 7. I have installed and configured R and RStudio Server on it, but not able to access it via http://<server-ip>:8787 as suggested by the documentation here. ...
2
votes
4
answers
5k
views
TFTP works localhost but not global
I have a TFTP server on Centos 7.4. The TFTP server is up and running and works well when trying to access a file, connecting on localhost. However, if I try to access the TFTP server from another ...
- 29