Questions tagged as ['firewall']

We use two pfsense firewalls at two locations and have connected the locations using IPsec site-by-site. That had worked well for a long time, now we had installed the 2.6.0 update at both locations and suddenly the speed dropped massively. I've analyzed this a bit and have read several posts about it.

The tunnel is online for phase 1 and phase 2, I can also ping the host in the other network and ...

I am trying to access a simple web server on my main machine from my phone. I got my ipv4 IP and opened the port on the firewall, yet I still can't access the port! I just get a timed-out error on my phone. I checked if both devices are on the same network, and they were. Does anybody know any other possible causes of this?

I'm trying to replace an existing AutoSSH tunnel with firewall rules:

firewall-cmd --zone=public --add-forward-port=port=9999:proto=tcp:toport=9999:toaddr=100.1.1.1

This should forward all incoming TCP connections to 100.1.1.1

The problem is that it does not work (the port stays closed). I'm trying to understand what I'm doing wrong, and the only thing I can think of is that the destination IP address is ...

I have a website that uses Cloudflare, in my host level firewall I have noticed that all IPs automatically detected as malicious are identified as "owned by Cloudflare" and I don't know how this is possible.

Does this mean that simply Cloudflare blocks all others malicious attacks but is unable to filter bad actors to perform attacks hidden by their CDN services?

...or these could be false positive ...

I normally never get any bad login SSH attempts, since my port 22 is deeply burried behind a firewall that blocks all but one IP - my VPN.

Yet, I just ran -lastb and to my jaw-dropping surprise it seems that in fact there were two bad loging attempts from another IP - it is listed and reprted to do brute force SSH attacks.

Coincidentally I have recently migrated to CloudFlare CDN and wonder if this  ...

I setup an OpenVPN server using openvpn-install. I would like clients to be able to connect to the VPN server, but any traffic aimed towards the internet instead of the VPNs local network should be blocked.

I have seen many solutions proposing adding push commands to server.conf requesting that clients use their own network for internet traffic by default, however these requests can be ignored by cl ...

I'm working on a project to verify the source of each packet if its destination is one of several IPs on the LAN network. I'm interested in the LAN IPs, not the WAN.

I tried to create many matches like the following but nothing worked.

iptables -t nat -d <list of IPs> -A FORWARD -j NFQUEUE --queue-num 1

I have used the following rules to enable routing in my raspberry pi

sudo iptables -F

sudo ...

I've got a VM at a hosting service and installed a basic firewall with nftables. However, when it is active, all outbound traffic seems to get blocked. For example, when trying to ping google.com, I get a No route to host error. This occurs for any host I try to ping.

Here's my (really basic) config:

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
  chain input {
    type filter hook input priority ...

I have running AdGuardHome instance on podman with WebUI port -p 8053:80.

# podman port -a
1aeb8e800717    53/tcp -> 0.0.0.0:53
1aeb8e800717    853/tcp -> 0.0.0.0:853
1aeb8e800717    5443/tcp -> 0.0.0.0:5443
1aeb8e800717    80/tcp -> 0.0.0.0:8053
1aeb8e800717    53/udp -> 0.0.0.0:53
1aeb8e800717    784/udp -> 0.0.0.0:784
1aeb8e800717    853/udp -> 0.0.0.0:853
1aeb8e800717    54 ...

It's a pleasure to join this community and learn more about networking.

I need your help to advise me on the best way to set up an external firewall for social media use. I have a PC with windows and a USB 4g pen. I wrote a script to plug and unplug the USB automatically thus rotating IPS. I want to create a wifi hotspot from the first laptop and access that hotspot from the second laptop.

What is t ...

I have computers on my network that I want to allow access to LAN resources - I created an alias with their IP addresses (LAN_WHITELIST). For the other devices I would like to do Internet access only.

So I have also created an alias for private networks: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - INTERNAL_NET.

My rules look as follows:

That is, I pass LAN_WHITELIST to INTERNAL_NET. I block not LAN_WHI ...

For security reasons, I'm moving my webserver to its own VLAN.

Is it safe to keep it as a domain member (with all the right firewall rules) or should it be a standalone server?

We use aws ec2 instances with the 'AWS Linux AMI 2' image.

We have a script for security updates with this code: yum update -y --security.

I want to allow only security update in outbound rules - aws security group. Can someone tell me what is the port + ip? if it has a specific IP... I think the port is HTTP 80 since it works after I add it.

I have two mikrotik router which connected with vpn. The router configuration like this Router CORE

PUBLIC IP : 66.96.234.199/32 IP VPN : 172.1.23.1

Router Client IP VPN : 172.1.23.33

I've port forward from router client to router core which that router have ip public. When i'm access Router Client with ip public + port that i've forward before, in /system active user show ip router core vpn. How can i ...

OS FreeBSD-13.0p3

We have a gateway router (G) with three physical Ethernet interfaces. One (W1) is the WAN gateway. The other two (L1,L2) are connected to the same wire. L1 belongs to the 192.168.0.0/16 network. L2 belongs to our public routable network 123.123.123.0/25.

All single-homed internal hosts belong to one or the other networks exclusively. Some dual-homed hosts have one nic on L1 an ...

My company security team has informed me that my workstation is pinging some "blacklisted" IP addresses. The enterprise security tool reporting this information sits in place of the usual Windows firewall, but it seems it is unable to tell which process is the culprit.

I had the device rebuilt about six months ago for the same reason, and I'm pretty sure it's just an application that's using a co ...

I need to determine whether a particular site is accessible on a particular port, given that firewall restrictions exist on the network.

If I cannot access the site on a particular port, then that means I would need to modify the firewall before proceeding. Otherwise, if I can reach the site, then I would be able to proceed with what I intend to do.

I wanted to know whether I could fetch a repositor ...

Im trying to set up an openvpn on my pc (which is running Ubuntu Server 22.04). I've used the quick install script listed here

When i try to connect on my linux machine i get the following error:

2022-05-01 00:41:54 read UDP [ECONNREFUSED]: Connection refused (code=111)

Which means that my port isn't open. I tried opening it with ufw and the guide listed on another similar problem: here

The mini server  ...

We recently added a backup ISP for our rack. Simply put, in the event that our primary connection goes down we would like to be able to switch to our backup connection. Right now we have primary external addresses pointing to internal addresses through VirtualIPs. Is there a way to have this abstracted so we can change the source IP block without having to change every VIP definition? Best practice for  ...

while creating firewall rule (simple config:gcloud app firewall-rules create 10000 --action allow --source-range --description "basic rule") I am getting all the time message that "The attempted action failed. Please try again" and request ID is below, this occurs for both ipV4 and V6. Currently I am using free tier for educational purposes, maybe some functionality is limitied, although there is no me ...

I have root access to a server (S), but have no control over the firewalls over the network. I set up a virtual machine (VM) inside the server (S) and wanted some users to access VM directly, i.e., without providing them access to anything else inside S.

A straight-forward solution was to set up a tunnel that listen to another port, like S:22000. However, users are on a different network, that filters all ...

I'm trying to connect to a CentOS 5 box (I know it needs to be decommissioned, it's in the works) using SFTP on port 22. The server is not letting me authenticate while connected to the network via Ethernet. I get a banner and can connect, but the server denies my credentials.

I tried the same credentials using the same method while connecting to the VPN and the server permits me to connect with  ...

I have a server running Debian 10 and I use "ufw" as my firewall tool, I used it to open few ports only 80,443,22
I tried to execute "netstat -na" to see if any unauthorized connections to my server and this what I got :
......................
udp________0______0 my_public_ip:45859_____162.159.200.123:123_____ESTABLISHED
udp________0______0 my_public_ip:60435_____162.159.200.1:123_______ESTABLISHE ...

So when i do

iptables -A ufw-user-forward -s 172.0.0.0/8 -d 10.0.0.0/24 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A ufw-user-forward -s 172.0.0.0/8 -d 10.0.0.0/24 -j DROP

one by one in terminal, it works but when i add it to after.rules like so:

*filter
-A ufw-user-forward -s 172.0.0.0/8 -d 10.0.0.0/24 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-user-forward -s 172.0.0.0/8 -d 10 ...

I have an Ubuntu 20 machine as an internet gateway with two WANs ens160 and ens192. I switch the default route on the gateway like ip r re 0/0 dev160(or ens192) and the clients on the LAN access the web without any problem. But if I want to let a specific user through the specified WAN, such as

ip ru add from 192.168.3.60 lookup 100
ip r a 0/0 dev ens192 t 100

client 192.168.3.60 has an issue ac ...

Lots of articles discuss setting up connections to your VM (RDP, SSH, Bastion).

However, when you are emulating on-prem environments, usually you also need to connect back to your laptop or laptop hyper-v "server" environment.

How do you get past NAT and set rules so that only these VMs can connect? Also, if connected to a Corp VPN, would that make it easier or more difficult in your experience?

For th ...

A program I use generates some TCP connections using raw packets mode. Let's say that I executed those two commands:

/sbin/iptables -A INPUT -s 8.0.0.0/8 -j DROP
/sbin/iptables -A OUTPUT -d 8.0.0.0/8 -j DROP

Is it safe to assume that no packets will be sent to that network?

I have a Hitron router that was provided by my ISP, and I have it configured to forward ports to devices on my LAN. I used to be able to access machines on the LAN from machines on the LAN by way of WAN IP of the router. For example

curl https://$(curl icanhazip.com)

would, in fact, make an HTTPS connection assuming I had a server listening behind the router.

Example:

client (192.168.0.42) ---> ro ...

I was reading this:

https://www.giac.org/paper/gsec/693/comparison-packet-filtering-vs-application-level-firewall-technology/101569

Within the context of setting up a server (non public facing), the gist is that you have PF firewalls and Application firewalls. Application firewalls are more secure since they see more of the packet etc etc but they are consequently slower.

If an application firewall is mo ...

Whenever I try and connect to my EC2 instance using SSH, I get ssh: connect to host 35.xxx.xx.xxx port 22: Operation timed out.

The weird thing is that this happens the majority of the time, but not every time. Very occasionally it will let me connect just fine... Then I think the problem is fixed and celebrate! But then I get the same issue again the very next day.

I have been reading through forums t ...