Problem Creating PPTP Connection

Hello

I have problem with creating pptp connection on my centos vps.
VPS is under OpenVZ, so in customer panel i enabled TUN/TAP, PPP and IPSEC.

On my centos 6.5 vps i made changes based on this tutorial
http://www.zedt.eu/tech/linux/settin...os-openvz-vps/

and on windows 7 this
http://www.howtogeek.com/51237/setti...ver-on-debian/

And now, windows 7 is giving me 807 error.

Is this iptables rules are correct ?
Code:
iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i venet0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source [VPS's IP]
iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
iptables -A FORWARD -i venet0 -o ppp0 -j ACCEPT

I have no ppp0 interface, and i have additionally vnet0:0 with external ip, and gre0 and gretap0 interfaces.

So ifconfig -a shows:
Code:
[root@vps ~]# ifconfig -a
gretap0   Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          BROADCAST MULTICAST  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-FF-FF-80-4B-00-00-00-00-00-00-00-00  
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: 2602:ffc5::ffc5:6f61/128 Scope:Global
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:101201 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42319 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:131220862 (125.1 MiB)  TX bytes:4717867 (4.4 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:x.x.x.x  P-t-P:x.x.x.x  Bcast:x.x.x.x
Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

So is vnet0 should be vnet0:0 ?
And what should be instead of ppp0 interface ?


Similar Content



Which Is My Public And Which Is My Private

hi guys, ive altered the numbers for security but can someone tell me which one of these is my private ip address for this particular computer? im troubleshooting port forwarding and i want to make sure i have the right private ip address. i know the public one already. i used ifconfig to print this out. there are so many addresses that im not sure which is my private one for this particular computer. thanks

Link encap:Local Loopback
inet addr:133.5.7.1 Mask:255.5.6.2
inet6 addr: ::1/144 Scope:Host
UP LOOPBACK RUNNING MTU:44436 Metric:1
RX packets:26824 errors:0 dropped:0 overruns:0 frame:0
TX packets:26824 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3268828 (3.2 MB) TX bytes:3268828 (3.2 MB)

wlan0 Link encap:Ethernet HWaddr 11:1f:8b:a5:98:c2
inet addr:10.1.1.33 Bcast:11.1.1.293 Mask:242.242.242.0
inet6 addr: fe70::23f:7bff:fea9:38c5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1800 Metric:1
RX packets:244694 errors:0 dropped:0 overruns:0 frame:0
TX packets:247756 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:209624351 (209.6 MB) TX bytes:84885694 (84.8 MB)

Kali Linux Didn't Recognize Wireless Networks

Hi,
i'm new in kali linux.
i have an issue with the wifi connections.
installing the newwst version of kali from the official website on virtual box.
plug the USB wireless adapter (TP-LINK).
also, i noticed wlan0 on #ifconfig command.
on the network setting configure NAT (also tried with NAT bridged)

my problem is that - i cannot see any wireless networks.
i followed few guides from youtube and here but with no luck.
it show me that i'm wired connected.
i attached screenshot bellow.
please kindly assist me.


additional information:
#airmon-ng start wlan0
when i type #ifconfig, i saw that wlan0 changed to wlan0mon
and with#airodump-ng command on wlan0mon i didn't see any wireless network as well


iwconfig
Quote:
root@kali:~# iwconfig
eth0 no wireless extensions.

wlan0 IEEE 802.11bgn ESSIDff/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thrff Fragment thrff
Encryption keyff
Power Managementff

lo no wireless extensions.
lsmod
Quote:
root@kali:~# lsmod | grep rt
rt2800usb 26222 0
rt2x00usb 17642 1 rt2800usb
rt2800lib 81543 1 rt2800usb
rt2x00lib 46315 3 rt2x00usb,rt2800lib,rt2800usb
mac80211 511777 3 rt2x00lib,rt2x00usb,rt2800lib
cfg80211 425751 2 mac80211,rt2x00lib
crc_ccitt 12347 1 rt2800lib
parport_pc 26287 0
parport 35699 1 parport_pc
usbcore 199549 7 rt2x00usb,ohci_hcd,ohci_pci,rt2800usb,ehci_hcd,ehci_pci,usbhid
lsusb
Quote:
root@kali:~# lsusb
Bus 001 Device 003: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 003: ID 80ee:0021 VirtualBox USB Tablet
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
ifconfig

Quote:
root@kali:~# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:dc:d0:01
inet addr:192.168.1.22 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fedc:d001/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7485 (7.3 KiB) TX bytes:4163 (4.0 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1200 (1.1 KiB) TX bytes:1200 (1.1 KiB)

wlan0 Link encap:Ethernet HWaddr 90:f6:52:10:0f:d2
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
iw wlan0 info
Quote:
root@kali:~# iw wlan0 info
Interface wlan0
ifindex 4
type managed
wiphy 1
iwlist scan
Quote:
root@kali:~# iwlist scan
eth0 Interface doesn't support scanning.

wlan0 No scan results

lo Interface doesn't support scanning.
uname -a
Quote:
root@kali:~# uname -a
Linux kali 3.18.0-kali3-amd64 #1 SMP Debian 3.18.6-1~kali2 (2015-03-02) x86_64 GNU/Linux
cat /etc/network/interfaces
Quote:
root@kali:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
thanks

How To Install A USB/Ethernet Adapter Driver With Source Files In Fedora 15

Hi.
This is the first time I need to do this. New to Linux... :-)

I need to have two Ethernet connections in my laptop working. Its Ethernet RJ-45 jack works fine. I had to get a new Trendnet USB/Ethernet adapter for the second connection. After I connected it for the first time to my laptop having Fedora 15, I get:

[root@Brcm-AP brcmapac]# tail -f /var/log/messages
Mar 17 05:31:57 Brcm-AP dbus: [system] Successfully activated service 'org.freedesktop.PackageKit'
Mar 17 05:36:58 Brcm-AP kernel: [11429.615508] TCP lp registered
Mar 17 05:42:35 Brcm-AP kernel: [11766.773200] composite sync not supported
Mar 17 05:46:17 Brcm-AP dbus: [system] Activating service name='net.reactivated.Fprint' (using servicehelper)
Mar 17 05:46:17 Brcm-AP dbus: [system] Successfully activated service 'net.reactivated.Fprint'
Mar 17 05:46:48 Brcm-AP dbus: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Mar 17 05:46:48 Brcm-AP dbus: [system] Successfully activated service 'org.freedesktop.PackageKit'
Mar 17 06:04:07 Brcm-AP kernel: [13058.324180] composite sync not supported
Mar 17 06:04:49 Brcm-AP dbus: [system] Activating service name='net.reactivated.Fprint' (using servicehelper)
Mar 17 06:04:49 Brcm-AP dbus: [system] Successfully activated service 'net.reactivated.Fprint'
Mar 17 06:06:07 Brcm-AP kernel: [13177.798536] usb 1-5: USB disconnect, address 4
Mar 17 06:06:10 Brcm-AP kernel: [13181.511109] usb 1-5: new high speed USB device using ehci_hcd and address 5
Mar 17 06:06:10 Brcm-AP kernel: [13181.630296] usb 1-5: New USB device found, idVendor=0b95, idProduct=1790
Mar 17 06:06:10 Brcm-AP kernel: [13181.630304] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Mar 17 06:06:10 Brcm-AP kernel: [13181.630311] usb 1-5: Product: AX88179
Mar 17 06:06:10 Brcm-AP kernel: [13181.630316] usb 1-5: Manufacturer: ASIX Elec. Corp.
Mar 17 06:06:10 Brcm-AP kernel: [13181.630320] usb 1-5: SerialNumber: 0000000000103C
Mar 17 06:06:10 Brcm-AP mtp-probe: checking bus 1, device 5: "/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-5"
Mar 17 06:06:10 Brcm-AP mtp-probe: bus: 1, device: 5 was not an MTP device
Mar 17 06:09:07 Brcm-AP dbus: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Mar 17 06:09:07 Brcm-AP dbus: [system] Successfully activated service 'org.freedesktop.PackageKit'

the output does detect the new USB adapter "Product: AX88179, Manufacturer: ASIX Elec Corp.".

The list of interfaces seen:

[root@Brcm-AP brcmapac]# ifconfig
em1 Link encap:Ethernet HWaddr 00:18:8B:B6:97:4D
inet addr:10.10.138.24 Bcast:10.10.139.255 Mask:255.255.254.0
inet6 addr: fe80::218:8bff:feb6:974d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32846 errors:0 dropped:12285 overruns:0 frame:12
TX packets:15532 errors:0 dropped:0 overruns:0 carrier:0
collisions:5185 txqueuelen:1000
RX bytes:35819763 (34.1 MiB) TX bytes:1346684 (1.2 MiB)
Interrupt:18

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1008 errors:0 dropped:0 overruns:0 frame:0
TX packets:1008 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:78668 (76.8 KiB) TX bytes:78668 (76.8 KiB)

wlan0 Link encap:Ethernet HWaddr 00:1A:92:9FA:A3
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


The first connection is em1 and working fine, but I never see a second ethx interface. I figured I'm missing the driver for it. So, I went to the read me file from the cd, where these files a
- asix.h
- ax88179_178a.c
- Makefile
- readme

The readme instructions for Linux say: you need the kernel sources installed on the machine. Make sure the version of the running kernel must match the installed kernel sources.

1. What are kernel sources and how I can download them for this installation? Please, keep in mind I do not know Linux. This is my first time doing more than just the very basics.
The instructions are called "ASIX AX88179_178A USB 3.0/2.0 Gigabit Ethernet Network Adapter Driver Compilation & Configuration on Linux."

My kernel is 2.6.38.6-26.rc1.fc15.i686.PAE

I have no idea how to start.
Thank you!!!

Wireless Network Setting In Mint

I am totally new to Linux. However, considering the many advantages of the operationg comparing to other OS, i have decided to go ahead with using MINT Rebacca which is the latest version. Initially for some time i did not have any issues in getting my internet connecton. However, for the last one week I am unable to connect through. The results of various terminal commands i applied is given below with a sincere trust somebody would be there to help me out.
----- anil@anil-HP-15-Notebook-PC ~ $ iwconfig eth0 no wireless extensions.
lo no wireless extensions.
wlan0 IEEE 802.11bgn ESSIDff/any Mode:Managed Access Point: Not-Associated Tx-Power=off Retry long limit:7 RTS thrff Fragment thrff Power Managementn anil@anil-HP-15-Notebook-PC ~ $

anil@anil-HP-15-Notebook-PC ~ $ ifconfig eth0 Link encap:Ethernet HWaddr f8:a9:63:90:62:b1 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:149 errors:0 dropped:0 overruns:0 frame:0 TX packets:149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10689 (10.6 KB) TX bytes:10689 (10.6 KB)
anil@anil-HP-15-Notebook-PC ~ $
anil@anil-HP-15-Notebook-PC ~ $ ifconfig eth0 Link encap:Ethernet HWaddr f8:a9:63:90:62:b1 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:149 errors:0 dropped:0 overruns:0 frame:0 TX packets:149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10689 (10.6 KB) TX bytes:10689 (10.6 KB)
anil@anil-HP-15-Notebook-PC ~ $
anil@anil-HP-15-Notebook-PC ~ $ lshw -C network WARNING: you should run this program as super-user. *-network description: Ethernet interface product: RTL8101E/RTL8102E PCI Express Fast Ethernet controller vendor: Realtek Semiconductor Co., Ltd. physical id: 0 bus info: pci@0000:08:00.0 logical name: eth0 version: 07 serial: f8:a9:63:90:62:b1 size: 10Mbit/s capacity: 100Mbit/s width: 64 bits clock: 33MHz capabilities: bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half firmware=rtl8106e-1_0.0.1 06/29/12 latency=0 link=no multicast=yes port=MII speed=10Mbit/s resources: irq:57 ioport:4000(size=256) memory:b5600000-b5600fff memory:b5400000-b5403fff *-network DISABLED description: Wireless interface product: RT3290 Wireless 802.11n 1T/1R PCIe vendor: Ralink corp. physical id: 0 bus info: pci@0000:0a:00.0 logical name: wlan0 version: 00 serial: 9c:ad:97:5b:16:45 width: 32 bits clock: 33MHz capabilities: bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=rt2800pci driverversion=3.13.0-37-generic firmware=0.37 latency=0 link=no multicast=yes wireless=IEEE 802.11bgn resources: irq:16 memory:b5510000-b551ffff WARNING: output may be incomplete or inaccurate, you should run this program as super-user. anil@anil-HP-15-Notebook-PC ~ $
anil@anil-HP-15-Notebook-PC ~ $ lshw -C Hardware Lister (lshw) - B.02.16 usage: lshw [-format] [-options ...] lshw -version
-version print program version (B.02.16)
format can be -html output hardware tree as HTML -xml output hardware tree as XML -short output hardware paths -businfo output bus information options can be -class CLASS only show a certain class of hardware -C CLASS same as '-class CLASS' -c CLASS same as '-class CLASS' -disable TEST disable a test (like pci, isapnp, cpuid, etc. ) -enable TEST enable a test (like pci, isapnp, cpuid, etc. ) -quiet don't display status -sanitize sanitize output (remove sensitive information like serial numbers, etc.) -numeric output numeric IDs (for PCI, USB, etc.)
anil@anil-HP-15-Notebook-PC ~ $
anil@anil-HP-15-Notebook-PC ~ $ rfkill list 0: phy0: Wireless LAN Soft blocked: yes Hard blocked: yes 1: hp-wifi: Wireless LAN Soft blocked: yes Hard blocked: no 2: hp-bluetooth: Bluetooth Soft blocked: yes Hard blocked: no anil@anil-HP-15-Notebook-PC ~ $
anil@anil-HP-15-Notebook-PC ~ $ lsusb Bus 001 Device 003: ID 0bda:5776 Realtek Semiconductor Corp. Bus 001 Device 002: ID 8087:8000 Intel Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 002 Device 004: ID 12d1:1505 Huawei Technologies Co., Ltd. E398 LTE/UMTS/GSM Modem/Networkcard Bus 002 Device 002: ID 24ae:2000 Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub anil@anil-HP-15-Notebook-PC ~ $
anil@anil-HP-15-Notebook-PC ~ $ sudo lsusb [sudo] password for anil: Bus 001 Device 003: ID 0bda:5776 Realtek Semiconductor Corp. Bus 001 Device 002: ID 8087:8000 Intel Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 002 Device 004: ID 12d1:1505 Huawei Technologies Co., Ltd. E398 LTE/UMTS/GSM Modem/Networkcard Bus 002 Device 002: ID 24ae:2000 Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub anil@anil-HP-15-Notebook-PC ~ $
Wth regards Anil Kumar

Centos 7 - Yum Update Failed

"yum update" command is not working.
IP information and relevant details below:

-------------------------------------------------------------------------
Here is the error message :
yum update
Loaded plugins: fastestmirror, langpacks


One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

1. Contact the upstream for the repository and get them to fix the problem.

2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).

3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:

yum-config-manager --disable <repoid>

4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:

yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: base/7/x86_64
------------------------------------------------------------------------
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.8.95 netmask 255.255.252.0 broadcast 192.168.11.255
inet6 fe80::20c:29ff:fe4e:58d9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4e:58:d9 txqueuelen 1000 (Ethernet)
RX packets 3498 bytes 356084 (347.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1525 bytes 212794 (207.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 22 bytes 2004 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22 bytes 2004 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
---------------------------------------------------------------------------

Steps taken so far :
1. Change to google DNS -->
2. Edited the CentOS-Base.repo file -->
3. Restarted network services -->

Literally I had search all over the place, till now i could not fix the issue.
Appreciate if someone come forward and help me to rectify this issue.

Iptables --policy (login Slow)

Dear all,

This is my current iptables (with default policy = Accept) and no rules.
Code:
[root@racnode1 ~]# iptables -L -v
Chain INPUT (policy ACCEPT 77072 packets, 7890K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 70306 packets, 129M bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@racnode1 ~]#

I have decided to allow only incoming network connection from my own subnet and hence

Code:
[root@racnode1 ~]# iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
[root@racnode1 ~]# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  178  9055 ACCEPT     all  --  any    any     192.168.0.0/24       anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 186 packets, 316K bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@racnode1 ~]#

Noted that my default policy is still ACCEPT, hence I

Code:
[root@racnode1 ~]# iptables --policy INPUT DROP

===============================================================

Upon this, I have 2 issues

a) my iptables -L -v command can't display fully, i am stuck at below

Quote:
[root@racnode1 ~]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
b) my ssh login is very slow

Quote:
login as: root
-- waited quite sometime before prompting me for password
===============================================================

If i removed revert the INPUT policy to ACCEPT, then everything will be fine as normal.

Why ?

Thanks and look forward to your advises.

Regards,
Noob ;(

Want To Get Fedora 17 Online.

I'm running VMWare for school. I need to get Fedora 17 to access the internet through the VM for just two assignments and then I can ignore the existence of Linux until I attempt the NOS120 class again. I have been able to get CentOS and every version of Windows online without an issue.

I've tried NAT, I've tried Bridged, I even pushed the Lan Segment, Host Only, and Custom radio buttons just for fun. I know the protocol here is to post a wiki link to a 500 page thread about the essence of the Linux experience. I even opened those and tried to follow along. Then I would try to do the same thing and nothing matched.

If anyone can tell me how to open Konsole on Centos that would be great as well. It might get me one step further. Also, if you guys ever try to work on your own cars and come to a forum that I frequent I promise not to tell you to read the Factory Service Manual instead of just telling you how to unscrew the oil cap. I promise. Especially if you have a Honda or Acura. I will even tell you all of the steps to reset your Maintenance indicator light.

Here is my ifconfig info:
eth0: flags=4099<UP,Broadcast,Multicast> mtu 1500
ether 00:0c:29:f7:d1:c8 txqueuelen 1000 (Ethernet)
RX
RX
TX
TX
device interrupt 19 base 0x2000

lo:flags=73<Up, Loopback, Running> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
look txquelen 0 (Local Loopback)
RX Packets 80 bytes 6744 (6.5 Kib)
RX erros 0
TX packets 80 bytes 6744
TX errors.

Iptables Tcp Flags Scripts

I was checking out this link:
http://www.k-state.edu/its/security/...pt_Handout.pdf


There's a line that says:
Code:
iptables -A Log-N-Drop -p tcp -m tcp --tcp-flags FIN,ACK FIN -j LOG --log-prefix "Denied FIN SCAN: "

This is part of the Log-N-Drop chain that is made up of several similar statements.

First of all, I'd like to know what's the difference between --tcp-flags FIN FIN and --tcp-flags FIN,ACK FIN?

Then, there's this:
Code:
iptables -A Log-N-Drop -p tcp -m tcp --tcp-flags ALL NONE -j DROP

Which says that all tcp packets form the Log-N-Drop chain that have NO tcp flags set should be dropped.

Of course, there's a bigger context there in the link, but I'd like to take it step by step. How should I interpret this last iptables line? Why should it be necessary? I guess, in this case, it should make sense to drop all packets that have no flags set, right, 'cause they would be invalid? Any valid tcp flag should have at least one flag set, or am I wrong?

The fuller the feedback, the better

What Is The Keepalived Iptables Port?

For CentOS6, I have installed keepalived on two machine. When I run "ip addr list eth2" it shows that the virtual is active on both servers. When I turn the firewall off, it works correctly and failover moves the correctly from one machine to another. What port do I need to open?

When I turn the firewall off, I get the correct eded output

[root@usivnprdldbuh003 ~]# ip addr list eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:19:b9:e9:4b:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.201.20/24 brd 192.168.201.255 scope global eth2
inet 192.168.201.10/32 brd 192.168.201.255 scope global eth2
inet6 fe80::219:b9ff:fee9:4bff/64 scope link
valid_lft forever preferred_lft forever
[root@usivnprdldbuh003 ~]#

[root@usivnprdldbuh004 ~]# ip addr list eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:19:b9:e8:f1:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.201.21/24 brd 192.168.201.255 scope global eth2
inet6 fe80::219:b9ff:fee8:f1c8/64 scope link
valid_lft forever preferred_lft forever
[root@usivnprdldbuh004 ~]#




And everything works. But if I turn on the firewall, I get exactly the same output for both
[root@usivnprdldbuh003 ~]# ip addr list eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:19:b9:e9:4b:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.201.20/24 brd 192.168.201.255 scope global eth2
inet 192.168.201.10/32 brd 192.168.201.255 scope global eth2
inet6 fe80::219:b9ff:fee9:4bff/64 scope link
valid_lft forever preferred_lft forever
[root@usivnprdldbuh003 ~]#

[root@usivnprdldbuh004 ~]# ip addr list eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:19:b9:e8:f1:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.201.21/24 brd 192.168.201.255 scope global eth2
inet 192.168.201.10/32 brd 192.168.201.255 scope global eth2
inet6 fe80::219:b9ff:fee8:f1c8/64 scope link
valid_lft forever preferred_lft forever
[root@usivnprdldbuh004 ~]#

What port does it use to validate the network device.

Linux Proxy Server Configuration

I am trying to set up a "Proxy Server" in Linux, without using Squid (Part of my project). However I have beginner's knowledge of iptables. I am using the following script from "http://www.aboutdebian.com/proxy.

#!/bin/sh
INTIF="eth1"
EXTIF="eth0"
EXTIP="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Question is there is no packet forwarding from eth1 to eth0 (verified from wireshark, a windows is using eth1's ip address as its default gateway)

Any help would be highly appreciated!