Aug 8, 2010 I have noticed some posts need updating. I will be adding new posts for new software versions and moving old posts to a archive. If something on here is incorrect or needs updating sign up and leave me post or use our simple contact form on the right!
IPtables, SSH, Ubuntu Securty, etc..
No Comments 
Jul 1, 2010
Apr 20, 2010 #—————————————————————
# Initialize all the chains by removing all the rules
# tied to them
#—————————————————————
iptables –flush
iptables -t nat –flush
iptables -t mangle –flush
#—————————————————————
# The loopback interface should accept all traffic
# Necessary for X-Windows and other socket based services
#—————————————————————
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#—————————————————————
# Allow outbound DNS queries from the FW and the replies too
#
# – Interface eth0 is the internet interface
#
# Zone transfers use TCP and not UDP. Most home networks
# websites using a single DNS server won’t require TCP statements
#
#—————————————————————
iptables -A OUTPUT -p udp -o eth0 –dport 53 –sport 1024:65535 \
-j ACCEPT
iptables -A INPUT -p udp -i eth0 –sport 53 –dport 1024:65535 \
-j ACCEPT
#—————————————————————
# Allow previously established connections
# – Interface eth0 is the internet interface
#—————————————————————
iptables -A OUTPUT -o eth0 -m state –state ESTABLISHED,RELATED \
-j ACCEPT
#—————————————————————
# Allow port 80 (www) and 22 (SSH) connections to the firewall
#—————————————————————
iptables -A INPUT -p tcp -i eth0 –dport 22 –sport 1024:65535 \
-m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp -i eth0 –dport 80 –sport 1024:65535 \
-m state –state NEW -j ACCEPT
#—————————————————————
# Allow port 80 (www) and 443 (https) connections from the firewall
#—————————————————————
iptables -A OUTPUT -j ACCEPT -m state \
–state NEW,ESTABLISHED,RELATED -o eth0 -p tcp \
-m multiport –dport 80,443 -m multiport –sport 1024:65535
#—————————————————————
# Allow previously established connections
# – Interface eth0 is the internet interface
#—————————————————————
iptables -A INPUT -j ACCEPT -m state –state ESTABLISHED,RELATED \
-i eth0 -p tcp
#—————————————————————
# If a packet doesn’t match one of the built in chains, then
# The policy should be to drop it
#—————————————————————
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
Apr 9, 2010 I had a problem where I could not get networking on my virtual machines within vmware to work. I could ping 127.0.0.1, my router 192.168.1.1, but nothing on the itnternet.
After doing some research on the issue, alot of people say use “bridge mode” use “nat” configure it and use “host only” Nothing would work for me…..I did some research:
I am using ShrewSoft VPN. For some weird reason the Shrew DNS Filter services makes VM’s networking misbehave. if you disable the services in MMC>services…..Ta-Da it works.
Keep in mind this will stop you form looking up dns over your VPN……so use your hosts file or figure out another way to make dns work.
questions or answers let me know.
Feb 11, 2010 Two Simple Steps for updating ubuntu form within the shell:
sudo apt-get update
sudo apt-get upgrade
Video Walkthrough Below:
Home
Subscribe
