Questions tagged [firewall]

Software that controls what connections can be made to and from a network.

Filter by
Sorted by
Tagged with
0 votes
0 answers
23 views

Add a IP to another rule matching hex in iptables linux

iptables -t raw -A PREROUTING -p udp --dport 4578 -m string --hex-string '|fefffffffffffffffff77f12|' How can I whitelist the IP having the above hexx string automatically on Iptables. I'll be ...
user avatar
0 votes
1 answer
32 views

Port forwarding and IPv6

I have a basic small server that I run on my own computer, which I can access like this: localhost:3000 However I would also like to access the server from outside my home, for example using my phone ...
user avatar
  • 9,584
0 votes
0 answers
21 views

UDP packets dropped with `ctstate=INVALID`, but meanwhile its connection `[ASSURED]` in conntrack list

I have my router connecting to a remote VPS as so-called 'VPN' that is based on UDP protocol, then the VPS traffic slows down in few seconds after a new reboot. I can see a huge amount of incoming ...
user avatar
  • 1
1 vote
2 answers
20 views

Nftables firewall rule hex value 0x1fff changed to decimal 8191

I started the process of migrating into nftables, just noticed that while I add this rule add rule netdev filter INGRESS ip frag-off & 0x1fff != 0 counter drop should look like this in nftables....
user avatar
  • 13
0 votes
1 answer
18 views

iptables firewall whitelisting limit

We have a distributed system with many clients connecting to this system. We want the server to be isolated so that only client machines can connect. We are using IPTables as follow: /sbin/iptables -A ...
user avatar
0 votes
1 answer
14 views

allow firewall after first time disallow

I'm using win10 with UAC enabled, typically this is my working laptop so cannot disable UAC. When download a exe or jar, try to execute it, sometimes windows firewall will prompt whether allow or not ...
user avatar
  • 101
0 votes
1 answer
66 views

Relay TCP upload traffic and make download traffic go directly to the client

This is a supplement for iptables SNAT for UDP rule is only applied to some traffic In fact, I have three machines: the client the target server the relay server What's my motivation for doing this? ...
user avatar
  • 13
0 votes
1 answer
55 views

iptables SNAT for UDP rule is only applied to some traffic

I want to use Source NAT to change the local IP address of UDP traffic. However, only locally-generated traffic has the NAT rule applied, replies to traffic generated from remote sources do not have ...
user avatar
  • 13
0 votes
0 answers
29 views

How do I remotely connect to my home network which is behind a firewall that is connected to a VPN provider?

I apologize if this is a duplicate question, feel free to direct me to an existing answer. I don't know the terminology so I don't think I recognize the answer if it's out there. I'd like to be able ...
user avatar
0 votes
1 answer
13 views

How can I check if firewall is blocking ping from machine belonging to a specific subnet on Linux CentOS7?

I am not a system engineer (I am a software developer) and I have the following problem. I have this Linux CentOS 7 server. A collegue told me that he can't ping this server from some specific machine ...
user avatar
  • 6,519
0 votes
1 answer
17 views

How do you configure firewall to map ports outside to a device inside lan?

Using TPLink omada sdn controller, I wanna map remote desktop connection 3389 on my home computer (uses a fixed IP address) to port 4000 on the WAN interface... Cant seem to figure out how to do this
user avatar
  • 274
0 votes
1 answer
39 views

Enable access to host service with ubuntu firewall from docker container

I have a service running on a host at port 8545. I have several docker containers which need access to this service on the host. The host is running ubuntu. I've successfully configured extra_hosts: - ...
user avatar
2 votes
2 answers
50 views

Bridge-Mode to prevent double NAT/Firewall advantages?

In my network I currently have a cable connection with an ISP provided (consumer grade) modem/router combo device. Behind this modem there is a pfSense box. The pfSense box is acting as firewall and ...
user avatar
  • 123
-1 votes
2 answers
37 views

What is the correct term for "secondary IP addresses" handled by a firewall's primary interface?

I have an aging and now-unsupported "ProSAFE" VPN firewall running defense around a /28 block of public IP addresses leased to us by our datacenter. Our WAN drop is a single ethernet cable. ...
user avatar
1 vote
1 answer
37 views

Allowing ICMP (ping) incoming packets in Windows 11 firewall

I noticed Windows 11 doesn't let ICMP packets through by default. The network needs to be assigned to a non public network and the appropriate firewall rules have to be activated. I found the ...
user avatar
  • 7,384
0 votes
0 answers
13 views

Using host & iptables as bastion before mongoDB

I am trying to setup a config on a "bastion/NAT" host. I have 2 mongoDB host, which are behind firewall, my bastion and a set of clients. my bastion has main IP: 10.198.24.10 and 2 aliases: ...
user avatar
0 votes
0 answers
42 views

OPNsense system to replace Router

I'm planning on building a system to replace my current router and want to use OPNsense. This will work right? Ask because it says firewall on website but also routing, so must be a router. Hardware: ...
user avatar
  • 1
0 votes
0 answers
23 views

How do I filter inbound/outbound traffic based on words?

I need to filter some outbound requests to certain sites based on the request headers and post data. I might be interested in filtering inbound packets as well. They are in plain text (ie not https). ...
user avatar
  • 826
2 votes
2 answers
265 views

How do you properly allow two devices on separate subnets to communicate (PFSense)?

I'm trying to figure out how to get 192.168.0.22 to properly ping/be able to transfer files with 192.168.77.10. Firstly, is this a dumb setup? I'm mainly using it right now just for educational ...
user avatar
0 votes
1 answer
32 views

Command Prompt to Enable ports in Windows Firewall

I was experimenting and was not able to find an way to enable rules/ports under Inbound Rules in Windows Firewall. Every thing I've tried so far only shows or creates something new such as this netsh ...
user avatar
0 votes
1 answer
47 views

How can Windows Firewall be used to further increase security in Windows 10, would it be by blocking particular ports?

How can Windows Firewall be used beyond it being turned on, to increase security of a Windows 10 Home PC, would it be best to use the firewall to block these ports? I would like it to be as secure as ...
user avatar
  • 11
0 votes
0 answers
96 views

Mikrotik setup firewall rules for NAT

I read through similar questions here but I did not find the right answer. I've just bought a Mikrotik hap ac2 router to learn its configuration, and tried to set up NAT. It seems to be working ...
user avatar
  • 1
0 votes
0 answers
20 views

ACL for web browsing only

I have a TP-Link ER605 connected to my Comcast Business router. The firewall on the Comcast router is set up and working fine. Unfortunately, the TP-Link's ACL is either missing something or ...
user avatar
0 votes
1 answer
23 views

Linux firewall policies not working as expected when connecting two VPNs

I have to VPNs joint together with an route: ip route add 10.6.0.0/24 via 10.6.1.2 All Servers on both networks are able to ping each other. However I cannot connect to a service from the client 10.6....
user avatar
  • 113
1 vote
1 answer
47 views

How do I make a stateful bridge filewall with nftables?

The nftables wiki has an example, but it doesn't seem to work for me. The page says that it should work since kernel 5.3, but it says "protocol error" when I try the exact commands from the ...
user avatar
  • 507
0 votes
0 answers
24 views

BAD request for iptables captive portal

I have setup a Access Point and want to redirect HTTP to my webserver before they can access the internet. i have already put in some iptables rules which look like this # Generated by iptables-save ...
user avatar
1 vote
0 answers
52 views

Port Triggering (Forwarding) Enabled by Default on ISP Router

I was going through the settings on my grandma's router, which was installed by the ISP some years ago, and noticed something called Port Triggering. After doing some research, found that it's ...
user avatar
0 votes
0 answers
49 views

Can't telnet 9100 on 2 windows servers on same network

I have 2 servers A and B on same subnet. Both can't telnet each other on 9100 Connecting To (Server IP) ...Could not open connection to the host, on port 9100: Connect failed Both are 2012 R2 Both ...
user avatar
  • 1
0 votes
1 answer
58 views

Linux IPTables-Based Reverse Proxy

I have 2 Public IPs on a VPS and a residential network connection: VPS = 55.55.55.55 Residential = 66.66.66.66 The VPS all this is done on is a Debian 11 system with minimal changes. I would like to ...
user avatar
0 votes
0 answers
10 views

policyid=18 What does this depics in Fortinet Logs

I am monitoring logs for Fortinet. Inside the RAW format it shows policyid=18. What does the policyid=18 states in Fortinet Firewall?
user avatar
  • 101
0 votes
0 answers
24 views

I am switching over to windows for an assignment and was wondering how to set up ip masquerading

iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE what would the equivalent/similar command to get internet from one interface and route it to another pc
user avatar
  • 1
0 votes
1 answer
57 views

Can not access ubuntu server with SSH after resetting firewall

I'm desperate at the moment, but I will try to be as clear as possible. I use Putty to access a server with Ubuntu installed on it, I wanted to make the firewall allow the access only to some IP. I ...
user avatar
0 votes
0 answers
28 views

using pfsense and Netgate 2100 max: can I prevent uploading files to the internet/browser?

Using pfsense and Netgate 2100 Max, I want to prevent upload files to the browser of course I still want users to be able to search and browser in teh internet, can I do that? is there any manual/...
user avatar
  • 101
0 votes
0 answers
27 views

iptables router, routing internal server traffic via public server

I've thrown myself in the deep-end here and it has taken me sometime to firstly become somewhat familiar with my working pfsense firewall installation [I've completed a number over a few months, ...
user avatar
0 votes
0 answers
48 views

PC and phone on the same network can't ping eachother

I have a Windows 10 PC and a phone connected to the same router. Neither the PC nor the phone can ping eachother. So it says Reply from 192.168.1.3: Destination host unreachable. I have a WAMP HTTP ...
user avatar
  • 479
0 votes
1 answer
49 views

How to SSH between two servers behind firewalls (without a 3rd party server)

There are many posts on this topic and SSH Tunnelling however, some come close to meeting this requirement, missing out a step or two and others are difficult to follow because of unclear terms. This ...
user avatar
  • 101
0 votes
1 answer
118 views

OpenWRT, forward all incoming ipv6 WAN traffic for router’s WAN IP on port 3000 to one PC on LAN with a local ipv6 address

I need help with OpenWRT. I want to forward all incoming ipv6 WAN traffic destined for router's WAN IP on port 3000 to one PC on LAN with local ipv6 address. I have tried Firewall - Zone Settings =>...
user avatar
  • 3
0 votes
0 answers
17 views

Block outgoing connection from server to Internet, but enable specific TCP port access from outside

I am using Mikrotik RouterOS on a Mikrotik router. There is a server in my network from which every outgoing connection using every protocol should be disabled. I achieved this with a following rule: /...
user avatar
  • 720
0 votes
0 answers
29 views

We want to restrict access to our cloud software based on physical sites (homes of staff + our offices) But the IP at these sites don't have static ip

The IPs that are assigned by ISP for staff working from home is dynamic and can change. But we do want to restrict access so that https requests coming from fixed locations like homes of staff and ...
user avatar
1 vote
1 answer
59 views

Enable ping in Windows Server for specific IP addresses only?

This question was solved by a user saying how to enable ping but in a general way - For everybody. Command showed here is: netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo ...
user avatar
0 votes
0 answers
38 views

A particularly stubborn case of "0x80070035 Network path not found"

I too must hang down my head in shame and admit defeat in the face of the "0x80070035 Network path not found"... the one from most of these 63 related posts... So, I have a LAN segment with ...
user avatar
  • 7,240
0 votes
2 answers
33 views

Why do some apps need to be explicitly allowed on a firewall and others not?

This has been so with both the Windows firewall and with UFW; hence, the general form of this question. Why is it that some apps, e.g., web browsers, don't need to be explicitly allowed on (at least ...
user avatar
0 votes
1 answer
23 views

open network access to virtualbox guest from host only

I have built a Debian virtual machine running in VirtualBox on a Linux Mint host. I am confused about the choices for networking configuration. I wish to achieve the following behavior: Resolve host ...
user avatar
  • 152
1 vote
1 answer
29 views

A particular port on my home raspberry pi results closed if connecting from external wifi, open when using my phone data, any explanation/workaround?

I have a raspberry pi at home and I have a small djangorest application running on it, very simple stuff for my personal use. Today I wanted to access my pi from the library (using their public wifi, ...
user avatar
  • 11
0 votes
1 answer
74 views

Allow 1 specific IP in block outbound traffic in windows firewall via powershell

I want to allow 1 specific IP in windows firewall via windows power Shell. I did block all the traffic via following power shell rule New-netfirewall -Direction outbound -Action block I did allowed ...
user avatar
0 votes
0 answers
19 views

RouterOS is constantly requesting DNS names that are in a firewall lists

There is a network device for which RouterOS blocks internet access from 20:00 till 09:00. There are some exceptions that should work no matter whether internet access is blocked or not. These ...
user avatar
  • 720
0 votes
1 answer
70 views

ip6tables - create a set of IPv6 address to block

I'm using ipset for containing and matching a sets of IPv4 and it works great! I tried to do the same with IPv6 addresses and ran with errors. I have a IPv6.cidr file that contains IPv6 addresses and ...
user avatar
  • 3
0 votes
0 answers
92 views

Discord bypasses hosts file, Windows firewall and Router firewall rules to download Tenor gifs

I would like to prevent Tenor gif reactions from showing on Discord. Discord offering no way of doing that locally, I attempted to completely block all traffic to and from tenor.com and tenor.co. All ...
user avatar
0 votes
0 answers
247 views

No Internet through OPNsense (even though WAN is borderline Configured)

I am running opnsense and getting into the web interface. So far so good. I can't get through to setup WAN properly. I have a modem in bridge mode and a router behind that acts as dhcp. I setup WAN on ...
user avatar
0 votes
1 answer
33 views

How to create an outbound rule for a program via the command line?

I have several programs that I'd like to block from accessing the Internet. A manual (i.e. point-and-click) solution is described here. Is there a way to do it via the command line on Windows 10? ...
user avatar
  • 117

1
2 3 4 5
47