Questions tagged [firewall]
Software that controls what connections can be made to and from a network.
2,321
questions
0
votes
0
answers
23
views
Add a IP to another rule matching hex in iptables linux
iptables -t raw -A PREROUTING -p udp --dport 4578 -m string --hex-string '|fefffffffffffffffff77f12|'
How can I whitelist the IP having the above hexx string automatically on Iptables.
I'll be ...
0
votes
1
answer
32
views
Port forwarding and IPv6
I have a basic small server that I run on my own computer, which I can access
like this:
localhost:3000
However I would also like to access the server from outside my home, for example
using my phone ...
- 9,584
0
votes
0
answers
21
views
UDP packets dropped with `ctstate=INVALID`, but meanwhile its connection `[ASSURED]` in conntrack list
I have my router connecting to a remote VPS as so-called 'VPN' that is based on UDP protocol, then the VPS traffic slows down in few seconds after a new reboot.
I can see a huge amount of incoming ...
- 1
1
vote
2
answers
20
views
Nftables firewall rule hex value 0x1fff changed to decimal 8191
I started the process of migrating into nftables, just noticed that while I add this rule
add rule netdev filter INGRESS ip frag-off & 0x1fff != 0 counter drop
should look like this in nftables....
- 13
0
votes
1
answer
18
views
iptables firewall whitelisting limit
We have a distributed system with many clients connecting to this system.
We want the server to be isolated so that only client machines can connect.
We are using IPTables as follow:
/sbin/iptables -A ...
- 1
0
votes
1
answer
14
views
allow firewall after first time disallow
I'm using win10 with UAC enabled, typically this is my working laptop so cannot disable UAC.
When download a exe or jar, try to execute it, sometimes windows firewall will prompt whether allow or not ...
- 101
0
votes
1
answer
66
views
Relay TCP upload traffic and make download traffic go directly to the client
This is a supplement for iptables SNAT for UDP rule is only applied to some traffic
In fact, I have three machines:
the client
the target server
the relay server
What's my motivation for doing this?
...
- 13
0
votes
1
answer
55
views
iptables SNAT for UDP rule is only applied to some traffic
I want to use Source NAT to change the local IP address of UDP traffic. However, only locally-generated traffic has the NAT rule applied, replies to traffic generated from remote sources do not have ...
- 13
0
votes
0
answers
29
views
How do I remotely connect to my home network which is behind a firewall that is connected to a VPN provider?
I apologize if this is a duplicate question, feel free to direct me to an existing answer. I don't know the terminology so I don't think I recognize the answer if it's out there.
I'd like to be able ...
0
votes
1
answer
13
views
How can I check if firewall is blocking ping from machine belonging to a specific subnet on Linux CentOS7?
I am not a system engineer (I am a software developer) and I have the following problem.
I have this Linux CentOS 7 server. A collegue told me that he can't ping this server from some specific machine ...
- 6,519
0
votes
1
answer
17
views
How do you configure firewall to map ports outside to a device inside lan?
Using TPLink omada sdn controller, I wanna map remote desktop connection 3389 on my home computer (uses a fixed IP address) to port 4000 on the WAN interface...
Cant seem to figure out how to do this
- 274
0
votes
1
answer
39
views
Enable access to host service with ubuntu firewall from docker container
I have a service running on a host at port 8545. I have several docker containers which need access to this service on the host. The host is running ubuntu. I've successfully configured
extra_hosts:
- ...
2
votes
2
answers
50
views
Bridge-Mode to prevent double NAT/Firewall advantages?
In my network I currently have a cable connection with an ISP provided (consumer grade) modem/router combo device. Behind this modem there is a pfSense box. The pfSense box is acting as firewall and ...
- 123
-1
votes
2
answers
37
views
What is the correct term for "secondary IP addresses" handled by a firewall's primary interface?
I have an aging and now-unsupported "ProSAFE" VPN firewall running defense around a /28 block of public IP addresses leased to us by our datacenter. Our WAN drop is a single ethernet cable. ...
1
vote
1
answer
37
views
Allowing ICMP (ping) incoming packets in Windows 11 firewall
I noticed Windows 11 doesn't let ICMP packets through by default. The network needs to be assigned to a non public network and the appropriate firewall rules have to be activated. I found the ...
- 7,384
0
votes
0
answers
13
views
Using host & iptables as bastion before mongoDB
I am trying to setup a config on a "bastion/NAT" host.
I have 2 mongoDB host, which are behind firewall, my bastion and a set of clients.
my bastion has main IP: 10.198.24.10 and 2 aliases: ...
0
votes
0
answers
42
views
OPNsense system to replace Router
I'm planning on building a system to replace my current router and want to use OPNsense. This will work right? Ask because it says firewall on website but also routing, so must be a router.
Hardware:
...
- 1
0
votes
0
answers
23
views
How do I filter inbound/outbound traffic based on words?
I need to filter some outbound requests to certain sites based on the request headers and post data. I might be interested in filtering inbound packets as well.
They are in plain text (ie not https).
...
- 826
2
votes
2
answers
265
views
How do you properly allow two devices on separate subnets to communicate (PFSense)?
I'm trying to figure out how to get 192.168.0.22 to properly ping/be able to transfer files with 192.168.77.10. Firstly, is this a dumb setup? I'm mainly using it right now just for educational ...
- 43
0
votes
1
answer
32
views
Command Prompt to Enable ports in Windows Firewall
I was experimenting and was not able to find an way to enable rules/ports under Inbound Rules in Windows Firewall.
Every thing I've tried so far only shows or creates something new such as this
netsh ...
0
votes
1
answer
47
views
How can Windows Firewall be used to further increase security in Windows 10, would it be by blocking particular ports?
How can Windows Firewall be used beyond it being turned on, to increase security of a Windows 10 Home PC, would it be best to use the firewall to block these ports?
I would like it to be as secure as ...
- 11
0
votes
0
answers
96
views
Mikrotik setup firewall rules for NAT
I read through similar questions here but I did not find the right answer.
I've just bought a Mikrotik hap ac2 router to learn its configuration, and tried to set up NAT. It seems to be working ...
- 1
0
votes
0
answers
20
views
ACL for web browsing only
I have a TP-Link ER605 connected to my Comcast Business router. The firewall on the Comcast router is set up and working fine. Unfortunately, the TP-Link's ACL is either missing something or ...
- 101
0
votes
1
answer
23
views
Linux firewall policies not working as expected when connecting two VPNs
I have to VPNs joint together with an route:
ip route add 10.6.0.0/24 via 10.6.1.2
All Servers on both networks are able to ping each other. However I cannot connect to a service from the client 10.6....
- 113
1
vote
1
answer
47
views
How do I make a stateful bridge filewall with nftables?
The nftables wiki has an example, but it doesn't seem to work for me.
The page says that it should work since kernel 5.3, but it says "protocol error" when I try the exact commands from the ...
- 507
0
votes
0
answers
24
views
BAD request for iptables captive portal
I have setup a Access Point and want to redirect HTTP to my webserver before they can access the internet.
i have already put in some iptables rules which look like this
# Generated by iptables-save ...
1
vote
0
answers
52
views
Port Triggering (Forwarding) Enabled by Default on ISP Router
I was going through the settings on my grandma's router, which was installed by the ISP some years ago, and noticed something called Port Triggering. After doing some research, found that it's ...
0
votes
0
answers
49
views
Can't telnet 9100 on 2 windows servers on same network
I have 2 servers A and B on same subnet. Both can't telnet each other on 9100
Connecting To (Server IP) ...Could not open connection to the host, on port 9100: Connect failed
Both are 2012 R2
Both ...
- 1
0
votes
1
answer
58
views
Linux IPTables-Based Reverse Proxy
I have 2 Public IPs on a VPS and a residential network connection:
VPS = 55.55.55.55
Residential = 66.66.66.66
The VPS all this is done on is a Debian 11 system with minimal changes.
I would like to ...
0
votes
0
answers
10
views
policyid=18 What does this depics in Fortinet Logs
I am monitoring logs for Fortinet. Inside the RAW format it shows policyid=18. What does the policyid=18 states in Fortinet Firewall?
- 101
0
votes
0
answers
24
views
I am switching over to windows for an assignment and was wondering how to set up ip masquerading
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
what would the equivalent/similar command to get internet from one interface and route it to another pc
- 1
0
votes
1
answer
57
views
Can not access ubuntu server with SSH after resetting firewall
I'm desperate at the moment, but I will try to be as clear as possible.
I use Putty to access a server with Ubuntu installed on it, I wanted to make the firewall allow the access only to some IP. I ...
- 1
0
votes
0
answers
28
views
using pfsense and Netgate 2100 max: can I prevent uploading files to the internet/browser?
Using pfsense and Netgate 2100 Max, I want to prevent upload files to the browser of course I still want users to be able to search and browser in teh internet, can I do that? is there any manual/...
- 101
0
votes
0
answers
27
views
iptables router, routing internal server traffic via public server
I've thrown myself in the deep-end here and it has taken me sometime to firstly become somewhat familiar with my working pfsense firewall installation [I've completed a number over a few months, ...
0
votes
0
answers
48
views
PC and phone on the same network can't ping eachother
I have a Windows 10 PC and a phone connected to the same router. Neither the PC nor the phone can ping eachother. So it says Reply from 192.168.1.3: Destination host unreachable. I have a WAMP HTTP ...
- 479
0
votes
1
answer
49
views
How to SSH between two servers behind firewalls (without a 3rd party server)
There are many posts on this topic and SSH Tunnelling however, some come close to meeting this requirement, missing out a step or two and others are difficult to follow because of unclear terms. This ...
- 101
0
votes
1
answer
118
views
OpenWRT, forward all incoming ipv6 WAN traffic for router’s WAN IP on port 3000 to one PC on LAN with a local ipv6 address
I need help with OpenWRT. I want to forward all incoming ipv6 WAN traffic destined for router's WAN IP on port 3000 to one PC on LAN with local ipv6 address.
I have tried
Firewall - Zone Settings =>...
- 3
0
votes
0
answers
17
views
Block outgoing connection from server to Internet, but enable specific TCP port access from outside
I am using Mikrotik RouterOS on a Mikrotik router.
There is a server in my network from which every outgoing connection using every protocol should be disabled. I achieved this with a following rule:
/...
- 720
0
votes
0
answers
29
views
We want to restrict access to our cloud software based on physical sites (homes of staff + our offices) But the IP at these sites don't have static ip
The IPs that are assigned by ISP for staff working from home is dynamic and can change. But we do want to restrict access so that https requests coming from fixed locations like homes of staff and ...
1
vote
1
answer
59
views
Enable ping in Windows Server for specific IP addresses only?
This question was solved by a user saying how to enable ping but in a general way - For everybody.
Command showed here is:
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo ...
- 137
0
votes
0
answers
38
views
A particularly stubborn case of "0x80070035 Network path not found"
I too must hang down my head in shame and admit defeat in the face of the "0x80070035 Network path not found"... the one from most of these 63 related posts...
So, I have a LAN segment with ...
- 7,240
0
votes
2
answers
33
views
Why do some apps need to be explicitly allowed on a firewall and others not?
This has been so with both the Windows firewall and with UFW; hence, the general form of this question.
Why is it that some apps, e.g., web browsers, don't need to be explicitly allowed on (at least ...
- 123
0
votes
1
answer
23
views
open network access to virtualbox guest from host only
I have built a Debian virtual machine running in VirtualBox on a Linux Mint host.
I am confused about the choices for networking configuration.
I wish to achieve the following behavior:
Resolve host ...
- 152
1
vote
1
answer
29
views
A particular port on my home raspberry pi results closed if connecting from external wifi, open when using my phone data, any explanation/workaround?
I have a raspberry pi at home and I have a small djangorest application running on it, very simple stuff for my personal use.
Today I wanted to access my pi from the library (using their public wifi, ...
- 11
0
votes
1
answer
74
views
Allow 1 specific IP in block outbound traffic in windows firewall via powershell
I want to allow 1 specific IP in windows firewall via windows power Shell. I did block all the traffic via following power shell rule
New-netfirewall -Direction outbound -Action block
I did allowed ...
0
votes
0
answers
19
views
RouterOS is constantly requesting DNS names that are in a firewall lists
There is a network device for which RouterOS blocks internet access from 20:00 till 09:00.
There are some exceptions that should work no matter whether internet access is blocked or not.
These ...
- 720
0
votes
1
answer
70
views
ip6tables - create a set of IPv6 address to block
I'm using ipset for containing and matching a sets of IPv4 and it works great!
I tried to do the same with IPv6 addresses and ran with errors.
I have a IPv6.cidr file that contains IPv6 addresses and ...
- 3
0
votes
0
answers
92
views
Discord bypasses hosts file, Windows firewall and Router firewall rules to download Tenor gifs
I would like to prevent Tenor gif reactions from showing on Discord.
Discord offering no way of doing that locally, I attempted to completely block all traffic to and from tenor.com and tenor.co. All ...
- 11
0
votes
0
answers
247
views
No Internet through OPNsense (even though WAN is borderline Configured)
I am running opnsense and getting into the web interface.
So far so good.
I can't get through to setup WAN properly.
I have a modem in bridge mode and a router behind that acts as dhcp.
I setup WAN on ...
- 11
0
votes
1
answer
33
views
How to create an outbound rule for a program via the command line?
I have several programs that I'd like to block from accessing the Internet. A manual (i.e. point-and-click) solution is described here.
Is there a way to do it via the command line on Windows 10?
...
- 117