Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Block outbound port in Proxmox
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Block outbound port in Proxmox

Hi,

How can i block port 22 and 25 on proxmox??

I am using NAT to use port forward..... Some bad guys are using vps to scan port 22 or 3389 or something else....

http://prntscr.com/a7ec46. Check here.

Comments

  • why not change your sshd port and drop standard port altogether?

  • I dont ask about inbound. I need a help on outbound.

  • --connlimit didn't work?

  • century1stop said: --connlimit didn't work?

    What do you mean mate ?

  • Oh, do you understand block outbound port ?

  • not really, just limit and not block out altogether :D

  • @century1stop said:
    not really, just limit and not block out altogether :D

    Dear lord and you're running a VPS business.

  • This whole thread is scary .....

  • hawchawc Moderator, LIR

    Dear lord. I worry about some people in this thread. Meant to be selling vps, but have to ask questions like this, as well as send silly answers. Even if you change the ssh port, it's not hard to find the new one.

  • Post your interfaces file.

  • I did it already, thank you all.

  • century1stopcentury1stop Member
    edited February 2016

    oh dear lord,.............. ahahahahaha

  • norival1992norival1992 Member
    edited March 2016

    auto vmbr1

    iface vmbr1 inet static

    address 192.168.0.1

    netmask 255.255.255.0

    bridge_ports none

    bridge_stp off

    bridge_fd 0

    post-up echo 2 > /proc/sys/net/ipv4/ip_forward

    post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

    post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE

    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1110 -j DNAT --to 192.168.0.2:3389

    post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1110 -j DNAT --to 192.168.0.2:3389


    post-up iptables -A OUTPUT -p tcp --dport 22 -j DROP

    post-down iptables -A OUTPUT -p tcp --dport 22 -j DROP

    #post-up iptables -A OUTPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT

    #post-down iptables -D OUTPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT

    post-up iptables -A OUTPUT -p tcp --dport 25 -j DROP

    post-down iptables -D OUTPUT -p tcp --dport 25 -j DROP

    post-up iptables -A OUTPUT -p tcp --dport 2525 -j DROP

    post-down iptables -D OUTPUT -p tcp --dport 2525 -j DROP

    post-up iptables -A OUTPUT -p tcp --dport 465 -j DROP

    post-down iptables -D OUTPUT -p tcp --dport 465 -j DROP

    post-up iptables -A OUTPUT -p tcp --dport 587 -j DROP

    post-down iptables -D OUTPUT -p tcp --dport 587 -j DROP

    Here is, my setting. And now, it isnt working anymore :(

  • /sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 25

    Add lines with the ports you want to block

  • norival1992norival1992 Member
    edited March 2016

    @jvnadr said:
    /sbin/iptables -A FORWARD -j DROP -p tcp --destination-port 25

    Add lines with the ports you want to block

    it is working, if i want to open for 192.168.0.2 to use it, how can i do it?

Sign In or Register to comment.