Tagged Questions
iptables allow creation of rules to define packet filtering behavior.
3
votes
1answer
30 views
Difference between SNAT and Masquerade
I am confused what's the actual difference between SNAT and Masquerade?
If I want to share my internet connection on local network than whether should I select SNAT or Masquerade?
Give me some ...
2
votes
2answers
35 views
How to restrict internet access for a particular user on the lan using iptables in Linux
Let's say there are two users on the LAN, A and B. How do I restrict user A from internet access using iptables rules and saving the rules so that after reboot, they are still effective. And suppose I ...
1
vote
1answer
41 views
iptables and transparent proxies
I have set up a local, transparent TCP proxy on localhost. I want to redirect ALL TCP traffic to this proxy, so it can handle it and nothing "leaks out" circumventing the proxy. I need to use iptables ...
4
votes
1answer
53 views
Output traffic on different interfaces based on destination port
My question is basically the same as Only allow certain outbound traffic on certain interfaces.
I have two interfaces eth1 (10.0.0.2) and wlan0 (192.168.0.2).
My default route is for eth1.
Let's say ...
2
votes
1answer
45 views
Why should the ECN on your machine be disabled?
I was going through this article on iptables and there the author said that:
It's important to turn off ECN (explicit congestion notification) so
that Internet communications will work ...
-1
votes
1answer
39 views
What is sport and dport?
I want to stop internet on my system using iptables so what should I do?
iptables -A INPUT -p tcp --sport 80 -j DROP
or
iptables -A INPUT -p tcp --dport 80 -j DROP ?
2
votes
1answer
32 views
iptables rule to allow access to internet
I made default policy of my machine-
iptables -A INPUT -j REJECT #DROP ALL PACKETS TO INPUT CHANNEL
INPUT channel has been blocked. Now I want to allow only some specific services like I should be ...
5
votes
4answers
112 views
How can I send spoofed packets in Linux
In order to test a firewall, I want to send malformed packets to its interface, regardless of my routing table.
Is there a way to ask linux "send this exact tcp package, to this MAC address, ...
2
votes
0answers
61 views
Why are packets not moving forward?
I have a server with forwarding turned on. I placed an iptables LOG target in the PREROUTING, INPUT, and FORWARD chains of the mangle table. I can see the LOG messages from PREROUTING, but not INPUT ...
3
votes
4answers
67 views
Set some firewall ports to only accept local network connections?
Basic firewall question:
How do I set up the firewall on a system in a LAN so that some ports are only open to connections from the local area network, and not from the outside world?
For instance, ...
1
vote
0answers
45 views
OpenSUSE - disable SuSEFirewall2 in favour of regular ip(6)tables-save
So, the basic gist of what I want to do is throw away SuSEFirewall2 in favour of plain old iptables-save and restore... the devil of course is in the details; something a bit more elegant than a ...
2
votes
1answer
73 views
Why does iptables still block my samba?
I'm currently fighting with iptables and samba.
I read that samba needs ports 137-139 and 445 open on both tcp and udp.
Here is the relevant part of my iptables config
...
# forward valid incoming ...
1
vote
2answers
73 views
use iptables to allow incoming connections to some computer on port XYZ?
This is what I have: iptables -i em1 -A INPUT -j ACCEPT -p tcp --dport 9001 -v. If I want to accept incoming connections on port 9001 at this (127.0.0.1, or on the network 192.168.1.143) address, ...
3
votes
4answers
233 views
How to share the internet connection?
An ordinally network topology in picture:
In words:
- "server" (e.g.: an Ubuntu 10.04 LTS) is connected to the "internet" through pppoe connection
- "server" is using it's wireless card in AP ...
1
vote
1answer
202 views
How to redirect kernel messages having the unique id substring into separate log file (using `rsyslog`)?
I am using iptables's logging feature to debug my network activity. I use certain prefix with --log-prefix parameter to uniquely identify messages in kernel log belonging to iptables output, for ...
