iptables allow creation of rules to define packet filtering behavior.
2
votes
0answers
12 views
IPTables dropping UDP packet stream
I have a configuration where UDP packets containing encapsulated DNS data are sent to a KVM instance for processing. The KVM instance sits behind an IPtables firewall which is also doing NAT. The ...
3
votes
1answer
28 views
IPtables : Limit number of new ssh connections per minute
I need to ensure on my server that maximum new ssh connections per minute are not more then 5.
sudo /sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT
Above ...
3
votes
2answers
38 views
Help configuring a custom log file for iptables
I'm trying to log dropped packages to a custom file instead of /var/log/messages.
To achieve this, I have added these two lines at the end of my configuration file:
-A INPUT -m limit --limit ...
1
vote
1answer
29 views
Why iptables does not fetch information from /etc/sysconfig/iptables on centOs?
I'm new in Linux and encountered with problem with iptables.
Here is content of /etc/sysconfig/iptables file
# Generated by iptables-save v1.4.7 on Tue Nov 27 21:41:04 2012
*filter
:INPUT ACCEPT ...
1
vote
2answers
29 views
Saving iptables on CentOS, and merging the previous rules with the newly saved ones?
I added some new rules using iptables command, then saved them using /sbin/service iptables save as described here:
http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-iptables-saving.html
After ...
1
vote
0answers
11 views
SNAT with network alias IP RHEL 5.5
I have Rehat Enterprise Linux Server Release 5.5(Tikanga) with two interfaces as below
eth0: with public IP as xxx.xx.64.118
eth0:0: with public IP as xxx.xx.116.19
eth1: with private IP as ...
2
votes
1answer
68 views
Set up firwall with iptables to only allow VPN
Im using IPredator VPN with openVPN and I want to make sure that if the connection is dropped, i wont submit data from the internet without the VPN. I heard that I could do that with iptables and a ...
1
vote
1answer
23 views
IPTABLES chain need help for restriction
I have two network cards
eth0:- 172.16.91.70 (External Zone)
eth1:- 172.16.85.70 (Internal Zone)
I have clients in my Internal Zone which can access the external network. The ping goes fine and can ...
6
votes
1answer
63 views
Linux as router with multiple internet providers
Linux as router: I have 3 Internet providers, each with its own modem.
Provider1, which is gateway address 192.168.1.1
Connected to linux router eth1/192.168.1.2
Provider2, gateway address ...
2
votes
0answers
59 views
Iptables and Port Scanning and Recent module
I'm trying to write an adaptive firewall using iptables, and am not clear on how the recent module is working. For example, see http://blog.zioup.org/2008/iptables_recent/
Snippet from my iptables:
...
1
vote
2answers
48 views
IP packets have wrong source address
I have two 4g modems connecting to a network and sending and receiving data. There is a problem though, as the modems keep getting kicked off the network because the source IP address of the packets ...
0
votes
1answer
10 views
Undoing specific iptables ip/port restriction
Say I add the following iptables rules:
iptables -A INPUT -p tcp -s localhost --dport 4444 -j ACCEPT
iptables -A INPUT -p tcp --dport 4444 -j DROP
This allows localhost to access port 4444 then ...
2
votes
1answer
38 views
Port Forwarding using iptables on Open-Mesh
A quick overview for those who are unfamiliar with Open-Mesh:
The system uses small wireless access points that automagically build their own mesh network. As long as one of the access points is ...
1
vote
1answer
57 views
Redirecting all IP over USB traffic to a fixed address
I'ma bit of a network newbie, so apologies for the inaccurate vocabulary.
Say I have a device connected by IP over USB to my computer (running Ubuntu), that connects to 10.0.0.1. I configured my ...
1
vote
2answers
66 views
Debugging iptables using live packet views
Are there any CLI or GUI functions that I can use to monitor hits to iptables and watch as packets interact with iptables?
2
votes
1answer
70 views
How can I redirect outbound traffic to port 80 using iptables locally?
I'm trying to locally redirect ports on my Ubuntu machine using iptables. Similar to transparent proxying. I want to catch anything trying to leave my system on port 80 and redirect it to a remote ...
1
vote
0answers
72 views
LAMP Hardening, Transparent Proxy with iptables
I'm running a LAMP server with FTP(S) and several users. The users have only access to uploading PHP files and other web content. Some are running Drupal and Wordpress, but also a few home made stuff. ...
1
vote
1answer
39 views
Intercept incoming TCP/IP packets on Linux and perform NAT
I want to make a decision of what computer is behind the firewall sending the packet.
Imagine I have 2 PCs behind the firewall and I want to, based on (my algorithm), make a decision at the firewall ...
1
vote
1answer
52 views
iptables: what the difference between filter and mangle
I am using iptables to to mark the package and want to route based on the marks.
First I added the ip rule:
sudo ip rule add fwmark 1 prohibit
(The "prohibit" is just for test, I will change it ...
0
votes
1answer
37 views
Allowing a domain name in my IP Tables
I have a Linux server that gets a time offset for some strange reason. I set up cron job to run and update the time using the following command:
/usr/sbin/ntpdate pool.ntp.org
The problem is the ...
-1
votes
1answer
41 views
I can't access my computer through specific port?
On Fedora I tried to access port 1521, so I opened the following port on my firewall:
$ sudo iptables -I INPUT -i eth0 -p tcp -m tcp --dport 1521 -j ACCEPT
$ sudo service iptables save
I then tried ...
2
votes
1answer
87 views
iptables string not dropping packet from tcp streams while using conntrack and string
I'm facing an unusual issue where specific TCP steams are not getting dropped by iptables; instead it's like iptables is just removing those specific packets.
We're getting the following traffic:
...
1
vote
2answers
57 views
Missing iptables file on directory /etc/init.d/ (Fedora 17)
Is the iptables file in Fedora 17 moved from /etc/init.d/ to /etc/sysconfig/? I need do some patching to the iptables file to solve the firewall problem (Setting chains to policy ACCEPT: security raw ...
1
vote
1answer
36 views
port forwarding to internal lan server
I've ppp0 --> eth1 and eth0 (internal lan). I need forwarding externel 10022 port to port 8999 of the server 192.168.1.254
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 10022 -j DNAT --to ...
3
votes
1answer
91 views
iptables: how to allow traffic from redirected port
I have a web service running on debian 7 and listening on port 8080. I want to redirect 80 to 8080 for inbound connections and allow only port 80. Here is my iptables configuration:
root@localhost:~# ...
1
vote
1answer
43 views
What does the route Dest: 123.123.123.123, GW: 0.0.0.0 mean?
I have a route table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
123.123.123.123 0.0.0.0 255.255.255.255 UH 0 0 0 ...
3
votes
2answers
70 views
What is the tun network interface for?
I noticed when running ifconfig that there is a network interface called tun0 and it has an ipv4 address. A bit of research shows that it is a tunneling device, but I don't really know how it's used, ...
1
vote
1answer
141 views
Copy/Mirror traffic to WAN interfaces without “iptables tee” support
I want to copy every outgoing packet to other WAN interfaces but my iptables (v1.2.7) doesn't have TEE target support. I wonder if there is another way (maybe using iproute2 or ebtables) to copy every ...
2
votes
1answer
227 views
How to setup iptables rules to allow skype
Here are my iptables rules to allow Squid to connect to a web server:
# Accept internally-requested input
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#http,https traffic only ...
2
votes
5answers
106 views
Difficulty setting up iptables
I'm very new to *nix operating systems, and I'm having some trouble which I believe is because of misconfiguration of the iptables firewall.
My server has SSH running on port 22, and server software ...
1
vote
1answer
105 views
SSH tunneling through a busybox router
I have a busybox router and I'm able to login to the console using telnet & I also have access to the web interface.
My question is, how can I create an ssh tunnel from my local network through ...
1
vote
1answer
104 views
How to log iptables as of kernel 3.9.0?
What is the right way to log iptables as of kernel 3.9.0?
I can no longer append a logging rule such as:
# iptables --new-chain droplog
# iptables --append droplog --jump LOG --log-level info
...
1
vote
2answers
66 views
Why must loopback traffic be authorized using iptables to get web access?
I thought the following was necessary was necessary for outgoing HTTP on a desktop (non-server):
iptables -A INPUT -p tcp -m multiport --sports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
...
2
votes
1answer
66 views
IPTables string match redirection
The issue: I am currently redirecting port 80 requests to another system on port 1000.
This is done like so:
iptables -t nat -A PREROUTING ! -s 172.20.1.2 -p tcp --dport 80 -j DNAT --to-destination ...
1
vote
1answer
44 views
How to relay packet in a wireless ad hoc network?
I am trying to connect several Linux computers in wireless ad-hoc multicast :
-computer C1 (192.168.1.3)
-computer C2 (192.168.1.5)
-computer C3 (192.168.1.6)
C1 can not reach C3
On computer C1, ...
2
votes
1answer
36 views
Log the dropped packets by IPTables only if its DROPPED by a specific rule
I have IPTables rules set on a Linux device. I have a particular rule to drop the packets, and I wish to log the packets only if they're dropped by that specific rule, and not by the other rules.
...
2
votes
0answers
104 views
TPROXY for redirecting UDP on arbitrary ports
I want to intercept all UDP traffic leaving tap1. And possibly reply to e.g. DNS-requests. To accomplish this I wrote some python code listening to localhost and use iptables with a rule-set like ...
4
votes
2answers
73 views
Is it possible to set-up a VPN in such a way that I disconnect from the Internet if it goes down?
How can I set-up a VPN so I loose connection to the Internet if it goes down? I use Ubuntu and have used the network-dialog to use a VPN; but if the VPN goes down, it just switches to the non-VPN ...
1
vote
1answer
39 views
netfilter's configuration to allow openvpn
I've got a debian server at home, that I use to have a VPN access to my home computers.
I've redirected the openvpn port on the port 2000 : in my file "server.conf", I've added this :
#Server
mode ...
2
votes
2answers
142 views
Open and redirect port
I'm trying to set up SNMP for a router so I can monitor it from an existing Nagios installation on an off-site server. I'm having trouble getting the router to respond to SNMP requests from the WAN, ...
0
votes
1answer
67 views
IP Address inaccesible
My Linux machine is inaccessible by the IP address, as in only
http://127.0.0.1:8080/projectname
or localhost works on the browser, but
http://10.1.5.5:8080/projectname
doess not (here ...
1
vote
1answer
128 views
How does iptables MASQUERADE work on the incoming side?
I'm still reading the iptables manual page and other documents and
digging around questions and their answers.
This is the problem which arises.
When we setup the NAT we use a POSTROUTING rule such ...
0
votes
5answers
170 views
SSH login attempts per minute per IP
How can i limit SSH login attempts per minute per IP ?
I want to disable login attempts during 5 seconds after a failure. Is this possible ?
I'm not talking about ban a user after parsing logs like ...
3
votes
1answer
49 views
What are the requierements to sniff UDP packets in a Wireless Ad-Hoc network?
In a wireless Ad-Hoc network,
I have two computers which communicates in UDP together from 192.168.1.3 to 192.168.1.5
I have a third computer (192.168.1.6) which wants to listen to the packets which ...
2
votes
1answer
197 views
iptables rules too restrictive; Drupal webserver cannot access repositories, ntp or even websites
This is a Drupal website running Ubuntu 12.04 LTS on Linode. Someone recently changed our iptables rules and a number of problems started.
These include:
Our Mollom spam protection is not working ...
5
votes
2answers
338 views
Transform an UDP unicast packet into broadcast?
We need to wake-up some computers on our internal LAN, from the Internet.
We have a somewhat closed router. Very few ways to configure it.
I'd like to use netfilter (iptables) to do this because it ...
0
votes
1answer
62 views
Iptable rule to ssh over the internet
I've a server abc.example.com and a remote desktop zzz.example.com. I'm using SSH over a custom port, say, 6789. Whenever my firewall is off, I'm able to connect to the server successfully. But, as ...
3
votes
1answer
102 views
IPTables - Port to another ip & port (from the inside)
I currently have a NAS box running under port 80. To access the NAS from the outside, I mapped the port 8080 to port 80 on the NAS as follow:
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT ...
2
votes
1answer
143 views
Can iptables be used to convert a single-homed host into a NAT server?
Given: I have a machine (HostA) with only one NIC which has Internet connectivity. I have another machine (HostB) with one NIC on the same switch. HostB is not configured for Internet access yet. ...
3
votes
1answer
208 views
iptables: recent module
I am using the "recent" module to prevent port scanning, such as:
-A INPUT -i eth0 -m recent --name PORTSCAN --update --seconds 60 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT ...
