iptables allow creation of rules to define packet filtering behavior.
0
votes
1answer
12 views
iptables forwarding between subnets
I want to forward traffic between two subnets, I'm not very familiar with iptables. The forwarding works except when iptables is enabled. There must be something wrong with the rules, though ...
1
vote
2answers
25 views
Run shell script based on IPTABLES port access attempt
Is there a way in Linux (RHEL 5-6) using IPTABLES, that if someone tried to access port 21, as an FTP user, to log what the user name they are trying to authenticate as and additionally run a shell ...
0
votes
0answers
15 views
Proper way for setting general policy and firewall rules with libvirtd
I'm just struggling with the firewall configuration of our new KVM Host.
I think by now I understand how libvirtd implements networking, but I'm missing a way to set some decent firewall rules.
To ...
0
votes
1answer
31 views
how to forward from port 80 to 8080 using iptables without opening port 8080?
The following iptables configuration work for forwarding port 80 to 8080.
#nat chains
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i bond1 -p tcp -m ...
1
vote
1answer
14 views
Configure port 1935 in iptables for media
On CentOs 6.4 I cannot connect to the media server from port 1935 only 5080. I have read you can edit the iptables files with following.
Open flle /etc/sysconfig/iptables:
$ sudo vi ...
2
votes
1answer
43 views
iptables: redirect local request with NAT
I'd like to redirect local requests to port which is translated with NAT. I have following rules:
iptables -t nat -A PREROUTING -p tcp --dport 9020 -j DNAT --to 10.0.3.11:80
however request coming ...
2
votes
1answer
33 views
Randomizing the source port for new connections
Generally whenever source port is selected by a network application, it is selected in a sequential manner among the free ports like 32000, 32001 and so on. I want to randomize the source port ...
1
vote
1answer
25 views
Route HTTP traffic thorugh different interface
I have my normal eth0 interface and an setup ppp0 interface, the problem I have is that I want to exclusively route all HTTP/HTTPS traffic through the ppp0 interface and everything else through the ...
1
vote
1answer
43 views
How to measure the time a packet spends on the system(router)?
I have a streaming system and one if its components is a router/firewall. I'm using iptables for setting the required behaviour on the router.
I'm having performance issues in forms of a constant ...
1
vote
2answers
45 views
iptables redirect outside requests to 127.0.0.1
I have a service running on 127.0.0.1 with port 2222. I need to forward all requests to 192.168.2.2:2222 (outside IP) only from subnet 192.168.1.0/24 to 127.0.0.1:2222.
I'm trying to use this, but ...
1
vote
2answers
46 views
Saving an iptables configuration permanently
How can I save this configuration permanently?
sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
1
vote
0answers
24 views
iptables and physdev match confusion
I'd like to be able to prevent a network bridge from generating certain types of traffic from some of its interfaces.
If I understand iptables correctly, packets generate by a device appear on the ...
0
votes
1answer
81 views
Fedora 20, startup script with network settings work correctly but without real effect
First, I love Fedora 20. :)
I'm newcomers from Debian/Ubuntu/Suse, but I real like this clean distro.
But I found some problems, and can't move forward with this little things.
I have 2 PC in home ...
0
votes
0answers
25 views
Routing Application through different network interfaces [duplicate]
I have two interfaces on a server, let's call them eth0 and eth1.
The underlying server is running CentOS 6.5
I would like to be able for some application to use eht0 while some others use eth1.
...
0
votes
0answers
24 views
Is it possible to move established connections on one port, to another without dropping data?
this problem has been bugging me for a couple of days now. I can't figure out a good enough solution using iptables without having dropped packets.
So here is the back story. Say I have a client ...
