iptables allow creation of rules to define packet filtering behavior.
0
votes
1answer
13 views
Can't access/open ftp port on VPS server
I'm using VSFTP on my VPS Server but can't open FTP port. Below are my configuration:
iptables:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- ...
2
votes
2answers
26 views
Best practises: Applying iptables firewall rules for SSH
I need to add some firewall rules in our QA environment using iptables. I have to do the changes remotely . Some of the changes also include disabling SSH for few Networks .
What are best practices ...
0
votes
0answers
23 views
Incoming internet SSH traffic to eth0 and outgoing internet traffic to wlan0
I have this setup:
kali linux on raspberry PI connected to eth0 and wlan0.
eth0 has internet access and public ip with port 22 open.
wlan0 has internet access.
I want to be able to connect to my ...
1
vote
1answer
13 views
Iptables dropping HTTP 302 packages contain suspicious domain string
The HTTP 302 packages I want to block have:
Header
HTTP/1.1 302 Found
Location: ...
0
votes
1answer
37 views
Open port on one IP
I have spent all day looking this up with no luck.
So, I own the IP range xxx.xxx.xxx.xxx/27 and I want to open port 22 on IP xxx.xxx.xxx.66 yet close port 22 on all others, then open port ...
1
vote
1answer
17 views
What order are mangle dscp rules applied with iptables?
I'm using iptables mangle to mark traffic with different DSCP values. I'd like to confirm the order in which overlapping rules will be applied. I assumed that the logic would be the same as with ...
2
votes
1answer
317 views
Why does iptables accept packets on a given port, when it is closed?
Here is my situation. I have a public address on my router and have manually forwarded a given port for torrenting, so not via UPnP, that is disabled both in the router and the application. It works ...
-2
votes
1answer
47 views
iptables: command not found - CentOS 5.5
I am using CentOS 5.5. I want to add new IP in my iptables. But I cannot do it.
Tried everything with 'iptables'. The latest version of 'iptables' is at sbin. I'm in 'sbin' directory. But it says ...
6
votes
2answers
52 views
How can I silently drop some outgoing packets?
I'm doing some testing of an application I am working on, and I need to be able to silently drop outgoing UDP packets for a short period of time to replicate a possible failure mode.
Is there any way ...
0
votes
0answers
10 views
iptables nat not work for sctp
i have a server in internal network and i want to access it from external.
the network is like this:
Server A (132.196.28.229) is in external network
Server B (10.35.202.24) can access both network
...
0
votes
1answer
34 views
IPTABLES - Bad IP Address
I am trying to turn my Raspberry Pi into a VPN server. To do this I am following this tutorial.
The only issue is when it tells to to run this command iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ...
2
votes
0answers
27 views
Detect which program is blocked by firewall
The linux firewall can show a lot of information in the LOG target, for example via --log-uid.
How can the executable doing the network call be logged, too?
I did not find anything in the FAQ, the ...
0
votes
0answers
26 views
Raspberry Pi OpenVPN SSH problem
I followed this tutorial to configure OpenVPN and it and runs very well:
http://blog.frd.mn/raspberry-pi-vpn-gateway/
Now I want to access my Raspberry Pi via SSH. OpenVPN is most of the time ...
0
votes
1answer
17 views
How to set up a clear SuSE-Firewall?
I’m doing some rules in a machine with the firewall disabled, but when I run rcSuSEfirewall2 a lot of rules and policies are applyed by default:
iptables -L
Chain INPUT (policy DROP)
target prot ...
0
votes
1answer
39 views
ufw won't allow connections to port 5432
I've installed Postgresql 9.4 on Ubuntu Trusty from the PGDG ppa. I've created a database and set it listen-addresses to '*'. I've made an entry in the pg_hba.conf file. I can connect locally with no ...
0
votes
0answers
57 views
Use iptables to redirect **all* requests, even DNS-unsolved domain?
Context: With iptables, I redirect all the traffic - incoming at port 80 - to a distant server IP (X.X.X.X). I aim that anywhat you write in the urlbar of browser, you get X.X.X.X.
IP That works ...
4
votes
1answer
57 views
forward all mysql traffic to a ssh tunnel
I have a local application that needs to connect to a remote mysql server at 40.40.40.40:3306
The main firewall blocks all connections but ssh, I can set up a ssh tunnel and connect to the server ...
2
votes
1answer
18 views
Per user routing on wifi
I'm using vpn but i want to have one user that could access network not through vpn but using my real ip address.
The problem is that all solutions i found by quick google'ing,
for example this ...
0
votes
1answer
34 views
iptables and ssh
I'm running Arch Linux and I have a running SSH daemon to access my machine when I'm out side my LAN. I can do the connection, but iptables keeps blocking SSH Daemon, so I can only connect if I turn ...
0
votes
1answer
14 views
iptables rules' weird behavior
I have a set of iptables rules (see below) whose purpose is to disallow traffic to go out of my machine when my VPN connection is abruptly lost or manually terminated:
#!/bin/bash
echo "Please wait ...
0
votes
0answers
7 views
RHEL 6 IPTables filtering of IPSEC protected Traffic
looking for some guidance to make sure I'm going in the right direction and maybe get some hints or gotcha's I need to be thinking about.
I'm working on RHEL 6.4. I have a cluster of computers that ...
6
votes
1answer
59 views
Why doesn't NAT reserve ports from the machine's TCP and UDP port pool?
I made two experiments. This is the network for both of them:
[private network] [public network]
A -------------------- R ----------------- B
192.168.0.5 192.168.0.1|192.0.2.1 ...
0
votes
1answer
27 views
Default gateway is not reachable
I have a vmware player on which i have installed CentOS 6.5. And on that CentOS 6.5 i have installed lxc and on that lxc i have installed centos 6.3.
I am using NAT and bridger as a Network adaptor ...
3
votes
1answer
29 views
Is it possible to reduce infomation in iptables log?
I noticed that there are data in the iptables log that I don't need, so I was wondering if it's possible to change some configuration so that the log has less information, reducing the log's size.
...
2
votes
1answer
55 views
Rewrite source IP in TCP replies using iptables
I'd like to rewrite the source IP on TCP/514 traffic leaving a redhat machine, for connections that weren't initiated from the machine.
The machine receives TCP/514 traffic on an interface, for ...
0
votes
0answers
41 views
server1 ssh's to server2 but server2 sees server1 by it's private ip due to both servers being on the same firm/network
I ssh into server1 via it's public IP from server2.
I then ask server1 what my IP is. i.e. server2's IP.
It shows me server2's private IP.
I want it to show me server2's public IP.
If server2 was ...
0
votes
1answer
35 views
Apache VirtualHost redirect 302 (cyclic link)
I seek some wisdom, so please help... I have one VM acting as router/web server/dnsmasq server on IP: 192.168.100.1. And I have other machine acting as client.
Server has IPTables rule to redirect ...
0
votes
1answer
91 views
iptables - how to drop protocols [closed]
I have the desktop-server Debian Jessie machine running for testing purposes just for 19 hours now. I have already set a few rules as you can see above. But I am not really into networking. So it ...
0
votes
0answers
21 views
iptables: block communication with others in same subnet
I have a couple of devices in my subnet (e.g. 192.168.0.0/24) and would like to make sure that one of these devices (identified by MAC or IP) can only talk via the router (where I'd like to set up ...
4
votes
3answers
69 views
Why do some TCP reset packets show up in my iptables log?
I started to add some basic iptables rules on my Debian Jessie server. My objective is to filter and log network traffic (for security and learning purposes). Disregarding ICMP packets, these are ...
2
votes
1answer
64 views
Who's messing with my router?
Recently, I've been feeling that somebody is doing bad things to my Access point.
My wifi access point is "protected" with a hidden ssid, and a WPA2 password. Nobody granted access apart from me, ...
0
votes
0answers
50 views
How to build via iptables an transparent reverse proxy
I just use an Server with an public ip X.X.X.X to redirect without (changing the header ip) to another public ip Y.Y.Y.Y and the same back.
My backend server is windows 2012 r2 and my proxy server is ...
0
votes
1answer
20 views
What does the numbers in brackets means on the iptables-save output?
What do the [368:102354], [0:0] and [92952:20764374] in my iptables output file mean?
:INPUT ACCEPT [368:102354]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [92952:20764374]
1
vote
1answer
51 views
iptables - why do I get “Table does not exist (do you need to insmod?)”
I need to install some iptable ruels to block traffic that originates from a certain country, I found this script example on http://www.cyberciti.biz/faq/block-entier-country-using-iptables/ it works ...
2
votes
1answer
35 views
Iptables rule to drop packets to and from local network
I want to set a virtual machine on laptop, but I don't trust the guest system fully, so I would like to block it's access to local network (to network 192.168.0.1/16 or 10.0.0.1/8 or ... the other one ...
1
vote
2answers
28 views
How to use routing to use the next available inetface
My system has 2 interfaces (eth0, eth1).
I open a socket and bind it with an ip attached to eth0, now I want the OS to route the packets to another ip (which attached to eth1 but i'm not sure it's ...
0
votes
0answers
29 views
openvpn: iptables not forwarding
I have the following topology:
And I'm following the iptables rules listed on https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
Here's the output of iptables -L -v
Chain INPUT (policy ...
2
votes
1answer
77 views
Local port is not accessible with public IP address
I have a linux server which has public IP and Private IP. So, when ever I login with public IP, the terminal directly shows private IP.
example:
$ ssh [email protected]
root's password:
...
1
vote
1answer
23 views
installed application keeps open port
I installed an application (a text editor) and it keeps a connection alive. I blocked the IP with iptables, but the port stays open.
netstat shows:
tcp 0 0 127.0.0.1:<port> 0.0.0.0:* ...
1
vote
0answers
22 views
Routing only VM traffic through VPN
I'm stuck on a problem and would like some help if possible :-)
My goal is to make my VM going through my VPN connection and my HOST through the standard gateway.
Configuration :
VM (192.168.100.1) ...
2
votes
1answer
52 views
iptables rule in /etc/rc.local are not loaded
/etc/iptables.conf
contains a rule to dump my outgoing packets to 10.199 network as,
*filter
:INPUT ACCEPT [122:9273]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [73:8165]
-A OUTPUT -d 10.199.48.0/24 -j ...
2
votes
1answer
37 views
traffic routing with DNS
I have 2 gateway machines. 1 debian (main - 192.168.1.1), 1 centos (backup 192.168.1.2).
There are 2 networks, 1 LAN and 1 WAN, going through "main" and from there over ISP1
"backup" is on LAN and it ...
1
vote
0answers
18 views
How to drop packet if conntrack entry not present
Is there a way to check if conntrack exists before doing a particular action in iptable chains ?
I would like to drop the packet in mangle-postrouting if conntrack entry is not present, dont want it ...
0
votes
1answer
15 views
CONFIG_NF_CONNTRACK is not set
I am trying to setup iptables on udoo quad but I hit a brick wall and cannot find a fix anywhere:
root@udoo:/# uname -a
Linux udoo 3.0.35 #10 SMP PREEMPT Wed Jul 30 18:16:10 CEST 2014 armv7l ...
0
votes
1answer
76 views
iptables do not work, very slow to process on Debian 8
I never had issues with Debian 7 using iptables. However, with Debian 8, I cannot get iptables to work at all.
Simple script like this takes several minutes to load and can't access my portal page.
...
0
votes
0answers
13 views
PPTP IPs different than LAN ips
in /etv/pptpd.config I have:
localip 1.0.0.1
remoteip 10.0.0.100-200
my server real IP is 192.168.1.40 (my LAN is 192.168.1.0)
is it OK to do it?
how I can route it so the clients with ...
2
votes
1answer
21 views
route some traffic in subnet to other gateway
I want to route traffic destined for 192.168.5.0/24 to a gateway of 10.1.10.24, but all other traffic to a gateway of 10.1.10.1. I tried:
ip route add 192.168.5.0/24 via 10.1.10.24
but it seems to ...
1
vote
2answers
47 views
Using IPTables to Block Ports to Class A Subnets While Allowing Web Ports (80/443)
This is about a cPanel server which, like most servers, is under constant attack from lands afar. Considering that I only host to clients in the US and Canada, there is less of a reason to allow full ...
0
votes
1answer
25 views
How to find what custom config is used by iptables?
I need to open custom iptables config, and change old IP adrees to new. How i can find what custom config is used by iptables?
-1
votes
1answer
137 views
Centos 7 - firewalld - passthrough traffic with firewall-cmd
How can I allow traffic from some hosts network A (behind eth0 interface) through my centos 7 box to network B (some hosts behind eth1).
network A: 1.1.1.0/24
network B: 2.2.2.0/24
Firewall ...
