Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
1 answer

MySQL port 3306 blocked in csf yet can still telnet to port 3306 from external host

We have a Centos 6 VPS that was recently migrated to a new machine within the same web hosting company. It's running WHM/cPanel and has csf/lfd installed. csf is set up with mostly vanilla config. I'm no iptables expert, csf has not let me down…
Neek
  • 133
  • 1
  • 5
2
votes
2 answers

Redirect websockets to port?

So, I've got a WebSocket server in C++, that is a completely stand-alone entity - handles header parsing, receiving, sending, all of it on its own, listening directly to the port. Problem is, it needs to run on a server alongside Apache, and that's…
DigitalMan
  • 179
  • 1
  • 9
2
votes
1 answer

Can't get iptables firewall working correctly

I'm setting up a new Centos 5.6 system and can't get my iptables firewall to work correctly. it won't let me use SSH through it. I'm new to Centos but not to Linux or iptables. I've been removing things until I have isolated the problem. I set up…
Jay
  • 121
  • 4
2
votes
2 answers

NAT, iptables and problematic ports

I am building a small office network with virtual machines. My schema is this: Computer A: gateway, ip 1.1.1.1, iptables used for NAT [eth0=public internet dhcp, dhcp; eth1=gateway] Computer B: client, ip 1.1.1.2, using gateway from Computer…
Rajie
  • 21
  • 2
2
votes
2 answers

Can I use iptables on my Varnish server to forward HTTPS traffic to a specific server?

We use Varnish as our front-end web cache and load balancer, so we have a Linux server in our development environment, running Varnish with some basic caching and load-balancing rules across a pair of Windows 2008 IIS web servers. We have a wildcard…
Dylan Beattie
  • 576
  • 3
  • 9
  • 24
2
votes
2 answers

Do newer physical interfaces make a better linux firewall?

At work we use an old (10 year old) linux box with 4 interfaces to act as router/firewall for the network. There's never really been a need to change it since it's stable and handles all our needs. I'm wondering, though, would replacing the network…
pfyon
  • 993
  • 1
  • 7
  • 10
2
votes
1 answer

Rotating Iptables logs with logrotate

I'm running CentOS6 and I configured rsyslog to monitor my iptables warning messages and dump them in /var/log/iptables.log. I went through my logrotate.d/syslog file and added iptables.log so logrotate would pick up and rotate the logs. The file…
FloppyDisk
  • 123
  • 1
  • 4
2
votes
2 answers

IPTables reroute 2 times

Is there a way to do the following with IPTables (Debian Squeeze): Have users connect to a "host" server using a common ssh command and port 22, and then once the connection is established, reroute them to another address based on the string they…
senrabdet
  • 31
  • 2
2
votes
2 answers

iptables: How to forward packets with destination port 80 from eth0 to eth1?

I've http and https traffic coming from several machines to my eth0 on my Linux machine, but I want to forward these traffic to eth1 which has the access to the internet. And do the complimentary operation of traffic coming from 80 and 443 to be…
Srikanth
  • 189
  • 1
  • 3
  • 8
2
votes
2 answers

Is there a suitable chain for iptables when eth is in Promisc mode?

I have a fron-end machine. Machine have2 eth cards. I want to use netfilter queue to do some checks on the packets. I set eth like this: ifconfig eth0 0.0.0.0 promisc up ifconfig eth1 0.0.0.0 promisc up I want to have an iptable rule like this(only…
Avihai Marchiano
  • 612
  • 3
  • 16
  • 32
2
votes
1 answer

Linux service --status-all shows "Firewall is stopped." what service does firewall refer to?

I have a development server with the lamp stack running CentOS: [Prompt]# cat /etc/redhat-release CentOS release 5.8 (Final) [Prompt]# cat /proc/version Linux version 2.6.18-308.16.1.el5xen (mockbuild@builder10.centos.org) (gcc version 4.1.2…
codewaggle
  • 247
  • 1
  • 4
  • 11
2
votes
2 answers

Correct usage of whitelisting cloudflare IPs in iptables

I'm relatively new to using the command line so I'm understandably nervous about fiddling around with IP tables and accidentally doing something wrong which consequently opens up vulnerabilities in the firewall. So, I thought I would ask here if my…
Tyrx
  • 51
  • 3
2
votes
1 answer

Route outbound connections from local network through VPN

I have a server A running OpenVPN, an OpenVPN client B (a rooted Android phone as it happens) and a third party C (a laptop, tablet etc.) tethered to B. B can use the VPN to access the internet via A; C can use the tethered connection WITHOUT the…
not all wrong
  • 121
  • 1
  • 5
2
votes
3 answers

Block brute-force attack using lastb and iptables

Using linux lastb command, I found that my server is brute-force attacked from many different IPs around the world! I have developed an script to detect brute-force attackers by lastb and block them by iptables. Here is the script: #!/bin/bash cd…
lashgar
  • 681
  • 1
  • 5
  • 16
2
votes
1 answer

Can't get port forwarding to work on Ubuntu

I'm using my server as NAT/router, which works well. But now I'm trying to forward port 3478, which I can't get to work. eth0 = public interface eth1 = private network $ cat /proc/sys/net/ipv4/conf/eth0/forwarding 1 $ cat…
Markus Hedlund
  • 1,127
  • 2
  • 19
  • 33
1 2 3
99
100