Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
3 answers

IPTABLES block User-Agent

I get DDoS by the Wordpress Pingback BOTNET, now I want to block all client who contain Wordpress in there Useragents. For example: WordPress/4.0; http://vk.lokos.net; verifying pingback from 107.158.239.82 I need to block for both HTTP port 80 and…
user3135461
  • 71
  • 1
  • 2
  • 5
2
votes
3 answers

Can't access mysql docker container from the host

I have a debian server with docker 1.6.0 on it with a running official mysql container (https://registry.hub.docker.com/_/mysql/). I use a fairly basic firewall configuration in which all ports are closed except SSH, HTTP and NTP…
tagsOf
  • 31
  • 1
  • 1
  • 3
2
votes
2 answers

Exposing private network ip

I have the following setup: Box A eth0 - 192.168.1.101 eth1 - 10.10.2.1 Box B eth0 - 10.10.2.2 Box A has internet access through eth0. I want Box B to be visible on the 192.168.1.0/24 network, so I can ssh to it directly from another box, but Box…
sidj9n
  • 23
  • 2
2
votes
1 answer

IPTABLES -L OPTION NOT SHOWING SNAT RULE

I am able to get NAT to work using the following snat rule: iptables -t nat -A POSTROUTING -o em2 -j SNAT --to 192.168.2.2 My question is: Why is this rule not displayed when I issue the command: iptables -L or even iptables -L -v
Sunny
  • 381
  • 1
  • 6
  • 16
2
votes
1 answer

How to test iptables settings by port scanning?

I want to test my iptables and prove that it only allows traffic for given Protocol / Port - combinations. How I can use as a target for a port scan?
vinzBad
  • 133
  • 8
2
votes
1 answer

Port 8080 remains closed even when opened with iptable and nodejs is listening on it

I am trying to install a nodejs server listening to port 8080 that I opened with iptable but when I run nmap or a web tools I always get the message that the port is closed. I'm on a Ubuntu vps. First, be sure that nodejs is actually listening to…
Antonello
  • 145
  • 1
  • 9
2
votes
0 answers

How to allow applications in network namespace access to global filesystem?

I have several applications that are potentially high-risk and high-throughput (like bind, ntpd, etc.). I plan on having a "management domain" for OS tasks, updates, SNMP, automation, etc. and a "service domain" that only includes the daemons I'm…
Dan
  • 21
  • 1
2
votes
3 answers

Setting up iptables filter to allow Git

I'm trying to setup my Ubuntu 14.04.2 LTS server to have a solid iptables firewall. Right now I think it is pretty good, however, I cannot do any git pulls on the server when iptables is active... so the workaround is to turn off the firewall, do a…
user3396509
  • 21
  • 1
  • 3
2
votes
2 answers

iptables rule to send email

I have to send emails (and only send, not receive) from a linux server (SUSE Linux Enterprise Server 11) and I think I should add kind of the following rule to the iptables: iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT But I am not quite sure,…
Watchmaker
  • 759
  • 1
  • 7
  • 16
2
votes
0 answers

Virtual IP Pool for NAT with StrongSwan VPN

I'm trying to wrap my head around a site-to-site VPN configuration using StrongSwan that will allow remote sites to connect to our AWS VPC. The catch is, the remote gateways will potentially be using the same subnet as the VPC and they will not be…
anders
  • 191
  • 2
  • 8
2
votes
2 answers

Setting up Squid Transparent Proxy on a machine separate from the router

As explained in the title, I'm trying to set up a Squid Transparent Proxy on a machine separate from the router, and also separate from the private network I want to filter through the proxy. The context would be like this: Router Machine runs…
rubjim
  • 21
  • 1
  • 2
2
votes
1 answer

Can't access domain internally via public IP address

I have a dedicated server running Proxmox and a VM inside Proxmox running Debian 7 (Wheezy). As I only have one IP address, I'm using iptables to forward ports to the VM. My /etc/network/interfaces: # The loopback network interface auto lo iface lo…
Ben Fortune
  • 125
  • 8
2
votes
1 answer

What is the state of subsequent http requests in iptables terms?

When a user requests a web page, e.g. www.example.com/about-us/history.html. The server will send them an HTML file, the HTML file will contain elements that subsequently generate many more HTTP requests back to the server e.g.
the_velour_fog
  • 497
  • 2
  • 4
  • 14
2
votes
3 answers

Overwhelming traffic from llnw.com and msecn.net through squid

On our network at work we have a squid proxy between us and the internet. It's main function is to cache windows updates. However, at times, there are overwhelming amounts of traffic coming in on our squid proxy's external interface, but it isn't…
Matthew
  • 193
  • 1
  • 2
  • 12
2
votes
0 answers

Squid intercept proxy stuck with forwarding loop

I'm trying to set up a debugging proxy using Squid, mainly to test our own client communications library for various proxy types (one possibility with our client, is to connect to an external intercepting and filtering proxy service). Our network…
NeonNero
  • 21
  • 1
  • 3
1 2 3
99 100