Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
15
votes
3 answers

How to Set Up Linux Server As A Router with NAT

We have a simple router which has NAT of symmetric type, but because this router doesn't provide us with any debugging interface, we cannot figure out if a specific packet reaches the NAT or not. Thus we want to setup a LINUX computer making it…
Steve Peng
  • 559
  • 1
  • 8
  • 18
15
votes
4 answers

How do I get the number of (currently) established TCP connections for a specific port?

How do I get the number of (currently) established TCP connections for a specific port? I have managed to get counters for traffic working by doing i.e for outgoing RTMP. iptables -N $CHAIN iptables -I OUTPUT -j $CHAIN iptables -A $CHAIN -p tcp…
James Bennet
  • 173
  • 1
  • 1
  • 6
15
votes
3 answers

Debian 'ignores' /etc/network/if-pre-up.d/iptables

I want my iptables rules to automatically be loaded on startup. According to the wiki on Debian this can be done by placing a script with the name iptables in /etc/network/if-pre-up.d/ So I did, this is what it looks like: cat…
Cheiron
  • 458
  • 1
  • 4
  • 10
15
votes
5 answers

Deny IP address on AWS ELB

I've, more or less, following configuration on AWS: Elastic load balancer with 3 machines o 3 different availability zones. My security group allows 0.0.0.0/0:80 as it's my rails application (nginx, unicorn). I was wondering if there's any way to…
boris quiroz
  • 1,160
  • 1
  • 7
  • 18
15
votes
3 answers

How do you test iptables rules to prevent remote lockout and check matches?

As I'm learning about iptables I've made a couple of mistakes and locked myself out. What method(s) do you use to test rules without locking yourself out? I'm using ubuntu server 12.04 LTS All the answers below were helpful. In the end I used a…
hookenz
  • 14,472
  • 23
  • 88
  • 143
15
votes
4 answers

Setting up a transparent SSL proxy

I've got a linux box set up with 2 network cards to inspect traffic going through port 80. One card is used to go out to the internet, the other one is hooked up to a networking switch. The point is to be able to inspect all HTTP and HTTPS traffic…
badunk
  • 215
  • 1
  • 2
  • 11
15
votes
4 answers

Once I set iptables to reroute a port, how do I undo it?

I've been reading on many sites how to use iptables to reroute one port to another in Linux. For instance, rerouting port 80 to 8080 would look like this... iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080 My concern is, what…
Syndog
  • 251
  • 1
  • 2
  • 6
15
votes
3 answers

How do I setup monitoring of MySQL with Fail2ban?

Searching the internet with search engines on MySQL and fail2ban yields lots of results on putting your fail2ban logs into MySQL, however I'm wanting to monitor failed MySQL attempts to log in and ban those IP's. My application requires that I keep…
InvisibleFrisbee
  • 363
  • 1
  • 3
  • 8
15
votes
3 answers

Can you recommend a good intro to iptables?

I have to setup a firewall on a Linux server (all my previous experience is with Windows). My rules are meant to be pretty simple - forbid all, allow some ports with all, allow some ports for specific IP subnets, while the network is small but…
Ivan
  • 3,398
  • 19
  • 50
  • 71
14
votes
1 answer

iptables have both "accept all anywhere anywhere" and "drop all anywhere anywhere" rules

I' confused. This is my iptables config: $ iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE…
Mladen Adamovic
  • 599
  • 1
  • 3
  • 14
14
votes
2 answers

How can I write automated tests for iptables?

I am configuring a Linux router with iptables. I want to write acceptance tests for the configuration that assert things like: traffic from some guy on the internet is not forwarded, and TCP to port 80 on the webserver in the DMZ from hosts on the…
Phil Frost
  • 647
  • 5
  • 18
14
votes
4 answers

iptables nat does not exist

Today my iptables nat on the host system stopped working and I have no clue what happend! (That's very bad, I know) All commands are executed as root user. If I run $ iptables -t nat -L I get the following error message: $ iptables -t nat…
lszrh
  • 683
  • 3
  • 7
  • 15
14
votes
1 answer

linux: traceroute send operation not permitted for remote server

When I try to traceroute to a remote ip, I get send: Operation not permitted When I stop iptables, traceroute works fine. So, I assume I need some ip rule for send. What would that rule be? I did find a solution here…
giorgio79
  • 1,837
  • 9
  • 26
  • 36
14
votes
2 answers

What is the right iptables rule to allow apt-get to download programs?

When I type something like sudo apt-get install firefox, everything work until it asks me: After this operation, 77 MB of additional disk space will be used. Do you want to continue [Y/n]? Y Then error messages are displayed: Failed to fetch:…
anthony01
  • 221
  • 1
  • 2
  • 8
14
votes
2 answers

iptables rule to allow all outbound locally originating traffic?

I was wondering if someone could help me with the following iptables rule: We would like to allow ANY and ALL locally originating (as in, on the server running iptables) traffic. DNS, HTTP, etc... all of it. Any connection initiated by the server…
anonymous-one
  • 1,018
  • 7
  • 27
  • 43
1 2 3
99 100