Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
1 answer

How can redirect requests to my external IP address/port to a different external IP address/port in Linux without changing the source IP address?

I can use the following commands, but they change the source IP address: iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination dest_ip:port iptables -t nat -A POSTROUTING -j MASQUERADE So I get the source IP address at…
lchuang
  • 21
  • 4
2
votes
2 answers

When the OpenVPN client is on, remote ssh access don't works

I'm a new user forum and I'm doing my first VPN setup. I have purchased a VPN service with PrivateInternetAccess. I'm setting up a Linux VM (CentOS 6.5 server) on a VMware ESXi remote host. It's behind another VM, which makes NAT functions for…
antondepalacios
  • 51
  • 1
  • 1
  • 5
2
votes
1 answer

how to run pptp over redsocks proxy

I have one (virtual) Linux box in Ubuntu, that has redsocks set up done. Inside the machine, I could confirm that the the redsocks did work (use wget to check the external IP). Now, I want other client machines to share the same redsocks proxy. So I…
Walty Yeung
  • 131
  • 8
2
votes
1 answer

AWS EC2 IPTables converts source/dest subnet into ec2.internal hostname?

I have a Debian 6.0.7 x64 AWS EC2 server that I'm running a couple QEMU virtual machines on (don't ask.. long story). I have some IPTables rules to NAT/Forward any traffic (on ports 8080 and 8081) from the AWS server to the VM internal IPs at…
Gregor
  • 23
  • 2
2
votes
1 answer

Cannot curl from the same server when it has PREROUTING ip forwarding

I have a Ubuntu web server that uses iptables PREROUTING to forward port 80 to 8000. So the web process listens on port 8000. Now I want to make a curl from the same server to a web application running on it. But this issues a Connection refused: $…
Gabriel Petrovay
  • 248
  • 3
  • 12
2
votes
1 answer

iptables: match only the first packet of established TCP-connection

In my Apache-logfiles I find a lot of entries that contain "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 or similar crap. They come from non-RFC2616-connections (HTTP/1.1 without hostname). I don't want to have my log files spammed with this…
Hubert Schölnast
  • 203
  • 4
  • 12
2
votes
1 answer

Stateless NAT with CentOS 6

I'm looking to set up the following: ---[IVR 1] | (internet)----[CentOS box]---+---[IVR 2] | ---[IVR 3] The CentOS box's internal…
Dave Knell
  • 21
  • 1
2
votes
1 answer

ifcfg-eth0.200 is not responding to arp broadcasts

I have a Centos router doing a stupendous job in a setup similar to this: eth0 --> no IP eth0.200 --> 192.168.200.1 eth0.201 --> 192.168.201.1 ... so on up to eth0.213 --> 192.168.213.1 I have ipv4 forwarding enable to allow intervlan routing, and…
Jose Mendez
  • 67
  • 2
  • 8
2
votes
1 answer

What is the correct iptables rule when NATing multiple private subnets?

I have a Centos minimal 6.5 acting as a router. eth0 is connected to a Cisco switch trunk port, allowing VLANs 200-213. I have several VLAN interfaces just as this link…
Jose Mendez
  • 67
  • 2
  • 8
2
votes
1 answer

iptables and TPROXY support

I'm running iptables v1.4.21 on Ubuntu 14.04 and is trying to setup iptables to use TPROXY. How can I check whether my current build of iptables supports TPROXY? I can check TPROXY support for HAProxy using haproxy -vv, is there something similar…
Athena Wisdom
  • 213
  • 4
  • 9
2
votes
1 answer

Need help translating rate limiting iptables rules to Puppet format

I use Puppet Iptables module to manage Iptables rules on my machine. I'd like to implement to rate limit failed SSH connections as described here: iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 5 --name SSH --rsource…
geoffroy
  • 131
  • 2
2
votes
1 answer

IPTABLES command that end with ACCEPT or DROP fail on service firewall restart

I have a CENTOS Linux VPS. I have the following in my IPTABLES script to run when my VPN restarts, but I get errors when I do a service firewall restart I've ran each of the commands below manually and they work. According to Host Gator in order…
ConfusedDeer
  • 217
  • 3
  • 11
2
votes
2 answers

Iptables does not seem to be applying SNAT to packets sent on a raw socket

I'm sending packets from a user space program to my wireless interface wlan0. I've set up a SNAT rule with iptables as follows iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to 192.168.1.3 And it works for all normal traffic going out of my…
Conor Patrick
  • 123
  • 7
2
votes
1 answer

IPTables custom log failing

I'm currently trying to split out some of my IPTables logging from kern.log into a file called iptables.log. Basically, I have several different adapters and I'm logging requests to port 80 on each one. These rules are working and outputting fine…
tparrott
  • 185
  • 1
  • 3
  • 9
2
votes
1 answer

Command to set dscp / ToS value on outgoing packets for OS X Mavericks?

I want to set a certain DSCP (or ToS) value on all packets sent over port 22. I have an iptables command to do so, but Mavericks only has the equivalent of pfctl and I can't figure out how to translate the command to pf. Can anyone help? How can I…
user41356
  • 279
  • 1
  • 5
  • 12
1 2 3
99 100