Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
3 answers

How to redirect a website using IPtables?

I have referred to the following links before asking this question. I am making an example for my students on NAT - pre-routing. Here, I am trying to replace the destination ip with the one I want. For example, when someone tries to access…
dexterous
  • 215
  • 3
  • 7
  • 13
2
votes
1 answer

How to block gmail web chat with squid and iptables?

Is it possible to block just the web chat service and still use email service using iptables and squid or using either one of them?
0xdeadbeef
  • 397
  • 6
  • 13
2
votes
3 answers

wget and port forwarding

I have a weird problem. I can run this command just fine from various servers: wget --debug '--http-user=USER123' '--http-passwd=PASSWORD' http://GW-BOX:9091/weijhkdsvn/v9_odbc//CRONTAB.2014020 Where "GW-BOX" is the gateway to my network, USER123…
Tony B
  • 254
  • 3
  • 14
2
votes
0 answers

iptables xt_recent change in kernel without modules

is it possible to change xt_recent module parameters when it is compiled into kernel ? most of the info on internet suggest setting it by modprobe but that is not the case in my setup as I have kernel without module support
Krzysztof Dk
  • 21
  • 1
2
votes
1 answer

OpenVPN running on Internet Gateway, so all private clients can access VPN with no config

Our LAN connects to our office gateway machine (192.168.1.1), which is connected to the Internet. I have setup NAT/Masquerading for this purpose with no issue. We also use OpenVPN to connect to our data-centre (the OpenVPN server is in the…
Rob Brown
  • 21
  • 1
2
votes
1 answer

For what is a general allow ACK rule in iptables good for?

I've encountered some iptables configuration with incoming rules starting with a rule that allows all TCP packets with ACK flag, followed by all the obvius service port rules. Why is that? The server still responds with this rule disabled. Is there…
dronus
  • 1,178
  • 1
  • 13
  • 15
2
votes
1 answer

How can i prevent TINC from relaying DHCP

I am running tinc in several NAT routers running Debian 7 Wheezy, the VPN works fine for months, except because i've set it up in switch mode it relays DHCP requests and answers over all the VPN. The problem is that host A is using a Pool from…
Sir.pOpE
  • 380
  • 1
  • 10
2
votes
2 answers

Linux iptables drop traffic based on mac address

I'm doing some testing on my linux VM with one nic, I want to use it as some kind of a firewall which can block traffic of some clients based on a mac address. The client itself is having the VM as a default gateway (.254), the VM itself has (.1 the…
Wouter
  • 23
  • 1
  • 1
  • 3
2
votes
1 answer

Locked myself out of SSH with UFW

I had my server set up to accept SSH connections on port 21966, I followed some steps to configure ufw however it has now locked me out of all SSH access on any port! I've been able to boot my server into 'rescue' mode, providing me with an SSH…
James
  • 23
  • 1
  • 4
2
votes
1 answer

nmap lists host as up despite being black listed

I have an iptables rule setup that marks addresses as suspicious if they connect on certain ports or any unopen ports. If more than three consecutive connections are made without authentication, then the address is black listed. After blacklisting…
Craig
  • 151
  • 6
2
votes
1 answer

Adding port 25 to iptables won't getting to open centOS

I am facing a problem to open port 25 with iptables on my CentOS machine. I checked the connection by 'nmap' and 'telnet' but both failed. The follow things I did to trying make this work: iptables -I INPUT -p tcp --dport 25 -j ACCEPT /sbin/service…
user968898
  • 163
  • 1
  • 3
  • 12
2
votes
2 answers

What are the security issues in creating a firewall between two subnets?

As I understand it, the hosts on different subnets cannot communicate with each other unless there is a router somewhere on both subnets that forwards traffic between them. I have have two subnets on a network, say: 192.168.0.0/24 and…
Jamie Cockburn
  • 331
  • 1
  • 3
  • 11
2
votes
1 answer

AWS WebServer architecture (ELB + iptables)

I'm currently working on the architecture of high-traffic high-availability website. We are using AWS. Currently, we have: Route 53 -> ELB -> Multiple EC2 instances -> RDS Multi AZ. Each EC2 instance runs Varnish + Nginx & PHP FCGI. Sessions and…
Benjamin Leclerc
  • 21
  • 3
2
votes
1 answer

Firewall/iptables rules for GlusterFS

A great pleasure would be to know which exact iptables rules to use for securing GlusterFS 3.4.2 (with Debian Wheezy) in shared environment. I'm running some dedicated servers at ISP. There are two servers (named lb01 and lb02) acting as nodes and…
rabudde
  • 304
  • 5
  • 22
2
votes
1 answer

IPTables and SNAT for just two ports

I want to set up some NAT policies so that certain machines will only have outbound access to http/https. They should not be able to do port scans or anything else from their machine. Currently my NAT rules are: -A PREROUTING -d 1.2.3.4 -j DNAT…
Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56
1 2 3
99 100