Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
1 answer

Why is a remote IP redirecting to a local server?

I've got a rack full of Linux servers that host OpenVZ containers and for some reason when I attempt to connect to a certain remote IP from inside a few of the OpenVZ containers (using telnet, for example), I end up connecting to another server on…
Curtis
  • 503
  • 2
  • 9
2
votes
5 answers

Using IPTables to forward local requests on one port to a remote server on another port

I have an application in a Docker container. I have the DB in another Docker container. The DB container has an exposed port of 49155. The application requires that the database be exposed on port 3306 and I can't change that thanks to IonCube…
Concordus Applications
  • 133
  • 1
  • 2
  • 7
2
votes
1 answer

iptables - Multiple IP's, only one is IP Prerouting correctly

I am trying to redirect all requests on port 80 to port 9000 across all my IP's I have 1 server hosting several IP addresses on eth0. For the sake of my problem, lets say they all use apache to listen to port 9000 Only the primary IP address (.106)…
Maruf
  • 159
  • 9
2
votes
0 answers

Some packets are dropped in [wan-local], when DNAT rule exists

I am running EdgeOS (aka vyatta 6.3 aka debian) with 3.4.27. There are two DNAT port forwarding rules like this: rule 1 { destination { port 65432 } inbound-interface eth0 inside-address { address 192.168.88.5 } log disable protocol…
Xand
  • 21
  • 1
2
votes
2 answers

How to spoof an IP for application that needs this particular IP?

In general, such a problem, there is a system RHEL 6.4 Server with a pair of network interfaces combined into one by bonding. This system IP address: 10.7.7.1. Next on the system running an application that needs to connect to the MySQL-server…
abg
  • 163
  • 2
  • 5
2
votes
2 answers

IPtables NAT puzzler: Why is traffic from the firewall host being NATed even though it's not coming from one of the prescribed source addresses?

I run a small network where a linux web/mail server also provides NAT for a collection of windows boxes. One of these windows machines is apparently misbehaving (ZeroAccess botnet even though I can't find any problems using Norton PowerEraser and…
pgoetz
  • 465
  • 1
  • 8
  • 16
2
votes
1 answer

OpenVPN not redirecting all traffic through VPN

I have just finished setting up my VPN, and google shows my IP to be that of my VPN, so this works fine. However, when I log in through SSH to the VPN server, it shows my last login to be that of my (non VPN'd) IP (even after multiple logins/outs).…
ABC
  • 123
  • 1
  • 4
2
votes
1 answer

Iptables bang position

I am trying to set up this rule : iptables -A INPUT -i eth1 -p tcp -s ! 10.111.11.0/24 --dport ssh --syn -m state --state NEW -j ACCEPT but it doesnt work. When i change place of ! iptables -A INPUT -i eth1 -p tcp ! -s 10.111.11.0/24 --dport ssh…
Kriss
  • 321
  • 3
  • 17
2
votes
2 answers

Remove Iptables log from kern.log syslog messages

I'm having trouble with Iptables logs, i'm not able to get them out from kern.log, syslog and message files. I added two rules in rsyslog.conf which redirect my messages to an "iptables.log" file but logs are also present in kern logs. Here is my…
user200790
  • 23
  • 1
  • 1
  • 3
2
votes
1 answer

What is "state RELATED,ESTABLISHED" in iptables?

2064 871K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02…
JohnCharles117
  • 131
  • 1
  • 1
  • 3
2
votes
2 answers

Where does Webmin store its firewall configuration?

I want to copy the firewall configuration for iptables from one server to the other. Both servers run Debian Squeeze and have Webmin 1.660 installed, so I want to copy the configuration that Webmin uses. I couldn´t find it in "/var/webmin", in…
Larsen
  • 315
  • 2
  • 14
2
votes
1 answer

How to open a port below 1024 in Cent OS for socket.io?

I'm trying to open port 843 in my Cent OS 5.2, I added following line to etc\sysconfig\iptables : -A INPUT -p tcp --dport 843 -j ACCEPT and then updated my iptables service. I need to listen to that port in my node.js application which is running…
Nasser Torabzade
  • 153
  • 1
  • 7
2
votes
1 answer

web sites know the “real” access user(IP) through a proxy?

I'm new to Squid and iptables, and am investigating whether they would be able to accomplish a task at hand. part of my squid.conf: acl wf myport 8010 acl vp myport 8020 acl ss myport 8030 cache_peer IP1 parent 80 0 no-query originserver…
pangjiale
  • 23
  • 3
2
votes
2 answers

iptables to block VPN-traffic if not through tun0

I have a dedicated Webserver running Debian 6 and some Apache, Tomcat, Asterisk and Mail-stuff. Now we needed to add VPN support for a special program. We installed OpenVPN and registered with a VPN provider. The connection works well and we have a…
mr.simonski
  • 247
  • 4
  • 13
2
votes
3 answers

Redirect incoming packets to loopback

I'm trying to use iptables to redirect an incoming packet on eth0 to a service listening on the loopback interface. Based on this link I'm attempting to craft the following rule: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT -o…
dwurf
  • 920
  • 8
  • 15
1 2 3
99 100