Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
1 answer

howto check iptables status with normal user?

How could check if iptables is running ok in a machine ,using a restricted permission user ? i need to monitor this... BR Thanks for the great Site !!!
criss
  • 153
  • 2
  • 3
  • 9
2
votes
1 answer

route http and ssh traffic normally, everything else via vpn tunnel

I've read quite a bit and am close, I feel, and I'm pulling my hair out ... please help! I have an OpenVPN cliend whose server sets local routes and also changes the default gw (I know I can prevent that with --route-nopull). I'd like to have all…
Normadize
  • 139
  • 1
  • 7
2
votes
3 answers

MySQL Injection Attacks? Random URL's Causing Errors

We just started running our own web server a few months ago on Rackspace (they are great). I use NewRelic (also pretty cool) to monitor server usage and I am getting error alerts that appear to me to be injection attacks? Wondering if anyone can…
Nick8675
  • 23
  • 3
2
votes
3 answers

iptables: combine SNAT with network remapping for OpenVPN

[Apologies for the long prelude; question halfway down.] I have a working OpenVPN setup whereby a VPN server pushes a route back to one client (hereafter called the “router”) which can then expose its own subnet to the machine running the server as…
Jesse Glick
  • 131
  • 1
  • 7
2
votes
1 answer

Is there an iptables-apply equivalent for ufw

I just came upon iptables-apply, which applies an iptables ruleset and lets the user confirm that everything is working correctly before finally committing the changes. If the user does not confirm after a timeout the original rules will be…
stigi
  • 121
  • 2
2
votes
1 answer

Using Linux's netfilter to reflect packets

I've got a pair of hosts with very bad routing between the two, but I have a third host that has very good ping to each. To work around the bad routing, I'm setting up the third host to bounce packets back and forth between the two. This third host…
CFSworks
  • 121
  • 3
2
votes
3 answers

High CPU usage in random IP/Port UDP DDoS

I have been getting these UDP floods with random IPs and ports. randomip:randomport -> myip:randomport 0 byte payload For some reason it is using a lot of CPU. Here is the results of perf top -e cycles:k. Is there any way to optimize the…
bob
  • 21
  • 2
2
votes
0 answers

iptables & tc limit both upload & download together

I have the following for iptables & tc but it limits the upload speed to 2Mbits once the quota of 1GB has been hit. iptables -t mangle -A POSTROUTING -o eth0 -p tcp -m owner --uid-owner aaron -m quota --quota 1073741824 -j ACCEPT iptables -t mangle…
whisky
  • 121
  • 2
2
votes
3 answers

Can't resolve issue: iptables: No chain/target/match by that name

So I am trying to setup shorewall firewall on my linux vps. The vps is running ubuntu 12.10. When I type $ shorewall check I get this error. iptables: No chain/target/match by that name. ERROR: Log level INFO requires LOG Target in your kernel…
user186639
  • 31
  • 1
  • 2
2
votes
1 answer

CentOS - IPTables - Allow nodes on subnet full access

I am using linode.com and they provide the ability to assign a private IP to each vps. What I am trying to do is setup each node's firewall to allow access from other nodes on the network, but I don't seem to have much success. For example, I am…
Mike Purcell
  • 1,708
  • 7
  • 32
  • 54
2
votes
1 answer

It is okay to set MASQUERADE at 2 network interfaces in a Linux server?

There is a Linux server with 3 network interfaces, eth0, eth1, eth2. IP forwarding has been turn on in this server. eth0 is connected to 10.0.1.0/24. Its IP is 10.0.1.1. eth1 is connected to 172.16.1.0/24. Its IP is 172.16.1.1. Server A can ping…
userpal
  • 613
  • 4
  • 10
  • 17
2
votes
2 answers

Redundant Iptables Routers - secondary router logging martian packet errors

We have a network mostly set up with a redundant pair of Linux Iptables firewalls/routers, but we're missing a crucial piece of the puzzle. Any local traffic destined to the secondary router succeeds in the same subnet, but fails to the "main"…
righdforsa
  • 283
  • 4
  • 13
2
votes
2 answers

Does IP forwarding on Linux act as a reverse proxy?

I have looked around and have seen many IP forwarding solutions that forward requests from an IP on one server to another IP on another server. (Basically, the forwarding of requests going to 123.45.67.89 on server X to 98.76.54.321 on server Y.)…
Albert H
  • 121
  • 1
  • 4
2
votes
1 answer

Encrypting peer-to-peer application with iptables and stunnel

I'm running legacy applications in which I do not have access to the source code. These components talk to each other using plaintext on a particular port. I would like to be able to secure the communications between the two or more nodes using…
Jonathan Oliver
  • 329
  • 1
  • 3
  • 13
2
votes
2 answers

ebtables/iptables/bridge-utils: PREROUTING/FORWARD issue on single-NIC bridge

We have a number of iptables rules for forwarding connections, which are solid and work well. For example, port 80 forwards to port 8080 on the same machine (the webserver). When a given webserver is restarting, we forward requests to another IP on…
Neale Rudd - Metawerx Java
  • 21
  • 2
1 2 3
99 100