Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
2 answers

Redirect local traffic to proxy port with iptables

I have a Ubuntu 12.04 host that has a squid proxy on it running on port 8080. I want to proxy all the web traffic from the host through squid using iptables. Is the correct method: iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT…
ztnewman
  • 31
  • 1
  • 1
  • 3
2
votes
1 answer

Port 25 blocked but Firewall is off

OK so this is driving me crazy. Running sendmail on CentOS. It's running, and listening on 25: [root@mysqlslavebackup ~]# nmap -sS -O -sV 127.0.0.1 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-03-21 10:46 PDD
Interesting ports…
Christopher Glenn Schlägel
  • 21
  • 2
2
votes
1 answer

How do I drop "empty" HTTP packets using iptables?

I have a 1GB-VPS-hosted site running on Ubuntu 10.04 LTS. I am using nginx as the web server. The site has been running in a relatively stable configuration for three years, and handles about 4 million pageviews a month. For the past 16 hours, I've…
Josh K
  • 63
  • 2
  • 6
2
votes
1 answer

Dom0 not forwarding to DomU

The situation: DomU: Debian SID /etc/network/interfaces auto eth0 iface eth0 inet static address x.x.x.55 gateway x.x.x.49 netmask 255.255.255.255 pointopoint x.x.x.49 Ping DomU -> x.x.x.49 (aka Dom0) PING x.x.x.49 (x.x.x.49) 56(84) bytes of…
cimnine
  • 141
  • 6
2
votes
1 answer

Dropping incoming requests for a specific file with iptables

Server is a standard LAMP stack configured via cpanel on CentOS 5.9. We have one file, call it bad.php, on one of our domains that is mistakenly being accessed about 10 times a second by a service provider. The file no longer exists, and we want to…
Nathan Stretch
  • 181
  • 2
  • 15
2
votes
1 answer

How to dynamically generate iptables rule?

Good day. I have a following issue - i have plenty of the computers in my local network(probably, about 40, and this amount could increase), and i want to give remote access to all of them from the internet. All those machines are connected to…
alex_java_kotlin
  • 121
  • 4
2
votes
2 answers

how can I block all traffic that is coming to and from an IP address using iptables

I am trying to block all traffic that is both coming and going to an internal IP address (this server acts as a router for the network). so far I have tried the following: iptables -A INPUT -s 192.168.1.111 -j DROP & iptables -A OUTPUT -d…
lacrosse1991
  • 1,437
  • 5
  • 20
  • 26
2
votes
4 answers

Configure iptables over SSH without getting locked out?

I need to provision servers via SSH, and in the process, configure iptables. More precisely, I want to run the following commands in this order: iptables -F iptables -P INPUT DROP iptables -A INPUT -i lo -p all -j ACCEPT iptables -A INPUT -m state…
user22711
2
votes
4 answers

iptables drop negative DNS responses

How to drop incoming negative DNS responses in Linux? (I want a timeout instead) I'm thinking of creating an iptables rule: iptables -I INPUT -p udp --sport 53 -m u32 ... From wireshark: 000E start of IP Packet (fixed, at first, I wrote 0010) 0022…
basin
  • 558
  • 1
  • 5
  • 22
2
votes
1 answer

IPTables - Rules not working

I was looking into some new rules but I can't seem to get them to work at the moment, The error i keep getting is iptables: Applying firewall rules: iptables-restore: line 36 failed and that's the COMMIT. I did move the COMMIT to see if i could…
ZeroErrors
  • 23
  • 3
2
votes
2 answers

Routing problems to certain domains with PPTPD VPN setup

We've been struggling with some kind of network/routing issue with a PPTPD based VPN where the clients can't access certain internet domains/ips through the VPN. As an example, the user can browse hxxp://google.com, but not hxxp://microsoft.com. The…
Eirik H
  • 125
  • 1
  • 9
2
votes
2 answers

Routing to secondary LAN with Shorewall

I'm setting up Shorewall (4.4.26.1), and have been trying to figure out routing between two LAN segments for the good part of the afternoon. It's time to ask for help. ((INTERNET)) | | [shorewall] | | | | (LAN1) (LAN2) I…
Ville
  • 267
  • 2
  • 11
2
votes
1 answer

Troubleshooting a failing SIP connection

I have a linux Asterisk server that is behind a firewall. The firewall has three interfaces : eth0 is the LAN, where Asterisk resides, eth2 is the default gateway to the internet (via an ADSL modem / router), eth3 is a secondary internet…
alci
  • 443
  • 2
  • 6
  • 15
2
votes
1 answer

Cannot directly reject traffic on port 25

My server is running Ubuntu 10.04.4 LTS and I want to reject traffic to port 25. The goal is this: $ telnet {ip} 25 Trying {ip}... telnet: connect to address {ip}: Connection refused telnet: Unable to connect to remote host I've tried using…
Ruben Verborgh
  • 171
  • 1
  • 10
2
votes
1 answer

How does iptables determine which packets are multicast?

Are packets assumed to be multicast solely based on their ip address? I've been looking at the RFC 1112 and a quick scan doesn't appear to indicate any other flags on the ip packet.
Colin Newell
  • 254
  • 2
  • 6
1 2 3
99 100