Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
3 answers

2DHCP servers on 1 network

I have 2 pfSense routers setup. one is DHCP for 172.16.2.x and one is DHCP for 172.16.1.x. PC0 is 172.16.1.245 and I can ping PC0 from the (PC1) on the 172.16.2.x subnet. PC1 is 172.16.2.245 but but i cant ping PC1 from (PC0) on 172.16.1.x…
ctrlShiftBryan
  • 131
  • 3
2
votes
1 answer

Iptables port forwarding for specific host dd-wrt/tomato

i m trying to open ports 5060 and 5004 (udp & tcp) for a specific internal ip (192.168.1.5) but i only want communication over these ports to be between specific external host(s) and deny everything else to this internal IP. i have tried various…
AtulBha
  • 21
  • 2
2
votes
2 answers

iptables for traffic monitoring

I have rules like this in my IPTABLES: -A INPUT -s 166.100.102.50/32 -j LOG --log-level 7 and I wrote a script that grabs the output of these rules and outputs the bytes from the IP to my server. I was hoping to get suggestions on how I could create…
rahrahruby
  • 587
  • 6
  • 12
  • 21
2
votes
1 answer

iptables denies internal access to port 17500

In the kernel log there are hundreds of these lines. The source is the external IP of the VPS (not localhost nor 127.0.0.1), other times an IP of the network of the VPS provider. The source port and dest port is always 17500. I searched a bit but…
MultiformeIngegno
  • 1,687
  • 9
  • 26
  • 31
2
votes
2 answers

Can't connect to Postgres in production

I'm trying to connect to my Postgres instance on a local IP, which I can connect to with no problem using the psql -h localhost command. However, which trying to run via rails, I get this: $ rails c…
Avishai
  • 123
  • 1
  • 4
2
votes
3 answers

iptable localhost connections reported to be blocked, but work ok

I am using fwbuilder and have tried setting up rules that both allow lo interface and source ip 127.0.0.1, as follows: $IPTABLES -A INPUT -i lo -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -o lo -m state --state NEW -j…
Yoav Aner
  • 561
  • 2
  • 6
  • 13
2
votes
1 answer

NAT for static private addresses

Could someone please help me out with the following scenario: I have a machine that hosts 3 lxc containers, and acts like a router for them. The LXC containers have private ip addresses set on the interfaces that are connected to the host. I want to…
biggdman
  • 153
  • 1
  • 2
  • 10
2
votes
0 answers

Forwarding udp ports iptables packets "lost"?

I have a Linux router (Debian 6.x) where i forward some ports to internal services. Some tcp ports (like 80, 22...) are OK. I have one Application listening on port 54277udp. No return is coming from this app, i only get Data on this…
Dindihi
  • 21
  • 3
2
votes
2 answers

Configure IPTables on KVM host to block guest bridge traffic

I am working on a thesis research project, and I am having some difficulty figuring out how to get iptables (running on the KVM host) to block traffic (or rather, manipulate traffic) destined for a BRIDGED KVM guest. I am unable to get the iptables…
Phanto
  • 891
  • 5
  • 16
  • 24
2
votes
1 answer

OpenVPN tunnel, iptables don't support NAT

I wanted to route my private PCs traffic through my VPS and set up my OpenVPN as fas as necessary but now I have the problem that I can't set iptables, since NAT support is disabled for my server's kernel. The command I would have used is iptables…
RikuXan
  • 217
  • 1
  • 3
  • 11
2
votes
1 answer

ipvsadm lists a few hosts by IP only, rest by name

We use keepalived to manage our Linux Virtual Server (LVS) load balancer. The LVS VIPs are setup to use a FWMARK as configured in iptables. virtual_server fwmark 300000 { delay_loop 10 lb_algo wrr lb_kind NAT persistence_timeout…
dmourati
  • 25,540
  • 2
  • 42
  • 72
2
votes
1 answer

Using a roadwarrior ipsec client as a gateway

Scenario: INTERNET --- VPN-Server <----> ROUTER <----> Roadwarrior <----> Subnet 132.1.1.1 192.168.2.1 192.168.2.50 176.168.10.0/24 | INTERNET …
scitech
  • 21
  • 2
2
votes
2 answers

HTTP through a proxy server is not allowed

When I try to connect to my Tomcat server on http://:8080 it works fine, but from another ISP provided it gives the following error: HTTP through a proxy server is not allowed. Some ISP apparently don't allow http over the port 8080, as…
Majid Laissi
  • 123
  • 1
  • 6
2
votes
0 answers

A minmal iptables ruleset for a high volume Nginx reverse proxy (or: how to use NOTRACK for http and https)?

I'm looking for a minimal iptables ruleset for a rather high volume Nginx/Varnish reverse proxy. I'd like to close down the server, so that only ports 80 and 22 are open at all for connections from the outsite. Furthermore, I'd like to exclude the…
flight
  • 394
  • 4
  • 14
2
votes
1 answer

How to whitelist CloudFlare IP ranges within iptables rules (multiport)?

There seem to be many different ways to setup whitelist rules within iptables. What is the wisest way to whitelist the CloudFlare IP address ranges below via SSH? 204.93.240.0/24 (204.93.240.0 - 204.93.240.255) 204.93.177.0/24 (204.93.177.0 -…
Jesse Nickles
  • 264
  • 2
  • 14
1 2 3
99
100