search for: iacapp3

...tlen=20] Sent 316975056 bytes 1093222 pkts (dropped 0, overlimits 0) a example tcpdump: # tcpdump -v port 8099 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 13:19:25.340470 IP (tos 0x0, ttl 63, id 31421, offset 0, flags [DF], length: 48) 158.226.150.44.4870 > iacapp3.local.8099: S [tcp sum ok] 2049470510:2049470510(0) win 64240 <mss 1460,nop,nop,sackOK> 13:19:25.341584 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 48) iacapp3.local.8099 > 158.226.150.44.4870: S [tcp sum ok] 1753072926:1753072926(0) ack 2049470511 win 5840 <mss 1460,nop,n...

...s port is than routed to the original 8080, I do that because I don`t want to dirturb my port 8080. But it seams the ingress filter doesn`t work on it!! iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere iacapp3.local tcp dpt:8099 to:192.168.0.10:8080 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination .)I tried then for the port 8080 and something happened but no drop of the packag...

...al 8080, I do that because I don`t want to dirturb > my port 8080. > But it seams the ingress filter doesn`t work on it!! > > iptables -L -t nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT tcp -- anywhere iacapp3.local tcp dpt:8099 > to:192.168.0.10:8080 > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > .)I tried then for the port 8080 and...

...urst 1 drop flowid :1 Maybe it is a problem of the port forwarding, because I have set the forwarding of the incoming traffic on 8099 to port 8080. iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere iacapp3.local tcp dpt:8099 to:192.168.0.10:8080 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination So my goal is to restrict incoming access only to port 8099 an not 8080 (whe...

...t is a problem of the port forwarding, because I have set the > forwarding of the incoming traffic on 8099 to port 8080. > > iptables -L -t nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT tcp -- anywhere iacapp3.local tcp dpt:8099 > to:192.168.0.10:8080 It looks like you are using the old policer that is after PREROUTING then - I guess you don''t see any drops on 8099 because you already DNATed it to 8080. > > So my goal is to restrict incoming access only to port 8099 an not 80...