similar to: IPTables help

I have a squid proxy running transparently, so in my firewall script I run the following fairly early: iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128 This is a multihomed server so after this change the masquerading was removed (as only web access on the lan side of this server was needed). I now need to masq cleanly one device so that it

Where is the correct place to control what traffic is masq'ed out? This is what I have, but I was told the Forward chain isn't the right place to do this? iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport

When do you know you need the "-m multiport" option? I see examples with -dport xx:xxx for example that sometimes use it and sometimes don't? I have read the man page and see what "-m multiport" requires, but don't see the requirement involving its use. Thanks! jlc

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Good evening, on a CentOS 7 LAMP (not gateway) dedicated server I am using iptables-services with the following /etc/sysconfig/iptables: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m

Hello listmates, It's been a few years since I've set up a router... and for some reason I seem to be getting hung up on this one. Does anybody have a sample iptables config file that would incorporate NAT and forwarding for a simple router? Thanks. Boris.

Hello again, unfortunately the following /etc/sysconfig/iptables file does not work: *nat :INPUT ACCEPT :OUTPUT ACCEPT :PREROUTING ACCEPT :POSTROUTING ACCEPT #-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT --to-ports 8080 COMMIT *filter :INPUT DROP :OUTPUT ACCEPT :FORWARD DROP -A INPUT -m state --state

Hi All, I''ve been playing with QOS for a short while now and have worked out how to do what I want using HTB. Great queuing discipline btw. My problem is the tc filters I want to setup aren''t working because iptables is getting to the packets first and mangling the src address. The iptables script I am using is MonMotha''s Firewall 2.3.8 and it includes lots of nice

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

Rowland, Did some editing in smb.conf that I had to reverse. Now I'm back to being able to connect with the firewall disabled. When I enable the firewall I get as far as windows network -> workgroup but no connection. I have only the rules you recommended in your last email. Louis, The information you requested is below: martin at radio:~$ dpkg -l|egrep "iptables|ufw" ii 

Hello Gordon and others On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 06/21/2016 02:30 AM, Alexander Farber wrote: > >> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT >> --to-ports 8080 >> > > > I think you have the ports backward, here. > here the problem description again: I have

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I recently tried adding a firewall to my Samba 4 server using the port information I found on the wiki. Below is a dump of the resulting rules. root at dc01:~# iptables -S - -P INPUT DROP - -P FORWARD DROP - -P OUTPUT ACCEPT - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m

On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote: > On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote: > > > *nat > > :INPUT ACCEPT > > :OUTPUT ACCEPT > > :PREROUTING ACCEPT > > :POSTROUTING ACCEPT > > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > > --to-port 80 > >

Dear netters, My linux box is installed with samba 3.0.0 and joined with NT domain (w2k based). Samba are working fine, until I filter the incoming traffic using iptables (v1.2.7a) on default RedHat 9 kernel 2.4.20-8, using these rules: [root@Bhp-0m03-0472 root]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.2.7a on Sun Oct 12 19:36:36 2003 *filter :INPUT DROP [0:0] :FORWARD ACCEPT

Hi, I remember back in the days, there was a neat trick to recover a lost root password, or more exactly, redefine a new password for root. 1. In the bootloader, boot the system with the 'init=/bin/bash' kernel argument. 2. Remount the root partition in read-write mode: # mount -o remount,rw / 3. Set the password for root: # passwd 4. Remount the root partition in read-only

i''ve read your http://lartc.org/howto/lartc.rpdb.multiple-links.html article as well as Advanced IP Routing (esp. chapter 10.4) and still unable to make this thing work. am i that helpless? :) is there anyone to guide me through the multiple ISP setup? into details. i got 2 dsl connections from different ISPs (A and B), both connections use PPPoE, both got assigned with dynamic IPs

Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT

Louis, Made the changes. Still unable to mount office. Firewall also blocks Thunderbird mail and maybe internet. Will check that more fully later.Any thoughts ob Tony's response? Outputs: martin at radio:/etc$ sudo apt-get install ufw Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hello fellow CentOS users, on a freshly installed 7.2 machine and after reading https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html I try to enable iptables with following commands: # cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) # rpm -qa | grep iptables iptables-1.4.21-16.el7.x86_64