Displaying 20 results from an estimated 5000 matches similar to: "Iptables Question"
2008 Aug 29
2
Iptables masq traffic limiting
Where is the correct place to control what traffic is masq'ed out?
This is what I have, but I was told the Forward chain isn't the right place to do this?
iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport
2006 Dec 11
6
load balacing with https home banking
Hello everybody.
I''m running linux 2.6.19 with nth match to
alternatively snat outgoing connections to
two different ip addresses for load balancing
between two adsl lines:
Here is:
$IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to
adslA
$IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
multiport
2007 Aug 16
4
two providers.
Hello, people.
I read iptables tutorial and lartc, but i''m still confused with one
trouble.
May be this question was discussed already, so forward me solution, if
is.
So, there''s a trouble.
I have debian etch linux. 2.6.18-4 kernel.
On this computer i have three interfaces: eth0 - my lan, eth1, eth2 -
providers.
By default all internet traffic routed through eth2. But i
2010 Aug 02
2
NAT via /etc/sysconfig/iptables
Hello listmates,
It's been a few years since I've set up a router... and for some
reason I seem to be getting hung up on this one.
Does anybody have a sample iptables config file that would incorporate
NAT and forwarding for a simple router?
Thanks.
Boris.
2005 Feb 21
12
NAT
Hello,
I installed my linux server for 3 months now. It does almost everything
(dns, web & mail server, firewall ...).
I just encounterd two problems with the firewall: behind this server
there are 2 computers: i got emule on one and msn on the other. The
problem is that I can''t configure well the firewall fore these 2 rules.
I''ve added DNAT rules but it
2008 May 22
4
IPTables help
I have a dual homed server in an install for someone who is very cost sensitive.
This server originally is being setup as an Asterisk server, but now the simplest
thing for me to do is also set it up to provide internet access for the small shop as well.
So it will have one external, WAN facing nic that needs all incoming ports except UDP 5060 and
10000 -> 60000 blocked for all but two ips.
2016 Jun 21
2
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello again,
unfortunately the following /etc/sysconfig/iptables file does not work:
*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
#-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
--to-ports 8080
COMMIT
*filter
:INPUT DROP
:OUTPUT ACCEPT
:FORWARD DROP
-A INPUT -m state --state
2016 Jun 20
3
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Good evening,
on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m
2016 Jun 21
4
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello Gordon and others
On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:
> On 06/21/2016 02:30 AM, Alexander Farber wrote:
>
>> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
>> --to-ports 8080
>>
>
>
> I think you have the ports backward, here.
>
here the problem description again:
I have
2009 Jul 13
0
Iptables issues again
I know that I have asked this before of the list. However we just changed
ISP and ip's and I'm having this issue again. I have a linux firewall
using iptables with the following config
eth0 = WAN 1
eth1 = LAN 1
eth2 = WAN 2
I'm trying to forward all traffic that makes a request from eth2 to an
internal IP on eth1.
These are the folloing rules that I have set up.
iptables -t nat -A
2010 Jun 22
1
iptables and kvm
I am experimenting with a kvm virtual machine. At the moment I
trying to configure iptables for the the host instance. In Xen
terms I would call this Dom0 but I do not know the appropriate KVM
term, if any.
The setup I have is a single NIC (eth0) host bridged (bridge0). I
want iptables to allow all host generated traffic (! bridge0 I
think) and to check all other traffic for brute force
2019 Feb 12
1
Samba and ufw (Martin McGlensey)
Louis,
Made the changes. Still unable to mount office. Firewall also blocks
Thunderbird mail and maybe internet. Will check that more fully
later.Any thoughts ob Tony's response?
Outputs:
martin at radio:/etc$ sudo apt-get install ufw
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no
2010 Jan 21
2
Samba behind NAT
Hello All,
I have a strange problem regarding samba 3.0.37
I have samba server installed in the local network behind NAT, the
router iptables are configured as follows:
#samba
$IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV
$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2019 Feb 07
3
Samba and ufw
Rowland,
OK. Should I delete these lines?
diff yours mine
63d62
yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10
-j LOG --log-prefix "[UFW ALLOW] "
85,87d83
yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit
--limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] "
yours# -A ufw-before-logging-input -m conntrack
2008 Aug 26
1
iptables question
When do you know you need the "-m multiport" option? I see examples with -dport xx:xxx for example that sometimes use it and sometimes don't?
I have read the man page and see what "-m multiport" requires, but don't see the requirement involving its use.
Thanks!
jlc
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the
hosts file. In addition, it contains the first release of a new
Bridge/firewall implementation that uses the reduced-function physdev
match found in kernel 3.6.20 and 3.6.21.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the
hosts file. In addition, it contains the first release of a new
Bridge/firewall implementation that uses the reduced-function physdev
match found in kernel 3.6.20 and 3.6.21.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2005 Sep 26
1
Qos, HFSC and VoIP
Hello,
I''m using Linux kernel 2.6.x and tc (from iproute2 package).
I''m trying to use HTB or HFSC scheduler in order to limite the rate of outgoing packets and also in order to minimiez delay for RTP stream.
But I didn''t suceed in having this 2 QoS services working.
I use Iptables in order to classify packets. Here is my HFSC conf.
In fact the pings that i send from
2019 Feb 06
2
Samba and ufw
Rowland,
Did some editing in smb.conf that I had to reverse. Now I'm back to
being able to connect with the firewall disabled. When I enable the
firewall I get as far as windows network -> workgroup but no connection.
I have only the rules you recommended in your last email.
Louis,
The information you requested is below:
martin at radio:~$ dpkg -l|egrep "iptables|ufw"
iiĀ