Questions tagged [iptables]

Iptables is a module that provides the Linux operating system functions of firewall, NAT and logging of data traveling over a computer network.

Filter by
Sorted by
Tagged with
0 votes
0 answers
23 views

Add a IP to another rule matching hex in iptables linux

iptables -t raw -A PREROUTING -p udp --dport 4578 -m string --hex-string '|fefffffffffffffffff77f12|' How can I whitelist the IP having the above hexx string automatically on Iptables. I'll be ...
user avatar
0 votes
0 answers
11 views

How to do "source-MAC based routing" with nftables

(This is a simplified version of this: Can Linux do "source MAC based routing?") I have an appliance that needs to route egress packets back to the MAC interface where the ingress packets ...
user avatar
0 votes
1 answer
22 views

CentOS/RHEL: How to disconnect established connection and prevent subsequent connections until reboot?

I'm trying to test a system that uses multiple interconnected hosts, with one of the hosts randomly selected as the leader and the others being members. The members connect to the leader on a specific ...
user avatar
  • 103
0 votes
0 answers
21 views

UDP packets dropped with `ctstate=INVALID`, but meanwhile its connection `[ASSURED]` in conntrack list

I have my router connecting to a remote VPS as so-called 'VPN' that is based on UDP protocol, then the VPS traffic slows down in few seconds after a new reboot. I can see a huge amount of incoming ...
user avatar
  • 1
0 votes
0 answers
26 views

iptables to nftables for iKEv2 IPSEC VPN server

Can someone please help in converting the below iptable rules to equivalent nftables rules? I have already tried to use iptables-translate, but it is not translating all of my rules... # accept ports ...
user avatar
0 votes
0 answers
26 views

Get ssh access to the Host IP while VPN connection is established

I have my Raspberry PI connected to Internet with real IP address. The network topology is the following: Network scheme On the RPI Wireguard client is setup and traffic forwarded from VPN to ETH1 and ...
user avatar
0 votes
2 answers
24 views

What is the corresponding TCP states for states in iptables? (NEW and ESTABLISHED)

The iptables manual says ESTABLISHED meaning that the packet is associated with a connection which has seen packets in both directions, NEW meaning that the packet has started a new connection, or ...
user avatar
0 votes
0 answers
6 views

OpenVPN only connects over local LAN

I followed this tutorial https://www.youtube.com/watch?v=dwrR18_xO_Q&t=44s It works perfectly in the local network, but not in External network I think something wrong in my dd-wrt iptables. I ...
user avatar
  • 1
0 votes
0 answers
21 views

Using iptables inside an unprivileged (rootless/fakeroot) network namespace results in permission error with `/run/xtables.lock`

I'm using unshare to create an unprivileged network namespace: unshare -Unr This gives us a network namespace that should be capable of using iptables. However upon running it: iptables -L We get: ...
user avatar
0 votes
0 answers
9 views

Another way to implement the depecrated iptables MIRROR target?

According to https://www.linuxtopia.org/Linux_Firewall_iptables/x4448.html, in Linux kernel 2.3 and 2.4 iptables had a MIRROR target that would flip the source and destination of the packet, which is ...
user avatar
0 votes
1 answer
18 views

iptables firewall whitelisting limit

We have a distributed system with many clients connecting to this system. We want the server to be isolated so that only client machines can connect. We are using IPTables as follow: /sbin/iptables -A ...
user avatar
0 votes
2 answers
47 views

Server flooded by DNS attack on port 53

I have been getting flood of traffic on port 53 all day on udp port 53 Sample Output of tcpdump using "tcpdump -n -i eth0 udp port 53" 14:29:48.734275 IP 212.174.17.28.53 > 23.92.19.211....
user avatar
  • 1
0 votes
1 answer
66 views

Relay TCP upload traffic and make download traffic go directly to the client

This is a supplement for iptables SNAT for UDP rule is only applied to some traffic In fact, I have three machines: the client the target server the relay server What's my motivation for doing this? ...
user avatar
  • 13
0 votes
1 answer
55 views

iptables SNAT for UDP rule is only applied to some traffic

I want to use Source NAT to change the local IP address of UDP traffic. However, only locally-generated traffic has the NAT rule applied, replies to traffic generated from remote sources do not have ...
user avatar
  • 13
0 votes
2 answers
38 views

How to allow peers access only to the Internet?

I tried for a long time to find the answer to the question "How to allow peers access only to the Internet?", But I did not find anything. The only thing I understood is that this can be ...
user avatar
  • 3
1 vote
0 answers
30 views

Docker containers cannot communicate using host public IP

I have an Ubuntu server running some apps in Docker (including Nginx Proxy Manager) and some subdomains pointing to the public IP of my server. All my containers are on the same bridge network. One of ...
user avatar
2 votes
0 answers
27 views

Can't access Apache2 on a VPS via public IP of the server from an external computer

root@Client13:/etc/apache2# netstat -anltp | grep "LISTEN " tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 104129/apache2 tcp 0 0 0.0.0.0:22 ...
user avatar
  • 23
0 votes
1 answer
28 views

Meaning of IPTABLE duplicate values

I'm new to IPTABLES and when I execute the following command /sbin/iptables --list -n | grep 16381 I could see multiple entries as shown below : ACCEPT tcp -- a.b.c.d 0.0.0.0/0 ...
user avatar
0 votes
1 answer
28 views

Block port on docker host

I have an ubuntu vps and use it to mostly run bunch of docker containers. However one service (which collects metrics from the host machine) is running on host itself. How can I block access to its ...
user avatar
0 votes
1 answer
16 views

iptables - percentage sign followed by an i (%i)

I have this iptables rule that comes with my autogenerated wireguard config as a postup rule. I tried to figure out each step of the rule. But neither the manual or a search engine would tell me what ...
user avatar
  • 936
0 votes
0 answers
17 views

Send private client IP using SNAT to my php web server

I have the next topology Topology The clients have a private ip 192.168.0.x And I have two NAT servers The server 1 has an interface with the gateway for the clients with 192.168.1.254 and has an ...
user avatar
1 vote
0 answers
17 views

SMB over VM over VPN?

I've been struggling with forwarding traffic to SMB over VM that connects to my reverse proxy server that has public IP. My setup: Home: [Debian11 server with SMB] (My server rack) [Ubuntu VPS] (my ...
user avatar
  • 11
0 votes
1 answer
37 views

Unstable LTE connection with SIM7600G-H 4G HAT

I've used a RasperryPi 3B+ together with the SIM7600G-H 4G HAT module to build myself a home router. The HAT module is connected via mini-usb. I managed to setup the LTE connection using qmicli with a ...
user avatar
1 vote
2 answers
28 views

Allow certain OUTBOUND connection

I try to connect to a remote host over ssh (139.162.206.137) but iptables block the connection. This is my actual iptables configuration [root@SRV1 ~]# iptables -L Chain INPUT (policy ACCEPT) target ...
user avatar
  • 13
0 votes
1 answer
20 views

How to create a summary report showing outbound data going through the firewall (iptables)

I have installed fwlogwatch and generate a daily report like this: fwlogwatch -b -l 1d -N -n -M 20 -w -T infrastructure@mydomain.com /var/log/kern.log /var/log/syslog It doesn't seem to correlate ...
user avatar
0 votes
0 answers
34 views

Internet access through wireguard over multiple hops

I am trying to achieve the following: I want my personal computer A to connect to the internet through a raspberry pi C on a wireguard VPN. Most guides on the topic assume the internet gateway is a ...
user avatar
1 vote
0 answers
42 views

iptables DNAT traffic to localhost weird behavior

I hit a problem when trying to understand how iptables handles DNATed packet.. I run a server at localhost:8000, and I added a rule to nat table: -A OUTPUT -d 1.2.3.4/32 -p tcp -m tcp --dport 80 -j ...
user avatar
0 votes
0 answers
13 views

Using host & iptables as bastion before mongoDB

I am trying to setup a config on a "bastion/NAT" host. I have 2 mongoDB host, which are behind firewall, my bastion and a set of clients. my bastion has main IP: 10.198.24.10 and 2 aliases: ...
user avatar
1 vote
1 answer
38 views

Iptables selective MASQUERADE

I am working on a wireguard node for routing traffic. My plan is to allow wireguard peers to communicate with each other trough me (without masquerading) and create a separate forward from my private ...
user avatar
0 votes
0 answers
31 views

NAT with iptables does not work from within a VM

I use Proxmox on a Debian 11 host with two public IP addresses. One ip gets bridged to a virtual machine (VM1) via vmbr0. For another machine (VM2, IP 192.168.10.2) I want to use NAT to get internet ...
user avatar
  • 1
0 votes
0 answers
14 views

I have a raspberry pi running a DNS server using bind and wanted to forward traffic while iptables policy is on BLOCKED/drop

MY raspberry pi is runnin a dns server on 172.18.1.1 its hooked up via ethernet to my laptop-pi and my vm1 has ip of 172.18.1.2 and 2nd card has 192.168.1.1 , how can I forward this traffic to my ...
user avatar
  • 1
0 votes
2 answers
48 views

Linux Basic Networking and iptables?

If I am networking between two linux PCS, using blue ethernet cables, or wireless, is this always a tcp/ip, tcp network? If I am networking between one Linux machine and another, will both machines ...
user avatar
  • 101
0 votes
0 answers
63 views

How to route http requests from wireguard to mitmproxy docker container?

I have the following docker-compose.yml file: version: "3" services: vpn: image: lscr.io/linuxserver/wireguard:latest container_name: wireguard cap_add: - NET_ADMIN ...
user avatar
  • 319
0 votes
0 answers
24 views

BAD request for iptables captive portal

I have setup a Access Point and want to redirect HTTP to my webserver before they can access the internet. i have already put in some iptables rules which look like this # Generated by iptables-save ...
user avatar
0 votes
1 answer
22 views

Redirect traffic to another IP and Port

I have a Virtual Machine with a random virtual IP. I'm able to retrieve its IP with the following command line: VM_IP=$(some command) What I'd like to get is something that would redirect my local ...
user avatar
  • 125
0 votes
0 answers
26 views

FirewallD Port Forwarding port to KVM

I have been trying to get this working for hours and no rule or instructions I find online seem to work. Basically I have a dedicated host that I'm using as a KVM hypervisor. I have a nat interface ...
user avatar
  • 372
0 votes
0 answers
14 views

How to allow only one website on your network to have access to an apache webserver in a daisy chain

I have my VMs in a daisy chain where one pc routes internet to the second vm and second vm routes interent to third vm. However when I use my iptables to allow only the second vm to have access to the ...
user avatar
  • 1
1 vote
0 answers
61 views

Routing traffic through custom tap device en-route to internet on linux

I have a VM that is using a tap device (tap2) and my goal is to filter all the traffic in/out of tap2 using a custom program written by me that runs in userspace. The topology I came up with routes ...
user avatar
0 votes
0 answers
24 views

I am switching over to windows for an assignment and was wondering how to set up ip masquerading

iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE what would the equivalent/similar command to get internet from one interface and route it to another pc
user avatar
  • 1
0 votes
0 answers
23 views

VM can access internet despite iptables DROP rules

I have installed VirtualBox and I have 2 Ubuntu VMs running on VirtualBox. Please see the network diagram: VM 1 (Client VM) has static IP address of 10.0.2.2. Gateway VM has 2 IP addresses - 10.0.2.1 ...
user avatar
  • 1
1 vote
1 answer
104 views

Port forwarding using IPTABLES to vpn client

I have been struggling for almost half a year now and I read almost all of the internet's solutions but none have worked. The current solution which is also came from different articles is this: ...
user avatar
0 votes
0 answers
65 views

Unable to make or answer calls on any browser on messenger on Linux

I am using MX-Linux as my main OS. Unfortunately, I cannot make or answer a call over Facebook Messenger web on any browser. I tried doing that on google chrome, firefox and Opera. However, I got the ...
user avatar
0 votes
1 answer
442 views

Wireguard Client With Two Interfaces - Use one Interface for Wireguard

I'm trying to configure a Wireguard client currently set to route all traffic through Wireguard to only route one network interface through Wireguard. Ex: The Client has both wlan0 and eth0 interfaces ...
user avatar
0 votes
1 answer
29 views

Forward packets to another IP

I ama using a VPN to connect to my work network. The problem is that the VPN doesn't have a route for the subnet I want to reach (192.168.24.0/24). I am able to ping another subnet (192.168.2.0/24), ...
user avatar
  • 3
0 votes
0 answers
31 views

iptables trace behavior on mangle table

I'm trying to perform DNAT in my linux box and has the following table setup: Incoming packet's destination: 1.2.3.4 Destination after DNAT: 5.6.7.8 $ iptables -t nat -L Chain PREROUTING (policy ...
user avatar
  • 227
0 votes
0 answers
22 views

Ubuntu route certain traffic from one machine through another

I am having two ubuntu 18.04/21.04 machines one "real" Ubuntu A (21.04) on my fast laptop one virtual Ubuntu B (under VMware 15.5, NAT mode, hosted on a somewhat slow Windows 10 Desktop). ...
user avatar
0 votes
1 answer
42 views

Shorewall IPv4 Forward rule on same interface

I have a shorewall configuration and would like to allow traffic, coming from one interface and going out to the same interface. The traffic is going from 192.168.108.2 -> 192.168.108.1 -> 192....
user avatar
0 votes
0 answers
27 views

iptables router, routing internal server traffic via public server

I've thrown myself in the deep-end here and it has taken me sometime to firstly become somewhat familiar with my working pfsense firewall installation [I've completed a number over a few months, ...
user avatar
4 votes
0 answers
74 views

Site-to-site VPN with consumer hardware

I'm trying to use OpenVPN to set up a routed site-to-site VPN to connect two NAT-ed networks, roughly following the instructions here. Network A uses the IP range 192.168.1.0/24. The router and ...
user avatar
  • 5,703
0 votes
1 answer
46 views

OpenVPN connects but then internet connection drops on RutOS

I set up my rut950 4g router to connect to a commercial VPN provider and it was working fine until one day it stopped working. To be more specific, the internet connection works, the VPN connection ...
user avatar
  • 1

1
2 3 4 5
35