Search Results

Search found 1249 results on 50 pages for 'iptables'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 11/50 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • Using iptables to forward traffic destined for specific ip via specific interface

    - by shapeshifter
    I want to forward traffic destined for a specific ip from my internal network via a specific interface. I have two interfaces which are currently load balanced. I need all requests for a certain ip to go out via eth0 otherwise my external ip changes and sessions are dropped. eg. all requests from 10.1.1.1/24 to ip 11.22.33.44 on port 443 must go out via interface eth0. How can I do this with iptables?

    Read the article

  • Closing idle connections with iptables.

    - by kyku
    Hi, I have a server application that does not remove idle connections (resulting from for example client or communication failures). Is it possible to configure iptables to monitor activity on sockets and close connections haven't had any activity for a specified amount of time?

    Read the article

  • Managing hosts and iptables in scalable architecture

    - by hakunin
    Let's say I have a load balancer in front of 3 app servers. Let's say I also have these services available at certain IPs: Postgres server Redis server ElasticSearch server Memcached server 1 Memcached server 2 Memcached server 3 So that's 6 nodes at 6 different IP addresses. Naturally, every one of my 3 app servers needs to talk to these 6 servers above. Then, to make it a bit funkier, I also have 3 worker servers. And each worker also talks to the above 6 servers, but thankfully workers and apps never need to talk to each other. Now's the kicker. Everything is on Digital Ocean VPS. What that means is: you have no private network, no private IPs. You only have separate, random IP address on each machine. You can't mask them or anything. So in order to build a secure environment I would have to configure some iptables. For example: Open app servers be accessed by load balancer server Open redis, ES, PG, and each memcached servers to be accessed by each app's IP and each worker's IP This means that every time I add an app or worker I have to also reconfigure iptables in those above 6 servers to welcome the new app or worker. Is there a way to simplify this type of setup? I was thinking — what if there was a gateway machine between apps/workers and the above 6 machines. This way all the interaction would always happen via the gateway server, and when I add a new app or worker I wouldn't need to teach the 6 servers to let it in. If I went this route, then I'd hope a small 512mb server could handle that perhaps, and there wouldn't be almost any overhead. Or would there? Please help with best way to handle this situation. I would appreciate an answer as concrete as possible. I don't think this is too specific, because this general architecture is very common, and Digital Ocean is becoming increasingly popular. A concrete solution here would be much appreciated by many.

    Read the article

  • Restrict traffic to local network and VPN using ufw or iptables

    - by Piezo Pea
    I want to restrict all traffic from my ubuntu-machine to come or go from the local network (eth0) or from or to my VPN (tun0). It should be possible to connect the router in the local network but not possible to leave the local network not using the VPN. Since i have no experience with iptables and i couldn't find some how-to i tried ufw but i did not succeed. Thank you for some hints or code snippets how to come closer!

    Read the article

  • What means empty iptables?

    - by Memochipan
    I'm using CentOS and when type the command: iptables -L -v The output is as follows: Chain INPUT (policy ACCEPT 19614 packets, 2312K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 13881 packets, 32M bytes) pkts bytes target prot opt in out source destination What does this means I'm able to connect using SSH. Where can I see that rule?

    Read the article

  • Iptables setup for PPTP server and UPnP on clients [on hold]

    - by SPYke
    I have a Debian server with one static external IP. It has PPTP server installed. Local IP is 192.168.1.200 and remote IPs are 192.168.1.201-209. I have several users, who connect to my server using their routers through the Internet. VPN work flawlessly. Routers have UPnP enabled, but devices, that use UPnP, are reporting no UPnP available. What rules do I need in iptables to make it work? Thanks.

    Read the article

  • Socksify TCP connections reaching a gateway IP -- preferably without iptables

    - by Alexandra Neagu
    I have Virtualbox installed on Debian with a few virtual machines. I can't install anything in the guests, and I use host only networking, vboxnet0. The host IP in the host network is 192.168.56.1, and the guests have static IPs in 192.168.56.0/24. I access Internet with a SOCKS proxy (without authentication) and I would like the Virtualbox guests TCP connections to be sent through the SOCKS proxy. This would also be useful for socksifying external TCP reaching a gateway network card or wireless access point. I looked at transocks, tun2socks, with dante-client, etc., but I don't know how can I achieve this without enabling IP forwarding in the host and using iptables. Maybe to attach somehow the Virtualbox vboxnet0 network to the tunnel tun0 used by tun2socks? Or maybe there is a way to do NAT to tun0 in Virtualbox? I only need TCP traffic and I don't need UDP, not even for DNS.

    Read the article

  • iptables: How to read this OPT string?

    - by alex
    I have a simple INPUT rule for iptables that logs any new connections to a logfile. --log-tcp-options and --log-ip-options flags are both set and I get the appropriate OPT output. One line of my log looks something like this: Nov 29 17:00:00 IN=venet0 OUT= MAC= SRC=x.x.x.x DST=x.x.x.x LEN=64 TOS=0x00 PREC=0x00 TTL=53 ID=37898 DF PROTO=TCP SPT=57755 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204057D010303010101080A3E521D4D0000000004020000) I would like to understand how to interpret the OPT string (bold). Is there some documentation available on what it actually means? How could I make it human-readable?

    Read the article

  • Which iptables rule do you think is a 'must have'

    - by Saif Bechan
    I have some basic iptable rules set up now for my vps. Just block everything except some default ports, 80,21,22,443. I do get brute forced a lot. I have heard that iptables is very powerful but I have not seen many use cases. Can you give me an example of a(some) rule(s) you always use and give a small example why. I can not find a general best practice post here on SF, if there is any I would like the link. If this is a duplicate I am sorry and it can be closed.

    Read the article

  • Iptables mark incoming packet - vpn routing

    - by Tom
    I have connected my home to my workplace for out of house backup reasons through openvpn. The connection is working nicely. At work I have 5 fixed IP addresses. Now I would like to assign one of these IP addresses to be forwarded to my home machine. I have confirmed packet arrival at my home machine with tcpdump. The problem is that my default route at home is NOT the tun0 (naturally), but eth0 to my own ISP. So I created a separate routing table to route my tun0 packets back to where they belong, but do not how to mark the incoming packet which arrive through tun0 with iptables, so I can drive them back. I do not want any port restrictions, but only what comes from tun0 should leave through tun0 thanks tom

    Read the article

  • iptables and snatting to different networks

    - by codingfreak
    linuxbox (p.q.r.t) | | INTERNAL ------ ABCD ----- INTERNET (p.q.r.s) (m.n.o.k) ABCD has 3 interfaces connected to linuxbox, INTERNAL N/W, INTERNET. Linuxbox has a private address (p.q.r.t). At present I am snatting the packets from linuxbox to INTERNET at ABCD. I have a small doubt regarding the FTP from linuxbox since I have to support ftp from linuxbox to both INTERNAL N/W as well as in INTERNET. How can I right a rule in iptables present in ABCD where it can decide if the destination ip-address of ftp server is within INTERNAL N/W or in INTERNET and do natting accordingly.

    Read the article

  • Iptables NAT logging

    - by Gerard
    I have a box setup as a router using Iptables (masquerade), logging all network traffic. The problem: Connections from LAN IPs to WAN show fine, i.e. SRC=192.168.32.10 - DST=60.242.67.190 but for traffic coming from WAN to LAN it will show the WAN IP as the source, but the routers IP as the destination, then the router - LAN IP. I.e. SRC=60.242.67.190 - DST=192.168.32.199 SRC=192.168.32.199(router) - DST=192.168.32.10 How do I configure it so that it logs the conversations correctly? SRC=192.168.32.10 - DST=60.242.67.190 SRC=60.242.67.190 DST=192.168.32.10 Any help appreciated, cheers

    Read the article

  • Limit maximum incoming connections to a port using iptables

    - by Harley
    I have a server that has apache listening on a number of ports. Some ports are used for configuring the server, and another is used to download large files. My problem is that when I have a large number of clients downloading files, the web interface is uncontactable. I would like to limit the number of clients connecting on the "large file" port so that apache always has available connections to configure the server. A REJECT is fine, the client trying to download the file will back off and retry later. Each client only has one connection open to the server at a time, so limiting by IP won't work. I know I could put something in front of apache to manage this, but I'd really like to do it in iptables, without adding more software.

    Read the article

  • Linux + IPTables + NAT = some http hosts unreachable.

    - by Daniel
    Hi. I've set up dead simple NAT: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE Everything works almost ok. Almost. The problem I've expirienced is some hosts are not reachable by NAT clients, i.e. there's http://code.jquery.com/jquery-1.4.2.min.js - I can download it from server, but in case of NAT client download stalls on connection stage. I thought its FFs fault, but wget has the same issue. I didn't find any logs/messages that can shed some light on this situtation. Any ideas what's going on? Maybe some tricky thing in sysclt is causing this? P.S. 3/3 client boxes are expiriencing this issue. This is definitely server trouble.

    Read the article

  • iptables: limiting bytes downloaded per IP per day?

    - by Miles
    On a public-facing web server, I'd like to limit the total bytes downloaded per IP address per day. For example, after a visitor downloaded 100MB, any additional requests would be dropped or rejected for the next 24 hours. Is it possible to accomplish this using iptables alone? The connbytes, connlimit, hashlimit, quota, and recent options all look promising, but the man page plays its cards close to the vest (e.g., "quota - Implements network quotas by decrementing a byte counter with each packet. --quota bytes The quota in bytes."). Would like to avoid using a proxy (like Squid) if possible.

    Read the article

  • NAT rules betweek 2 network interfaces (with iptables)

    - by Simone Falcini
    this is the current network that I have: UBUNTU: eth0: ip: 212.83.10.10 bcast: 212.83.10.10 netmask 255.255.255.255 gateway 62.x.x.x eth1: ip: 192.168.1.1 bcast: 192.168.1.255 netmask: 255.255.255.0 gateway ? CENTOS: eth0: ip: 192.168.1.2 bcast: 192.168.1.255 netmask 255.255.255.0 gateway 192.168.1.1 I basically want this: Make specific NAT rules from the internet to specific internal servers depending on the port: Connections incoming to port 80 must be redirected to 192.168.1.2:80 Connections incoming to port 3306 must be redirected to 192.168.1.3:3306 and so on... I also need one NAT rule to allow the servers in the subnet 192.168.1.x to browse the internet. I need to route the requests on eth0 to eth1 to be able to exit to internet. Can I do this on the UBUNTU machine with iptables? Thanks!

    Read the article

  • IPTables: allow SSH access only, nothing else in or out

    - by Disco
    How do you configure IPTables so that it will only allow SSH in, and allow no other traffic in or out? Any safety precautions anyone can recommend? I have a server that I believe has been migrated away from GoDaddy successfully and I believe is no longer in use. But I want to make sure just because ... you never know. :) Note that this is a virtual dedicated server from GoDaddy... That means no backup and virtually no support.

    Read the article

  • iptables: separate clients from each other

    - by Florian Lagg
    Hello, is there a way to separate clients in a subnet so that they cannot reach each other? The infrastructure currently looks like this: 192.168.0.1/24 Gateway, a CentOS box with iptables. 192.168.0.10-20 Some clients which may reach each other 192.168.0.30 A single client which should not be able to reach the hosts 192.168.0.10-20 should be able to reach the gateway and the internet I don't know if it is possible, maybe you could give me your ideas how it could be done. I cannot influence the machine 192.168.0.30 because it is a virtual machine I want to rent to someone. Thanks.

    Read the article

  • APF, IPTABLES, Fedora 15 - Not blocking correctly

    - by RichardW11
    I just got a new remote server which came with Fedora 15. I first tried to run APF but it gave me this error "apf(18031): {glob} unable to load iptables module (ip_tables), aborting.". Which I then set SET_MONOKERN="0" to SET_MONOKERN="1" to resolve the problem. However, with my config file showing BLK_P2P_PORTS="1214,2323,4660_4678,6257,6699,6346,6347,6881_6889,6346,7778" The ports show up as closed, instead of being filtered. Any idea why this would be happening? 22/tcp open ssh 80/tcp open http 443/tcp open https 2323/tcp closed 3d-nfsd 4662/tcp closed edonkey 6346/tcp closed gnutella 6699/tcp closed napster 6881/tcp closed bittorrent-tracker 7778/tcp closed interwise

    Read the article

  • Restricting output to only allow localhost using iptables

    - by Dave Forgac
    I would like to restrict outbound traffic to only localhost using iptables. I already have a default DROP policy on OUTPUT and a rule REJECTing all traffic. I need to add a rule above that in the OUTPUT chain. I have seen a couple different examples for this type of rule, the most common being: -A OUTPUT -o lo -j ACCEPT and -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT Is there any reason to use the latter rather than the former? Can packets on lo have an address other than 127.0.0.1?

    Read the article

  • how do I create a bidirectional bridge using iptables

    - by Kolzoi
    Setup: I have a samsung LCD TV that is connected via eth0 to a T41 Thinkpad running Ubuntu 10.10 which is wirelessly connected to the home router. I am trying to get Samsung's remote control app working on my iPad but the app won't allow me to put in an ip address and only discovers the tv if it's on the same subnet as the iPad (lame). So I need the laptop to route packets from eth0 to the wireless interface (wlan0), and I need about 3 ports on the wlan0 interface to be forwarded to the samsung tv. Hopefully all this makes sense. I've been messing around with iptables and samsung is now able to access internet via laptop wireless, but mapping from wlan0 back to the samsung tv is eluding me.

    Read the article

  • outlook iptables configuration

    - by mediaexpert
    I've a Debian mail server, but only the outlook users can't be able to download the emails. I've seen a lot of post about some kind of forwarding port configuration, I've tried some commands, but I don't be able to solve this problem, please help me. below INPUT and FORWARD iptables: Chain INPUT (policy DROP 20 packets, 1016 bytes) pkts bytes target prot opt in out source destination 60833 16M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 state NEW,ESTABLISHED 18970 971K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >