All Questions
166
questions
0
votes
0
answers
271
views
Should iptables block RST packets for a websocket connection?
I have the following setup for offloading SSL and running home assistant :
Raspberry pi A (model 3, 10.0.0.21 below) is running apache2, NextCloud and iptables.
Raspberry pi B (model 1, 10.0.0.69 ...
1
vote
1
answer
723
views
Add a IP to another rule matching hex in iptables linux
iptables -t raw -A PREROUTING -p udp --dport 4578 -m string --hex-string '|fefffffffffffffffff77f12|'
How can I whitelist the IP having the above hexx string automatically on Iptables.
I'll be ...
1
vote
2
answers
757
views
iptables SNAT target and TCP ACK packets
I need to establish a TCP connection where the client is spoofing its IP for all outgoing traffic. My first attempt was to add a rule to the POSTROUTING chain like so:
iptables -t nat -A POSTROUTING -...
0
votes
1
answer
413
views
Relay TCP upload traffic and make download traffic go directly to the client
This is a supplement for iptables SNAT for UDP rule is only applied to some traffic
In fact, I have three machines:
the client
the target server
the relay server
What's my motivation for doing this?
...
0
votes
1
answer
2k
views
iptables SNAT for UDP rule is only applied to some traffic
I want to use Source NAT to change the local IP address of UDP traffic. However, only locally-generated traffic has the NAT rule applied, replies to traffic generated from remote sources do not have ...
13
votes
2
answers
3k
views
Allow traffic through a firewall to a dynamic IPv6 address
Suppose I have this configuration on IPv4 right now:
My router (a Linux box) is connected to the Internet on eth0 and my LAN on eth1. I want to forward port 80 to 10.1.2.3. Here's how I'd currently ...
0
votes
0
answers
398
views
Firewalld, opening all subnet for zone
Another question about firewalld, I need someone to explain this to me in simple words, because I read countless posts and I don't know what's happening here.
I've enable the home zone in ...
1
vote
1
answer
90
views
port forwording using iptables on centos7
I am using Centos7 in my physical server with public address and I have guest machine running on KVM environment with private IP address 192.168.122.2 I need to install httpd in the guest machine and ...
0
votes
0
answers
306
views
How to add exceptions in matching subnet in iptables nat output chain?
I have a rule in my iptables config:
-t nat -A OUTPUT -d 10.0.0.0/8 -j RETURN
This rule prevents from routing packets sent to 10.X.X.X address.
But now I want to add exception in this rule and allow ...
0
votes
1
answer
934
views
Correctly redirect traffic from 80/443 to NodePort exposed Traefik 30080/30443 on Kubernetes using iptables
In a Kubernetes setting, Traefik is deployed as follows using HelmRelease:
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: traefik-default
namespace: kube-system
spec:
chart:
...
0
votes
1
answer
1k
views
Iptables command analog in Windows
iptables -I FORWARD -s 192.168.1.100 -p udp --dport 27000:27200 --match string --algo kmp --string 76561198923445525 -j ACCEPT
I need simply analog of that working command within windows OS, for ...
-3
votes
1
answer
83
views
Why does my IPTables changes not deny access from all IP addresses except CloudFlare’s ranges?
I am running apache on ubuntu 18.04. I used IPtables to deny access from all IP addressed except CloudFlare’s ranges and when I run iptables -L –line-number I get
1 ACCEPT tcp – 131.0.72.0/22 anywhere ...
4
votes
1
answer
8k
views
How can I do DNAT and SNAT on Windows 7?
I have a very old program which uses a fixed IP address as destination. I'm trying to revamp my network into something more modern but this legacy system is holding me back.
As a simple solution, I ...
2
votes
1
answer
9k
views
RULE_APPEND failed (iptables)
I'm working on an assignment in which I have to create some custom firewall rules on a Debian router. I'm using iptables to create the rules. Here's the thing, whenever I try to add this rule: ...
8
votes
2
answers
9k
views
Deleting a IP from blacklist iptables
I created a blacklist using ipset and iptables called "blacklist", now i would like to know how i edit "blacklist" to remove or add IP's.
Anyone knows?