All Questions
166
questions
0
votes
2
answers
306
views
IPtables issues - Assistance appreciated
I am trying to make a firewall for my raspberry pi. The rules that I want are
Allow incoming SSH - this works
Allow outgoing ssh - this does NOT work and is my main issue
Allow incoming and outgoing ...
16
votes
1
answer
43k
views
What are the IP ranges to block the entire Russian Federation? [closed]
Every single morning the Russian Federation keeps attacking our sites. Every single day I block their IP address and every single day they use a new sub net. I tried:
-A INPUT -s 4.53.0.0/16 -j DROP
-...
- 1,685
3
votes
0
answers
498
views
MITM redirecting to my own NTP server, blocking traffic to Apple NTP pool
CONFIGURATIONS
ipv4.forwarding 1 (ON)
arp_cache_poisoning between VICTIM & D.G.. (192.168.1.100 & 192.168.1.1)
**LAN**
VICTIM: 192.168.1.100
ATTACKER: ...
- 31
1
vote
0
answers
1k
views
IPTables not doing what I requested
Community here is awesome!
I have an ASUS 3100 wireless router and about 4 IP Cameras. On my old router it was easy to block outgoing traffic so that I can make sure the cameras weren't "calling ...
- 11
0
votes
1
answer
509
views
IPTABLES - How does the Docker port a:b work?
I am learning iptables in combination with Docker. I am figuring out how the docker-compose host:port:port for port forwarding actually works. I understood it does some iptables magic. So I did a ...
- 115
1
vote
0
answers
2k
views
Redirect HTTP traffic from LAN box to external proxy using iptables on my router
My goal is to transparently proxy all HTTP requests from a single IP (my laptop, 192.168.1.134) on my LAN to an external IP (internet VPS, lets say X.X.X.X) running a proxy server (specifically ...
- 61
8
votes
2
answers
9k
views
Deleting a IP from blacklist iptables
I created a blacklist using ipset and iptables called "blacklist", now i would like to know how i edit "blacklist" to remove or add IP's.
Anyone knows?
- 151
0
votes
1
answer
509
views
iptables default rules numbers in square brackets what do they mean? [closed]
I've just installed iptables and have ran the command below.
/sbin/iptables-save > /etc/iptables/rules.v4
When I then went to edit the file "/etc/iptables/rules.v4" I found it contained the lines ...
- 113
0
votes
1
answer
623
views
Debian 8 iptables blocked all connections
I've got a really big problem with my root server running Debian 8 (64-Bit). I installed some iptables rules to block specific IP ranges belonging to China and some blacklisted ranges. It seems ...
- 1
0
votes
1
answer
1k
views
How to redirect outbound requests to external resource to localhost with different ports?
I have GitLab CI multirunner which attempts clone git repo from external URL mydomain.com:40800 and it gets timeout error (I nothing cant to do with that). I need to redirect mydomain.com:40800 HTTP ...
- 101
0
votes
1
answer
87
views
iptables: BLOCK all general OUTPUT on PC (no server)
I'm trying
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW,...
- 1
0
votes
2
answers
604
views
Iptables doesn't allow network traffic from open ports
I changed the policy of the INPUT chain, adding the following command.
iptables -P INPUT DROP
After I inserted the next rules in order to allow input packets from the network ports 80 and 443 but ...
- 143
0
votes
0
answers
313
views
Using iptables to measure nmap network bandwidth?
I'm working through some exercises and need to use iptables to monitor nmap traffic. The nmap command I have is:
nmap -oN nmap-scripts-all.txt --script=all 100.100.9.6
I've been reading about ...
- 193
1
vote
1
answer
1k
views
IPTables - DNAT only if the destination is not listening
I have the interfaces eth0 (the internet access) and tap_vpn0 (vpn tap interface, with network of 192.168.110.0/24). What I want, is to DNAT all the incoming connections through eth0 to 192.168.110.2 ...
- 1,804
0
votes
1
answer
5k
views
Will this iptables rule accept all traffic, making my other rules useless?
I've adapted this iptables configuration from someone else, and am trying to figure out whether it's doing what I want it to. It is supposed to run on a coreos server, with several docker containers, ...
user703165
2
votes
1
answer
11k
views
Block ARP requests (or broadcast message, if possible) from A SPECIFIC HOST in a subnet
My ISP provide username-password for authentication and also register the client's MAC address for authentication.
I am concerned about someone misusing my connection while I am not using it. ...
- 711
0
votes
1
answer
373
views
How packets traverse tun+ adapter on firewall
I am familiar with Iptables, and recently I wanted to build a statefull firewall which is connected to a openvpn server.
If someone is willing to explain, how for example eth0 (WAN), eth1 (LAN) and ...
- 173
1
vote
1
answer
7k
views
How to see connection attempts rejected by firewall in real time?
I am struggling to create an NFS mount from my Mac to a Ubuntu server (the mount works if I do it locally on the server to itself, so I'm confident the issue is network related), and I need to have ...
- 185
13
votes
2
answers
3k
views
Allow traffic through a firewall to a dynamic IPv6 address
Suppose I have this configuration on IPv4 right now:
My router (a Linux box) is connected to the Internet on eth0 and my LAN on eth1. I want to forward port 80 to 10.1.2.3. Here's how I'd currently ...
1
vote
0
answers
583
views
iptables FORWARD chain rule clarification
I currently trying to learn iptables, and was wondering if someone could clarify what exactly is happening here. The rules in question are from the FORWARD chain (see below) on my router connected to ...
- 111
1
vote
0
answers
142
views
Running Web Server from Andoird Phone
Problem - Trying to run Tiny Web Server on Android Phone. Internally I'm able to access the server home page from all devices connected to hotspot including Gateway.
Hotspot Gateway - 192.168.43.1 (...
- 11
1
vote
1
answer
568
views
Is it possible to exploit `-i lo -j ACCEPT` in iptables?
Most of iptable setups contain INPUT -i lo -j ACCEPT rule. Without it it's quite difficult to connect to any locally hosted stuff. However what is not entirely clear to me - is locally running process ...
- 820
0
votes
1
answer
3k
views
Block a device from outgoing connections to internet (iptables help)
I have a router that runs Tomato, so I have access to iptables. There's an IP camera on my network with an IP address of 10.10.2.110 that I want to keep isolated. Based on advice I've read elsewhere, ...
- 11
1
vote
3
answers
5k
views
iptables SNAT/DNAT explain behaviour
I am new to iptables and I want to understand how iptables nat is working.
I have a linux machine with a lxc container.
The machine network configuration is as follows: eth0 interface which connects ...
- 165
1
vote
1
answer
1k
views
openvpn configure iptables to allow only port 80/443 and throttle all other
I'm using Openvpn to let people go on the internet. All is working fine but i want to restrict the use torrent/P2p traffic.
Instead of trying to block that by trying to identify them all separately i ...
0
votes
0
answers
33
views
Not able to connect from remote machine
I am not able to connect to my desktop from remote machines. I suspect some firewall mis-configuration.
OS Details (Linux Mint 17):
11:16:23 ~ $ cat /etc/linuxmint/info
RELEASE=17
CODENAME=qiana
...
- 131
0
votes
0
answers
320
views
iPtables is not allowing ports to open
I am having a problem with my iptables. I have a server setup that is a web server, openvpn, file server, NAS. I have the default INPUT to drop connections, but allow certain ports to be opened. My ...
- 13
1
vote
0
answers
727
views
Why does iptables change the source address of incoming requests?
I am using iptables for redirecting ports for web and ssh from machine 14 to 25 as shown in the following diagram:
The problem is when anyone from the internet accesses my web application, iptables ...
- 111
1
vote
1
answer
2k
views
Iptables to block ssl3/tls on network
I tried to block application data packets on my computer using the rule
iptables -I OUTPUT 1 -p tcp \! -f --dport 443 -m state --state ESTABLISHED -m u32 --u32 "0>>22&0x3C@ 12>>26&...
user647332
1
vote
1
answer
6k
views
Forward network traffic from one computer to another using iptables
I have two computers on the same lan
Comp A: 192.1681.151.15
Comp B: 192.1681.151.19
The setup is like this
Internet <----> Computer B
^--------> Computer A
Both computers have ...
user647332