All Questions
166
questions
0
votes
1
answer
707
views
Clients unblocking AWS S3 Content on their firewall
I have a website that serves out user generated content from AWS S3.
I have a client that wants to use our website from behind a firewall.
They are asking me to provide them with a static IP Address ...
- 600
0
votes
1
answer
85
views
How can I control specific traffic like UDP traffic with iptables on ubuntu?
If for example I would like to send just the UDP traffic to an IP-address,
is it possible to do this with iptables ?
- 33
0
votes
1
answer
5k
views
iptables snat does not change source IP
I am on ubuntu (with IP 10.0.0.1) trying to snat packets going out from port 9090. I want to change the source IP to 10.0.0.2
I have added the following rule through iptables:
# iptables -t nat -A ...
- 101
0
votes
1
answer
475
views
IpTables -j REJECT to instantly block the loading on user browser
I have been searching for a solution to notify the browser on user that the request is Rejected so stop loading it. Because I have blocked facebook and every page that have a facebook plugin is ...
- 690
1
vote
1
answer
888
views
Trouble with last DROP rule in iptables
Let's say I want four ports to be opened for any incoming packets so I made this ruleset:
#> iptables -L -v
Chain INPUT (policy ACCEPT 20 packets, 1190 bytes)
pkts bytes target prot opt in ...
- 11
1
vote
1
answer
1k
views
iptables on debian blocking git pull, http api requests etc
I am using IPTables on an API server to block all incoming traffic except for SSH, HTTP and HTTPS. I need to have full access on the loopback interface to run beanstalkd amongst other things, and need ...
- 153
0
votes
0
answers
57
views
iptable definitions for routing and defence
I'm attempting to configure a firewall on my laptop that allows for routing. The main trick is, I don't want to allow for connections to be made that do not fall under the ESTABLISHED,RELATED ...
- 267
0
votes
1
answer
569
views
Trying to configure iptables on Slackware 10
I am trying to configure iptables on a Slackware 10 machine. This Slackware version
is required in my class - so I cannot upgrade it. After compiling it, I want to configure
iptables - however, it ...
- 135
3
votes
1
answer
16k
views
Difference between iptables default policy to `DROP` and inserting a seperate policy in input chain to DROP all connections
I'm trying to DROP all incoming connections to my server, except from particular networks. At the same time I want to keep all outgoing connections from my server to external network (any network over ...
- 575
2
votes
1
answer
510
views
Most secure way to have IPtables auto-loaded using Debian / Linux
I'd like to know the safest way to load iptables using Debian. Of course, I can use a script that uses iptables-restore :
#!/bin/sh
iptables-restore < /etc/firewall.conf
but :
1) where is the ...
- 21
1
vote
1
answer
166
views
Open ports in Ubuntu 13.10 server
Im setting up a realtime gameserver fps-game, and then i need to configure ports.
Just to mention, i will setup multiple servers for this game on the same ip address,
which means i must open multiple ...
- 19
0
votes
0
answers
848
views
How to correctly configure iptables on a laptop?
I have run these commands (tried switching the order too) because I want to set up a firewall on my laptop so that nobody can connect to it (except of course in response to a connection I've made):
...
- 269
1
vote
1
answer
228
views
Redirect ports with iptables
I need to do redirect port 443 on all interfaces to 8080 on one interface using iptables on a box with 2 NICs.
I also need to block pretty much anything else on those interfaces.
Here is my iptables ...
- 1,926
2
votes
3
answers
568
views
outgoing ssh fails from only one machine on lan to outside network
I have multiple servers in my LAN (which I'll refer to as Box1), and they are all able to make outgoing SSH connections, except one that stopped recently, which I'll refer to as Box2 (actually, I'm ...
- 172
0
votes
1
answer
1k
views
Asterisk server firewall script allows 2-way audio from incoming calls, but not on outgoing?
I'm running an Asterisk PBX on a virtual machine directly connected to the Internet and I really want to prevent script kiddies, l33t h4x0rz and actual hackers access to my server. The basic way I ...
- 175
0
votes
1
answer
2k
views
Block All Traffic and Allow from Defined IP only in IPTABLES
I want to create a gateway firewall for my network . I want to block all the internal traffic on gateway and allow it from two computers only .
On gateway
--> eth0 is network card in gateway PC ...
0
votes
1
answer
1k
views
iptables --append FORWARD required for routing between NIC alias IPs?
I have an ubuntu box with a single NIC. In order to bind a number of services (like apache, dnsmasq, etc), I have bound them to different alias's (e.g. eth0:0, etc), some of which are on completely ...
- 101
0
votes
1
answer
745
views
How do I fix these iptables?
I am trying to setup my networks firewall, and am having trouble because i keep getting kicked out of SSH because of mistakes. Here's what I currently have:
# Custom Rules
iptables -F
iptables -X
...
- 445
0
votes
2
answers
58
views
Why are these iptable rules keeping me from browsing the internet? (allowing 80,443,53)
This is for my home machine. Here are the rules:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 ...
1
vote
1
answer
2k
views
iptables blocking all traffic even with ports opened
Simple as I can put it: I can't access my servers with iptables enabled, with default rules. Need to disable iptables to get access. Trying to find the cause. Only difference in setup type is layer3 ...
- 13
1
vote
0
answers
2k
views
Conntrack/NAT's port mapping for a specific port breaks whenever that port's service is shutdown for too long. How can I fix this?
Linux Gentoo 3.13.6-hardened-r3 #1 SMP Sat Apr 12 09:17:25 EDT 2014 x86_64 Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz GenuineIntel GNU/Linux
hardened with grsecurity and selinux with a strict policy in ...
- 46
2
votes
2
answers
3k
views
configure iptables to block all(as much as possible) bittorrent traffic
good day all
This is my current iptables setup
# Generated by iptables-save v1.4.7 on Wed Apr 9 13:50:31 2014
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :LOGDROP - [0:0]
-...
- 59
1
vote
1
answer
2k
views
IPtables preventing outgoing packets
I am trying to setup firewall rules on a RHEL webserver, so that my webserver can serve up web pages and at the same time download remote files using curl/wget. Problem I am experiencing is I can only ...
- 123
0
votes
1
answer
563
views
why iptables is accepting all in INPUT?
As we can see in this, which is the default iptables on fedora 20
$ iptables -L INPUT --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ...
- 450
1
vote
1
answer
2k
views
bind/named not working on UDP from external
This one is weird.
I've set this up a long while ago, on a centos5. From what I remember, it used to work. For some time now, it's not. I've just been informed so no clue what changed when that made ...
- 315
1
vote
2
answers
8k
views
how to restore iptables after iptables -F?
I used iptables -F on my machine, and what can I do to recover the iptables into the default without rebooting my machine?
I restarted the iptables service and it failed, and I can't find iptables ...
- 450
0
votes
1
answer
2k
views
Iptables filtering and NAT with secondary IP address
I have two IP addresses on my physical eth interface. Lets say 192.168.10.7 (eth0:0) and 192.168.0.7 (eth0). So it works. But I use application, working on the only one of this addresses on port 12000....
- 219
1
vote
1
answer
1k
views
With iptables only allow certain outbound ports
Okay, I'm running a router with shibby tomato (linux based) v1.28-115 and have a bridge network setup (br1) that consists of a guest wifi.
I want to only allow access to specific outbound ports... ...
- 863
0
votes
1
answer
685
views
Will using iptables DROP target cause TCP CLOSE_WAIT that never completes?
I have some simple rules to block certain IP blocks used frequently by hackers/spammers, e.g.:
iptables -A INPUT -s 173.208.250.0/24 -j DROP
But, I noticed that apache hangs after a couple of days ...
- 1
1
vote
1
answer
3k
views
Understanding how dnat works in iptables
I'm running 3 virtual machines with Fedora 19. The machine B is set up with two networks adapters and provides que channel between machine A and machine C.
The machine A IP is set to 192.168.1.3 and ...
- 167