Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
2,681
questions
0
votes
1
answer
9
views
NAT table skipped for server replies running inside Docker container
I have a Docker container running on a vanilla setup which listens on port 9999:
docker run --rm -it -p 9999:9999 busybox nc -vvl -p 9999 0.0.0.0
I added a LOG rule to the POSTROUTING table on NAT in ...
0
votes
0
answers
13
views
What is the opt column in iptables -L?
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
...
0
votes
0
answers
24
views
Wireguard share LAN hosts
I the following setup (picture)
I have wg connection between my home router (as client) and Linode VPS (as server). I want to access LAN hosts from Android phone (connects as wg client to VPS). All ...
1
vote
0
answers
33
views
How can I redirect a publicly-accessible port without allowing the target port to also be publicly accessible?
I have a web server running as non-root Debian Linux kernel 6.1.x on port :8443. I'd like to allow clients to connect over :443, so I'm using iptables for that purpose:
-A PREROUTING -p tcp -m tcp --...
1
vote
0
answers
15
views
Redirect socks to another interface with nftable
I want to redirect the tcp port to interfaceX , to new destination : ip 192.168.3.8 on interfaceY with nftable rules.
I tried that:
nft flush ruleset
nft add table ip nat
nft add chain ip nat ...
1
vote
0
answers
35
views
Forcing OpenVPN process to run with a specific group using nmcli
I am struggling with this script of mine that should prepare a secure VPN connection with VPN kill switch and I need some help.
What I am trying to do (in general):
My goal is to set up a very strict ...
0
votes
0
answers
32
views
How to Log Each Outbound TCP Connection
At my company we have a set of 3 identical VMs. These VMs house an app that "sends messages". The app sends each message by making a TCP connection out to one of two fixed IP addresses (...
0
votes
0
answers
8
views
iptables-translate: translate iptables -m set --match-set to nftables
Is there a way to automatically translate --match-set iptables rules to match on a named nftables set with the same name? iptables-translate doesn't seem to be able to do this, which somewhat makes ...
1
vote
0
answers
44
views
nftables equivalent for iptables condition module
The iptables condition module allows you to make a rule match depending on whether the contents of a file are 0 or 1.
iptables -A INPUT -m condition --condition enable-my-foo-rule
This will accept ...
0
votes
0
answers
30
views
RULE_APPEND failed (Too many links)
I'm trying to apply the policy I got by running iptables-legacy-save using iptables-nft-restore. When I do, this I get this error. When I search for this error, all I can find is a paywalled redhat ...
-1
votes
0
answers
121
views
How to set up public Linux station safely?
On a Linux cloud machine, I want to set up a learning station for beginners (pubnix/pubunix).
How can I block all internet except for incoming SSH (ssh user@cloudmachine) and except for SSH local port ...
0
votes
1
answer
51
views
iptables: NAT bridge traffic
Background
I have a linux machine with bridge interfaces as shown below...
---{prenat}--> ---{postnat}-->
source: 172.25.0.3 source: 192.0.2.1
+---------------...
0
votes
0
answers
40
views
Strongswan - Communication doesn't work between hosts
I have created a SITE-TO-SITE IPSEC tunnel between my two branches, the tunnel is up and running and I can ping bidirectional both routers, the problem is that I can't do any type of communications (...
0
votes
1
answer
10
views
Inquiry on how to set up the bypass function through 2 lan ports in a pc
I have 2 LAN ports on the server (eth0, eth1). I want to export the packet that came from eth0 to eth1. Additionally, I want to make it work in the opposite direction at the same time.
Is it possible?
0
votes
1
answer
23
views
Limiting a process to only allowed to use specified network interface
I have binary program named wstunnel.
That program has no option to specify outgoing traffic. By default it will use ens3. I expect the program will use warp interface.
I'm not sure iptables can solve ...