Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
2,681
questions
0
votes
1
answer
7
views
NAT table skipped for server replies running inside Docker container
I have a Docker container running on a vanilla setup which listens on port 9999:
docker run --rm -it -p 9999:9999 busybox nc -vvl -p 9999 0.0.0.0
I added a LOG rule to the POSTROUTING table on NAT in ...
- 250
0
votes
0
answers
11
views
What is the opt column in iptables -L?
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
...
- 189
0
votes
0
answers
24
views
Wireguard share LAN hosts
I the following setup (picture)
I have wg connection between my home router (as client) and Linode VPS (as server). I want to access LAN hosts from Android phone (connects as wg client to VPS). All ...
- 101
1
vote
0
answers
33
views
How can I redirect a publicly-accessible port without allowing the target port to also be publicly accessible?
I have a web server running as non-root Debian Linux kernel 6.1.x on port :8443. I'd like to allow clients to connect over :443, so I'm using iptables for that purpose:
-A PREROUTING -p tcp -m tcp --...
1
vote
0
answers
15
views
Redirect socks to another interface with nftable
I want to redirect the tcp port to interfaceX , to new destination : ip 192.168.3.8 on interfaceY with nftable rules.
I tried that:
nft flush ruleset
nft add table ip nat
nft add chain ip nat ...
- 11
1
vote
0
answers
35
views
Forcing OpenVPN process to run with a specific group using nmcli
I am struggling with this script of mine that should prepare a secure VPN connection with VPN kill switch and I need some help.
What I am trying to do (in general):
My goal is to set up a very strict ...
0
votes
0
answers
32
views
How to Log Each Outbound TCP Connection
At my company we have a set of 3 identical VMs. These VMs house an app that "sends messages". The app sends each message by making a TCP connection out to one of two fixed IP addresses (...
- 1
0
votes
0
answers
8
views
iptables-translate: translate iptables -m set --match-set to nftables
Is there a way to automatically translate --match-set iptables rules to match on a named nftables set with the same name? iptables-translate doesn't seem to be able to do this, which somewhat makes ...
- 479
1
vote
0
answers
44
views
nftables equivalent for iptables condition module
The iptables condition module allows you to make a rule match depending on whether the contents of a file are 0 or 1.
iptables -A INPUT -m condition --condition enable-my-foo-rule
This will accept ...
- 479
0
votes
0
answers
30
views
RULE_APPEND failed (Too many links)
I'm trying to apply the policy I got by running iptables-legacy-save using iptables-nft-restore. When I do, this I get this error. When I search for this error, all I can find is a paywalled redhat ...
- 479
-1
votes
0
answers
121
views
How to set up public Linux station safely?
On a Linux cloud machine, I want to set up a learning station for beginners (pubnix/pubunix).
How can I block all internet except for incoming SSH (ssh user@cloudmachine) and except for SSH local port ...
- 438
0
votes
1
answer
51
views
iptables: NAT bridge traffic
Background
I have a linux machine with bridge interfaces as shown below...
---{prenat}--> ---{postnat}-->
source: 172.25.0.3 source: 192.0.2.1
+---------------...
- 11
0
votes
0
answers
40
views
Strongswan - Communication doesn't work between hosts
I have created a SITE-TO-SITE IPSEC tunnel between my two branches, the tunnel is up and running and I can ping bidirectional both routers, the problem is that I can't do any type of communications (...
0
votes
1
answer
10
views
Inquiry on how to set up the bypass function through 2 lan ports in a pc
I have 2 LAN ports on the server (eth0, eth1). I want to export the packet that came from eth0 to eth1. Additionally, I want to make it work in the opposite direction at the same time.
Is it possible?
0
votes
1
answer
23
views
Limiting a process to only allowed to use specified network interface
I have binary program named wstunnel.
That program has no option to specify outgoing traffic. By default it will use ens3. I expect the program will use warp interface.
I'm not sure iptables can solve ...
0
votes
0
answers
22
views
Why aren't the rules inserted into my chain?
I create a chain and immediately want to add rules there, but for some reason they are not added. When the iptables -L <chain-name> chain is output, only its empty body and a list of links to it ...
-4
votes
1
answer
64
views
How to takeover forwarded tcp streams in Linux? [closed]
I have some TCP streams which are only going over my linux box. In theory, it only packet forwards them. Now some new idea happened on which now I think, it would be much better to also alter their ...
- 9,848
1
vote
0
answers
44
views
NAT router with private IP towards ISP and public IP on the second interface, localhost traffic problem
I need help with the following network and router. Under emergency conditions, I received the following network. The router (Ubuntu) has two interfaces and a DNS function. The private address on the ...
- 11
0
votes
0
answers
24
views
How to enable NAT loopback/hairpinning with iptables on router?
I have a HG659b router, and have got shell access to the router, so I can configure the iptables.
In the web page, I have configure a port forwarding setup to forward port 37777 to the host 192.168.1....
- 1
0
votes
0
answers
16
views
Ubuntu "Shared connection" unable to block ports
I am in need to test our connectivity of our device (specifically, how our device responds when unable to reach certain ports).
So I am trying to control the ports, by sharing the internet connection ...
- 101
1
vote
1
answer
45
views
RHEL 8 IP/Kernel Routing Multi-Homed Server Issue - Cannot get a response to ping, when trying to ping from 2nd Interface
Set up/configuration:
I have a RHEL 8 server, running Asterisk 15.x, that has 2 NICs. NMCLI is used for networking
NIC0 (eno5np0) is on the trusted network and is configured as a static IPv4 and NIC1 (...
- 13
2
votes
1
answer
16
views
Limit access of SSH user to applications iptables and ip6tables
I'm using ubuntu 22.04 and want to login with an ssh user that has only access to iptables and ip6tables. So the user should login and can only input, delete and update iptables and ip6tables, nothing ...
- 21
0
votes
0
answers
48
views
Firewalld (nftables) SNAT problem
so my setup is following:
A:
PrivIP: 172.16.1.1
PublicIP: 212.1.2.3
B:
PrivIP: 10.123.0.1 (Interface: dummyip, dont ask why I named it like that)
PublicIP: 213.1.2.3 (Interface: eth0)
They both are ...
- 1
0
votes
2
answers
116
views
Forwarding TCP and UDP packets on all ports to another IP on a second network interface?
I have an ubuntu machine at IP 192.168.3.1, another machine is connected to it at fixed IP of 192.168.3.2, This machine is also connected to a router over usb0 which has shared the IP 172.30.220.17 to ...
- 1
1
vote
0
answers
51
views
Linux doesn't forward a packet because it's bigger than the MTU
I've been trying to route some of my LAN traffic over wireguard to a raspberry pi at my parent's house for when I need my connection to appear from a different country. I have the wireguard connection ...
- 133
0
votes
1
answer
23
views
dd wrt as a proxy client
I want to use a router in a network with a proxy. Without the router, everything works if you open the proxy settings in Windows and enter the address and port. No additional actions are required. I ...
0
votes
0
answers
34
views
How does k3s expose nodeports on linux?
I am investigating connectivity issues where k3s nodeport only accepts incommoding connections on one ip/interface but not on others. During this I realized that ports exposed using k3s nodeport do ...
0
votes
1
answer
128
views
How are source ports chosen for iptables SNAT targets?
By default the SNAT target keeps the source port of the original packet. If that port is already in use, it chooses one at random. Is there any way to influence the choice of this port or gage the ...
- 479
0
votes
0
answers
76
views
Networking Errors on KVM
I am trying to run a KVM virtual machine on Debian 11 (Bullseye)
I'm also running this from crouton on ChromeOS in case that's like really crucial, but I don't think it is.
Here's the error:
Unable ...
0
votes
1
answer
87
views
iptables duplicate port traffic
I want to clone/duplicate all udp traffic incoming on port 8500 to port 8600. It is important that the source address is not modified. Also both ports must be accessible by applications (the packets ...
- 43