Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
2,681
questions
0
votes
0
answers
4
views
NAT table skipped for server replies running inside Docker container
I have a Docker container running on a vanilla setup which listens on port 9999:
docker run --rm -it -p 9999:9999 busybox nc -vvl -p 9999 0.0.0.0
I added a LOG rule to the POSTROUTING table on NAT in ...
- 250
0
votes
0
answers
11
views
What is the opt column in iptables -L?
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
...
- 189
0
votes
0
answers
24
views
Wireguard share LAN hosts
I the following setup (picture)
I have wg connection between my home router (as client) and Linode VPS (as server). I want to access LAN hosts from Android phone (connects as wg client to VPS). All ...
- 101
1
vote
0
answers
33
views
How can I redirect a publicly-accessible port without allowing the target port to also be publicly accessible?
I have a web server running as non-root Debian Linux kernel 6.1.x on port :8443. I'd like to allow clients to connect over :443, so I'm using iptables for that purpose:
-A PREROUTING -p tcp -m tcp --...
1
vote
1
answer
2k
views
IPTables Firewall/Router/Gateway needing to block outbound traffic from users
I have multiple ethX interfaces.
eth0 is connected to the internet.
eth1 is connected to a trusted network.
eth2 is connected to a network I need to impose usage rules.
What I'd like to do is ...
CommunityBot
- 1
1
vote
1
answer
8k
views
docker fails with "iptables: No chain/target/match by that name"
When I try to publish container's ports to the host, docker fails to add iptables rules:
$ sudo docker run --rm -p 8080:80 nginx
docker: Error response from daemon: driver failed programming external ...
CommunityBot
- 1
1
vote
0
answers
15
views
Redirect socks to another interface with nftable
I want to redirect the tcp port to interfaceX , to new destination : ip 192.168.3.8 on interfaceY with nftable rules.
I tried that:
nft flush ruleset
nft add table ip nat
nft add chain ip nat ...
- 11
1
vote
1
answer
3k
views
Editing the iptables file on Asus firmware
I have downloaded the Asus DSL-n14u firmware, extracted the .trx file and located the iptables file, as linked below:
https://www.dropbox.com/s/sanz5x2bw0o5xsu/iptables?dl=0
I know the iptables ...
CommunityBot
- 1
0
votes
1
answer
2k
views
Using ipset with src OR dst in one rule?
I am trying to write an iptables rule using ipset with one rule matching src or dst (or both). This
iptables -A FORWARD -m set --match-set <name_of_ipset> src,dst -j DROP
does not work since it ...
CommunityBot
- 1
3
votes
2
answers
2k
views
Timeout when connecting RDS using AWS session manager via EC2 instance
I am having trouble accessing AWS RDS instance in a private subnet using session manager through ec2 instance (Ubuntu).
Port forwarding using AWS Session manager -
aws ssm start-session --target ...
CommunityBot
- 1
1
vote
0
answers
35
views
Forcing OpenVPN process to run with a specific group using nmcli
I am struggling with this script of mine that should prepare a secure VPN connection with VPN kill switch and I need some help.
What I am trying to do (in general):
My goal is to set up a very strict ...
PleaseLetThisWork
8
votes
1
answer
7k
views
What is the difference between iptables and ip route table?
Recently I am learning iptables, I know there are 5 independent tables, two of them are filter and nat tables. And I sometimes will look at netatat -r or route table, I know ip command can modify this ...
CommunityBot
- 1
0
votes
0
answers
32
views
How to Log Each Outbound TCP Connection
At my company we have a set of 3 identical VMs. These VMs house an app that "sends messages". The app sends each message by making a TCP connection out to one of two fixed IP addresses (...
- 1
0
votes
0
answers
8
views
iptables-translate: translate iptables -m set --match-set to nftables
Is there a way to automatically translate --match-set iptables rules to match on a named nftables set with the same name? iptables-translate doesn't seem to be able to do this, which somewhat makes ...
- 479
1
vote
0
answers
44
views
nftables equivalent for iptables condition module
The iptables condition module allows you to make a rule match depending on whether the contents of a file are 0 or 1.
iptables -A INPUT -m condition --condition enable-my-foo-rule
This will accept ...
- 479