Debian :: Forwarding TCP Packets - Redirect Also The Port 443 (HTTPS)
Mar 16, 2011
This is where it starts: I have 2 networks. The first: 192.168.1.0/24 composed by the router which has access to the internet with the IP 192.168.1 and the server (who is a gateway) with the IP 192.168.1.42 The other network: 192.168.2.0/24 composed by the gateway with the IP 192.168.2.1 and the clients (on the 192.168.2.0/24 subnet). To sum up, the gateway has 2 IPs (192.168.1.4(eth0) and 192.168.2.1(eth1)). On this gateway, I have squid installed (and listening on port 3128). I also made a redirection to redirect some computers who want to access to the web (port 80) to squid (port 3128) with this command: /sbin/iptables -t nat -A PREROUTING -m mac --mac-source CLIENT_MAC -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
At this stage, everything works fine. The clients can access the web by the proxy without "knowing". What I wanted to do, is redirect also the port 443 (HTTPS). Actually, when a client wants to access to, for example, [URL]. He cannot. So I would want to be able to redirect people (without passing by any proxy) directly to google. Like a NAT. But the problem is that I can't. The thing would be to, in the gateway, take all the packets with port 443 in destination and handle them to the router 192.168.1.1. Then, when the router sends the packet back, the gateway takes the packet and handles it to the client. I tried putting ip_forward to 1, but the problem is that all IPs and ALL PORTS are forwarded. And I just want port 443 to be forwarded.
View 4 Replies
ADVERTISEMENT
Jul 23, 2011
My network isPC1 -- (NIC1,10.1.1.x) Linux (NIC2,10.1.2.x) -- Server 1 (HTTP/FTP)My question isIn the linux system, can I change the PC1 source port from 20000 to 30000? for examplePC1(sport:20000,dport:80)---Linux-- (sport:30000,dport:80)--- Server 1 (HTTP/FTP)
View 2 Replies
View Related
Dec 12, 2009
I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:
Code:
PORT STATE SERVICE
22350/tcp closed unknown
[code]....
View 2 Replies
View Related
Apr 26, 2011
I'm trying to get https/443 traffic go through squid.
View 3 Replies
View Related
Feb 18, 2010
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB
[code]....
View 10 Replies
View Related
May 7, 2011
I've had Debian on my laptop for around 4 months which I rarely use. I'm using Squeeze since it seems to be the only release that will work with my ethernet card.The internet had been working fine for a couple of months but broke when I tried to allow port forwarding for torrents. I could only connect to the internet after this by using:
iptables -F
iptables -X
iptables -t nat -F
[code]....
View 2 Replies
View Related
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
Apr 16, 2010
I have a legacy application that communicates status to a remote server over UDP. The server app replies back to the client with UDP as well, using the IP address it obtains from the sockaddr parameter of the recvfrom() method.
Code:
[----------------] [----------------]
[ client <->(udp)]<----- Ethernet -----> [(udp)<-> server ]
[----------------] [----------------]
I'm trying to replace the underlying use of ethernet, with a RS232 based radio/modem device - without making any src changes to the legacy apps. i.e. apps would still create and transmit UDP packets addressed to a remote IP address and listening port, and the receiver wouldn't know any difference. I'm relatively new to this level of network programming, but my first attempt has been to write an app that sniffs out outbound raw UDP packets (using pcap), transmit that data over the radio, and re-injects the UDP unchanged on the remote end.
Code:
[----------------] [----------------]
[ client <->(udp)] [(udp)<-> server ]
[ | ] [ ^ ]
[ v ] [ | ]
[ /capture/]<---- Radio XMIT ----> [/reinject/ ]
[----------------] [----------------]
My 'capture' app intercepts the UDP packets just fine when the machine is 'plugged' in, but as soon as I disconnect my network cable to test wireless, outbound packets addressed to a remote IP (ie. the server) are no longer captured (tho local UDP packets are picked up ok). Wireshark also does not report the original outbound packet, but it does show an ICMP packet reporting 'Host Unreachable'. I understand the host isn't reachable, but I'm confused as to why the packet isn't at least making it to the interface/network card. Is there anyway to get the force the kernel to 'transmit' the UDP packet anyway so that my capture app can intercept it? or is there a better/easier solution (again, w/o making source changes to the client/server)?
View 4 Replies
View Related
Jul 6, 2011
is there any way to point certain packets from my outgoing traffic to a LAN : port ?
can iptables do this ? if yes how ?some like this [URL] ?
View 1 Replies
View Related
Jul 20, 2010
I tried to make "ssh tunneling", but failed and got this message.
Quote:
Administrator@windstory-PC /
$ ssh -R 7869:localhost:7869 windowsstudy@192.168.0.4
windowsstudy@192.168.0.4's password:
Warning: remote port forwarding failed for listen port 7869 Last login: Wed Jul 21 01:56:04 2010 from 192.168.0.2 -bash-3.2$
1. system environment
192.168.0.2 - windows 7 + copssh
192.168.0.4 - centos 5.4 x86 + openssh
2. Guide for setting "ssh tunneling"
[URL]
3. Added this to sshd.conf
Quote:
AllowTcpForwarding yes
4. "netstat -na|grep 7869" at 192.168.0.4
Quote:
[root:maestro:~]# netstat -na|grep 7869
tcp 0 0 0.0.0.0:7869 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7869 127.0.0.1:53539 ESTABLISHED
[code]....
5. result of "ssh -vvv -R 7869:localhost:7869 windowsstudy@192.168.0.4"
Quote:
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
[code]....
6. I added 7869 for telnet service as follow;
Quote:
mytelnet 7869/tcp # My Telnet server
View 1 Replies
View Related
Nov 1, 2010
sudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies
View Related
Mar 28, 2010
I'm not that great with mailservers, and just been thrown a curveball with a MS Exchange environment for which there is apparently no solution... yeah, right. But is there a workaround?
The problem is that the site mail (SMTP) needs to be sent via port 26 instead of the commonly used 25. Port 25 is mapped to a mailfilter, which apparently causes havoc with some of the mail, and the techs that have been on site trying to coax the Exchange server to co-operate have said that the only way would be to get rid of the filter.
The problem is that there are number of apps that are unable to have the outgoing port changed and so keep sending mail out on port 25.
I look after the Unix/Linux side of things at work, and I was wondering if there was an easy way to set up a Ubuntu box to receive mail on port 25 and just forward it to the MS box on port 26? So, in other words (and I hope this makes sense): monitor port 25, and forward whatever comes in on port 25 to the server on port 26. Simple portforwarding, or is it? What steps do I need to take?
View 2 Replies
View Related
Aug 7, 2010
When I use the following command:
ssh user@ssh_server -L 5500:localhost:5500 -p 22
everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:
ssh user@ssh_server -R 5500:localhost:5500 -p 22
I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...
View 2 Replies
View Related
Apr 27, 2011
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies
View Related
Apr 6, 2011
I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
View 3 Replies
View Related
May 1, 2011
On one of my servers (Centos 5.5), I have been hosting articularly complex CRM application for one of my clients. Recently they have asked about configuring SSL connections to the CRM. Problem is, SSL is already configured for their main domain but not the sub-domain where the CRM application is accessed. Rather than purchasing another SSL certificate for their sub-domain (and probably another IP address),ld it be possible to setup a redirection from the subdomain to a sub-directory in the SSL directory using mod_rewrite. I have searched online and through the other posts on LinuxQuestions but nothing I have tried works.For example:[URl]
View 2 Replies
View Related
Dec 17, 2010
I found this really cool guide / info about creating an internet portal where users have to register (their MAC) with the server to use the internet. basically if users MAC's are in the list they get routed to the internet if not they get routed to an internal page asking them to register. It works great and works well. I was wondering if there are some smart people out there who could help me reverse the process.. eg if your mac is not in the list you can access the internet if it is, you are redirected to an internal page saying "youve been blocked"
The firewall rules are as follows.
Code: IPTABLES=/sbin/iptables
# Create internet chain
# This is used to authenticate users who have already signed up
$IPTABLES -N internet -t nat
# First send all traffic via newly created internet chain
[Code]...
View 3 Replies
View Related
Jul 14, 2011
I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS
View 1 Replies
View Related
Mar 25, 2010
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
View 2 Replies
View Related
Oct 24, 2010
I had to add them to my firewall script when I installed openvpn on my dd-wrt router:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.
View 1 Replies
View Related
Mar 22, 2010
I'm trying to workaround a limitation in a server application. The limitation is that I can only connect to a LOCAL mysql database. I am trying to fool the server in to using a remote mysql database. I was hoping to do this by simply forwarding 3306 to another server on the same subnet.To that end I've set up iptables rules to forward all connections to port 3306 to a non-standard mysql port on a remote server. This works, except that I need to deal with the loopback interface in a special way and I'm stuck.
View 14 Replies
View Related
Mar 22, 2011
I want to ENABLE SSL on a PORT 2222 :
Now this works fine. But I also want the HTTP URL to work and redirect it to HTTPS.
When I visit http://IP:2222 I get :
Quote:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint: [url]
How should I make this request of [url] CT to [url]
View 14 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
Jun 25, 2010
how to redirect all client http request to https request in squid
View 1 Replies
View Related
Aug 19, 2011
I am doing this as a test for bigger deployment. I have Apache running on CentOS5 in a clean VM (just a few tools installed, PHP and such).If mod_ssl is set to listen on 443 in /etc/httpd/conf.d/ssl.conf the the site at https://192.168.1.137 loads just fine.If I change the listen port to eg. 9443 in ssl.conf and reload httpd the page wont load athttps://192.168.1.137:9443 - I set the eth0 to be trusted and disabled SElinux in case that was interfering but still no luck.
View 1 Replies
View Related
Feb 22, 2011
I've a strange situation in my network: pcs gatewayed to another network, then a proxy, then a firewall.pcs --> router --> cloud --> router --> proxy --> switch <-- fw --> Internet(router, proxy and fw are alla connected by the switch)Some months ago the situation was: pcs --> router --> cloud --> router --> switch <-- fw --> Internet.There was a static route in the router that gatewayed the packets to the firewall, but that route has been deleted, and I cannot reinsert it because I've not access to the routers, so we have to use a proxy to go to Internet, and we have the configuration of all pcs (Windows XP) with the fields "proxy" filled.The proxy ha only one NIC gatewayed to the firewall, and Ubuntu and squid installed, but we have some problems:
1. we cannot use email, so how can we make port 110 and 25 packets pass?
2. squid seems to slow down, so can we uninstall it and route all the traffic directly to the firewall to speed up?
View 2 Replies
View Related
Oct 21, 2010
my ftp (with SSL) server is behind firewall.
Code:81.81.81.81 FIREWALL (my external address) 192.168.1.5 - FTP server How to create portforwarding for such a configuration. I`m not interesting about iptables rules. I would like to know which port should I redirect and how ? FTP server usualy using 20 and 21. What about VSFTPD with SSL ? Also 20 and 21 ?
View 1 Replies
View Related
Mar 5, 2011
I did local apache server at internal ip 192.168.1.2 and i wanna to do port forwarding to enter to it by my external ip address ?
View 4 Replies
View Related
Jul 3, 2010
I'm trying to capture packets with WireShark on 2 port ranges.
This syntax is not working :
Quote:
bash-3.2# /usr/sbin/tcpdump -ttttvv udp portrange 8500-8600 and portrange 5060-5070
There is no output...
What is the correct syntax for defining multiple port ranges ??
View 4 Replies
View Related
Jan 24, 2010
I am having issues with the DREADED port forwarding. *why* is this important? *why* does it become such a chore to change? trying to run xlink kai on karmic. i have access to the routers in the house. the primary (#1) router is a standard issue Linksys, the other router is my DDWRT router which connects wirelessly to #1.
View 3 Replies
View Related
