Fedora Networking :: DNAT To Localhost Not Supported?
Dec 4, 2009
I'm having problems with NX, it's doing strange things, trying to connect to some IP host in timbuktoo because my DNS provider's DNS sucks AND because NX is looking up the host "localhost" without first consulting my hosts file (which nsswitch explicitly tells it to do). THAT's all beside the point.
To work around this apparent bug in NX I tried creating an iptables rule to redirect traffic destin for a certain IP (10.x.x.x) to localhost (127.0.0.1) with the following rule: iptables -t nat -I PREROUTING -d 10.x.x.x -j DNAT --to 127.0.0.1. After adding the above rule, my attempts to connect to that host continued to get routed right off into the internet where I DIDN't want them to go. Instead of being redirected to the localhost/loopback address.
It seems DNAT to localhost is not supported? A Google search reveals many other people having this issue but blaming it on everything but iptables. I'm proposing that it's not supported, by design or not, to redirect traffic from a NIC to the loopback network?
View 1 Replies
ADVERTISEMENT
Aug 19, 2010
I am trying to simply address translate TCP packets from one destination IP to another destination IP (DNAT?) without getting the initial SYN packet. Is this possible? I do not think it is with DNAT since the conntrack needs SYN first.
I have given the command:
The problem is that the first packet that matches this rule will be the SYN-ACK and I suspect it is simply DROPPED.
I am sparing you the gory details of why I would do such a silly thing, but simply put; I need to intercept client-to-server packets through a tunnel, but allow server-to-client packets to follow through the regular network.
I have been working on this for many days w/o success and my learning curve is still steep. I can provide more details as needed.
View 2 Replies
View Related
Mar 10, 2011
I'm having a complicated iptables problem. I'm using a linux poweredge 1750 with 4 ethernet interfaces and 1 wireless interface as a router/firewall/wireless access point.
The Computers on the inside can connect and communicate just fine. The access the outside world and other internal devices with no problems.
DNAT from the outside works just fine for things like ssh, webmin and http. But some protocols and services (ftp with filezilla and runuo) use ports to connect. And then, it is like they hand off the rest of the communication to other seemingly randomly determined ports. And that is when the conversation gets dropped. How do I configure my router to notice these port changes and continue to DNAT the conversation?
View 2 Replies
View Related
Oct 18, 2010
I have been trying to achieve something through iptables but something is going wrong. I want connection/packets arriving to a specific computer (let's call it "server") from another specific computer ("client") inside the same network to be automatically redirected to a remote computer in the internet and vice-versa. I tried doing that using iptables with these commands on the "server" PC:
Code:
iptables -t nat -A PREROUTING --source 'client-ip' -j DNAT --to-destination 'remote-pc-ip'
iptables -t nat -A PREROUTING --source 'remote-pc-ip' -j DNAT --to-destination 'client-ip'
[code]....
View 2 Replies
View Related
Jun 3, 2011
I'm trying to understand and set up port forwarding with iptables. So far I've read a lengthy tutorial on iptables, and I've Googled for hours, searched this forum, but I've been unable to come up with a solution that works for me.The situation I would like to achieve is the following: on one machine, there is a TCP server running bound to its external IP, port 9999. I would like to let another machine connect to this TCP server on port 9000 by forwarding port 9000 to 9999.All the policies of the iptables chains are set to ACCEPT; and I have set net.ipv4.ip_forward = 1. I have no problems using SNAT/MASQUERADE on the same server machine.I have tried the following:
Code:
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -i eth0 -d ${SERVER_IP} --dport 9000 --sport 1024:65535 -j DNAT --to ${SERVER_IP}:9999
In order to test this rule, I started a TCP echo server on port 9999. I can connect to it on port 9999, but not on port 9000- this gives me 'connection timed out'. When I do 'iptables -t nat -L -v', I can see that the rule does get matched once per connection attempt.
View 1 Replies
View Related
Nov 26, 2009
Client which uses an ISP with a Linux machine (Server 1) with two network cards. Eth0 with ip 1.1.1.2 and gateway 1.1.1.1 these ip's is not public ip's and falls unders the isp's internal range, eth1 with the internal ip range. OpenVPN listen on eth0 for incoming connections. We want to connect to Server1 from external networks. Due to different reasons the isp could not get the routing sorted and give us an public ip on his network. We had to setup another bos (Server2) with eth0 2.2.2.5 and gateway 2.2.2.1 which is public ip's and eth1 with ip 3.3.3.5. Server 2 can communicate via the ISP internal network with server 1. I use DNAT to forward all incoming connections on server 2 to server 1 but the problem I have is that server uses its default gateway for the return packages and does not sent the reply back to server 2. My iptables rules looks as follows on server 2.
/usr/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d 196.25.157.135 --dport 1194 -j DNAT --to 192.168.100.170:1194
/usr/sbin/iptables -A FORWARD -p udp -i eth0 -d 192.168.100.170 --dport 1194 -j ACCEPT
View 5 Replies
View Related
May 2, 2010
i am trying to use a local DNS service (unbound), and for that, i want each connection (eth0, wlan0) to first use localhost as DNS (127.0.0.1) and then try the DNSs it gets from the DHCP. this is a laptop so it is not just setting it for a single connection but a system default.
i looked and searched and there does not seem to be a straightforward way of doing it. i am usign gnome with networkmanager, and setting the method as "get IP only" is not suitable, as it omits the DHCP-provided DNSs, and also cannot be set as the default method.
View 1 Replies
View Related
Mar 29, 2009
I have installed apache. The problem is that localhost works but not the ip for viewing my hosted sites.
How can i rectify this error?
View 5 Replies
View Related
Aug 26, 2010
I'd like to (if it's possible, of course) to redirect the packets originated within a linux box, and I've been tryin' to do it through the OUTPUT chain in nat table:
Code:
iptables -t nat -A OUTPUT -p tcp -d 192.168.0.74 --dport 80 -j DNAT --to-destination 192.168.0.17:80
The policy for the rest is ACCEPT.This redirection didn't work this way. If I do lynx http://192.168.0.74:80 I reach 192.168.0.74 host, so there is no redirection.Could I achieve what I'm needing through with IPTABLES' OUTPUT chain (in nat table)?
View 1 Replies
View Related
Jun 3, 2011
I'm working on setting up access for our developer via Telnet, we are on a local network behind a physical firewall. I set up the standard Telnet service for Fedora15 and from localhost I can login via any user and root.... However I cannot login from another terminal on the LAN, even though I can ping and FTP to the fedora15 box. I added the firewall rules for telnet, that did not work, so I disabled the firewall, still cannot get a connection via port 25. I feel either port 25 is closed in another manor or the telnet is restricted to the localhost.
Also I cannot login to root to configure the Firewall Desktop GUI, only standard users, is this an issue? I also cannot login to the console as root even though I use the correct password.I can only su to root and sometimes it is a PITA. There must be some settings to clear these issues up...
View 2 Replies
View Related
Nov 26, 2010
Can anyone suggest a wireless-N adapter (USB or PCI) that is well supported under F13? And do you think an upgrade from G to N is worth it? I'm probably going to upgrade my router to N in any case as the old one is buggy and/or dying.
View 2 Replies
View Related
Aug 18, 2010
This message appears very often in teh output of very different programs, for example Firefox/Swiftfox, Thunderbird, Mplayer In case of Mozilla apps it sometimes freezes KDE interface too (can't switch windows or panel does not pop-up) for a few seconds. IPV6 is not compiled into kernel and module is not built. It is disabled on the eth0 interface too.
View 1 Replies
View Related
Apr 3, 2010
I've been trying for a couple days now to get netem rate limiting to work on a Fedora 12 i686 virtual machine (both on VMware Fusion and KVM), and have had no success.In order to do outbound rate limiting, I want to use the netem token bucket filter (TBF), as described here:[URL]Unfortunately, attempting to use the TBF results in this error:
Code:
[root@f12-build ~]# tc qdisc add dev eth1 parent 1:1 handle 10: tbf rate 256kbit buffer 1600 limit 3000
[code]...
View 1 Replies
View Related
Jul 12, 2011
I have installed XAMPP on my system and started it just fine, but for some reason when I type "http://localhost/myDirectory/index.php" into the address bar of a browser, I get a 404 error. I followed the instructions hereand after creating test.php, I was still not able to view it. Can someone please tell me what I am doing wrong?
View 11 Replies
View Related
Feb 9, 2010
PVM 3.4.6 cannot add localhost. It says it can't find pvmd3, but why is it even looking for that when that is not part of the installation?
View 2 Replies
View Related
Jun 6, 2010
So i was trying to Wget some files from a server to test how much i know about Wget. Running Karmic.I think it connecting to localhost is wrong right?
View 5 Replies
View Related
Dec 30, 2010
I am running the HTTP server (Jetty) from Eclipse IDE, which listens on port 8888. I can connect to it in the browser with URL [URL] but not with http://192.168.1.100:8888/home, where 192.168.1.100 is my local IP. Not from this PC or any other PC in the LAN. Firewall is disabled. I can successfully ping to 192.168.1.100. I can share from this PC with SAMBA.
All configuration and logs look fine.
View 6 Replies
View Related
Mar 30, 2010
I tend to forget stuff if I don't work with it for awhile. somehow I struggled through and figured out (with a lot of help) how to set up Ubuntu Intrepid server edition on my computer, and am serving my website from my computer. For times when the free DNS nameserver is 'closed' (often lol) I use localhost and can see/work on my site. Suddenly, when I type localhost into the address bar, I get a blank page, nothing! I'm not sure what to do....can someone please help because am going to use my website to present a class project, and was going to use localhost (bring my computer) in case the nameserver was down, I have to be able to display it.
View 3 Replies
View Related
Apr 26, 2011
When i try to connect to MySQL database with MySQL Workbench using root@localhost i get following message: Failed to Connect to MySQL at localhost:3306 with user root
Access denied for user 'root'@'192.168.0.1' (using pasword: YES) which is ok, becouse 192.168.0.1 is not listed as a host from which MySQL server should accept connections.
I am a little confused, becouse i tell MySQL Workbench to connect using localhost, so server should (at least i think so) receive connection from 127.0.0.1
I think i had similar issue with PostgreSQL some time ago, but i just allowed connections from 192.168.0.1 then.
My host file is:
Code:
127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
#::1 ent-pc localhost6.localdomain6 localhost6
127.0.0.1 ent-pc
[Code]...
View 5 Replies
View Related
May 24, 2011
i re-installed ubuntu 11.04 two days ago, to join 2 partitons into 1,anyway i then setup vnc and ssh as normal but now it just times out on both when trying to connect is there a firewall or something in place by default?ports show as open when scanning my external isp address, ubuntu box is in the dmz so no need for ports being forwarded.i also cannot connect via localhost, the above testing i could not connect from my worki can also netcat to my external ip via ssh/vnc ports and read the banners fine?
View 1 Replies
View Related
May 27, 2010
I have a laptop with Apache, MySQL, PHP, etc, and I'm able to work on web programming on my local server while at home, connected to my network. But I would like to be able to work on the local websites when I'm not connected to any networks, both for demonstrating a site, or simply working on it.
I was surprised to find that I could not connect to localhost at all without a network connection. I tried my normal Google for a solution, but, of course, that was futile without a network.
Now, I'm at home, and of course, it works because I have wireless. I don't really want to disconnect that to figure it out, so I thought maybe some nice soul here might know how to do this. Surely it can't be hard, can it? But, it's certainly not obvious.
View 3 Replies
View Related
Jul 22, 2010
i know it all sounds weard but ive been searching google so much now.. look the setup is kinda straight forward. We got a test server for websites. This server has lamp server configured. Now i have a Website in the apache www folder. From here on everything works fine in http://localhost or 127.0.1.1 etc etc. also i have configured virtualhosts. This so we can have a live enviroment but its actually a test enviroment.
Now i try to connect trough the lannetwork! so i goto my windows client and hit in the browser :http://(serverip+port) and also tried http://(serverip) When i do this i get a 403 forbiddin acces. I solved that problem by deleted a line in the apache2.conf wot was called : virtualHost xxx.xxx.xxx.xx: xx
Now Hes loading the page but says he cant connect to 127.0.1.1 Any1 knows a solution? (sorry for my bad grammer btw )
View 9 Replies
View Related
Oct 19, 2010
Is there a way to only accept SSH Tunneled VNC connections from localhost? I would like to close port 5900 on my router and only have SSH open.
View 2 Replies
View Related
Dec 31, 2010
I have an application that listens to port 5744. I send to it a command from a terminal like this
Code:
echo my-command > /dev/tcp/localhost/5744
and replies
[code]....
View 3 Replies
View Related
May 5, 2011
I've got problem with Avahi on my laptop. It can see the other machines and services on the LAN but not it's own local services and I have no idea why. The laptop (hostname: forseti) sports Ubuntu 10.10, installed aavahi-daemon, avahi-dnsconfd and libapache2-mod-dnssd. Firewall is disabled. Other hosts on the LAN are: magni (openSuSE 11.4 with lots of services published and visible from forseti) and freya (Ubuntu 10.10 with gnome-user-share up & running). Forseti can see the other hosts and their services but not itself. The other hosts can't see forseti. Checked both with nautilus and CLI's avahi-browse.
View 1 Replies
View Related
Jul 22, 2011
One of the computers attached to the network is giving localhost instead of 192.168.x.x in Remote Desktop config page therefore I'm unable to access it:
Quote: Your desktop is only reachable over the local network. Others can access your computer using the address localhost. Other computer and even other accounts on the same computer are showing something like:
Quote: Your desktop is only reachable over the local network. Others can access your computer using the address 192.168.0.8. How can I fix this?
View 2 Replies
View Related
Jun 10, 2009
Suppose I have computer A with ip address on eth0 of 192.168.0.1 and ip address on eth1 of 192.168.1.1. If I send packets to 192.168.1.1 from computer A, it automatically uses the loopback interface. Is it possible to modify the routing table some how to send these packets out on eth0 instead and have them route around the network and come back on eth1.I've tried 'route add -host 192.168.1.1 dev eth0' but it seems to completely ignore this entry.
View 5 Replies
View Related
May 17, 2010
I am facing issues on few machines but rest all are ok. They have the same config but I don't know what is wrong. I tried as much as I could but couldn't fix it. Here is the rpms installed on this client
[code]...
The same config is working for all clients but have problems with few machines. May be I am doing something wrong in config or testing at very basic level.
View 1 Replies
View Related
Jan 13, 2011
I was doing some one-handed-one-fingered typing while talking on the phone. Due to lack of paying attention, I executed the following command: ifconfig eth0 1300 (was meant to be ifconfig eth0 mtu 1300) this of course killed the connection, so I got the box rebooted. This box functions as an openswan/firewall server. everything came up okay, end users are reporting no problems with the vpn or the firewall function. However, one service is failing because the route to localhost seems to be originating from eth0. when I `ping localhost`, the traffic dump shows the ping packet originating from the external address. On all my other boxes, when I ping localhost, the traffic originates from localhost. The reply to my ping behaves normally.
here is a dump of my pinging localhost: fw-ps:~/scripts# tcpdump -n -i lo listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes 10:00:01.885033 IP 194.246.23.22 > 127.0.0.1: ICMP echo request, id 6893, seq 12, length 64 10:00:01.885068 IP 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 6893, seq 12, length 64
I considered trying to manually add some routes, but since the reply is working, I am not sure that is the problem. I also considered trying to change the default interface, but I don't want external traffic originating from the loopback.
View 4 Replies
View Related
Mar 18, 2011
I just installed a fresh copy of debian (no GUI). I want all my traffic on bash (such as when I do ping or dig or wget, basically whatever) to be sent to localhost:8080. How can I do that? I've a ssh port forward setup that will forward all traffic arriving at my localhost:8080 to another server.
View 4 Replies
View Related
