I have three machines on three networks192.x.x.x10.x.x.x172.x.x.xThe routers are set to forward communication between 192. network and 10. network, and between the 10. network and the 172. network.However, there's not routing between 192. and 172.I want to fix that by using a machine on the 10. network to forward communication between the other two networks.The machine has one etherent connection eth0 whose address is 10.1.1.11I set up an aliased ip address eth0:0 to be 10.1.1.12 using Quote:ifconfig eth0:0 10.1.1.12Then I tried to set forwarding rules the 10. machine such that 10.1.1.12 address will provide access to the machine 172.1.1.55 as followsQuote:# iptables -t nat -A PREROUTING -d 10.1.1.12 -j DNAT --to-destination 172.1.1.55The default policies for all chains is ACCEPT.I then try to access 10.1.1.12 from 192.1.1.20 expecting it to actually access 172.1.1.55 ; it does not work
Here is a glimpse of my IPTABLES http://pastebin.com/WvHAC46A I see in the column of sources the addresses being resolved to domain names is there a way I can stop this?
how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.I've followed the instructions outlined in this guide and ran the following two commands:
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP /sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT root@xxxx:~/#: iptables --list
I have a server located remotely that I'd like to protect by allowing access to only my IP address (on any port). Currently anyone can access the server using ssh, http, and any other services that my server is running. (The reason I need to protect it for now is that it's a test/development server and really only needs to be accessed by me.)
The downside of doing this is every time my desktop IP address changes (from where I access the remote server), I would need to update the iptables configuration. (This could be a hassle, but based on my limited knowledge it seems to be the best way to allow access from only myself.)
Could anyone share how to allow access to my server using iptables from only my IP address and on any port?
I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP ... $IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?
I need to know what the Iptables "code" is to change the outgoing/Incoming IP for port 53 (DNS). I'm running CentOS on a dedicated server. I very familiar with Putty and SSH. So I don't need much details, I just can't figure this out. I asked my server providor but they deleted my ticket and didn't answer me.I tried this but am not sure if this correct of working?
i was trying to crate a script to show the last time iptables had seen a given IP address (contained in the ipt_recent kernel hook -- my user-defined table name is 'iplist'). The ipt_recent table yields the following information (IPv4 addresses masked for paranoid reasons):
Such command yields the following (I'm willing to live with the trailing zero):
Code:
Wed Jun 20 05:48:46 EDT 2266 src=www.xxx.yyy.zzz 0
[code]....
I presume the ipt_recent table uses the standard UNIX epoch timestamp. Am I using the date command syntax incorrectly, is this a 32-bit vs 64-bit break, or it is something else? Please note that I am using FC10, and I have double-checked my system clock settings (both BIOS and OS). The system has only been running during 2009 (no reboot yet).
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
Currently my OS is Ubuntu 9.04 Jaunty Jackalope Desktop OS and my web server is Apache2. I have a public address 60.x.y.z and my pc local address is 10.x.y.z. I have a web app in my Apache2 which currently run in localhost(10.x.y.z).
I would like to enable the web app so that it could be browse from outside. I know there maybe some port forwarding process and some commands involved in order to do that. But I have no idea on the steps to do that.
I am working on implementing a protocol on NS2.34 .I really need help to solve this problem . Actually , I don't now whether the problem is generated by the tcl code or the c++ code when I run the simulation, I get this result :
Code: num_nodes is set 64 INITIALIZE THE LIST xListHead 34 45 channel.cc:sendUp - Calc highestAntennaZ_ and distCST_ highestAntennaZ_ = 1.5, distCST_ = 550.0 SORTING LISTS ...DONE! code....
Version 10.04 LTS. Installed desktop version and network worked but I needed a static IP address and the install configures for a DHCP configured address. I tried changing to static address using the System->Preferences->Network Connections application but was unable to get the system to come up with the network up.
So I manually modified the /etc/network/interfaces and the /etc/resolv.conf files. I restart the system but when I do an ifconfig, I don't see a configured IP address on eth0 (only the loopback address). If I run /sbin/ifup eth0 everything then works fine and ifconfig shows the correct address bound to eth0.
I'm running Ubuntu 10.10 and I'm having problems trying to assign it a static IP address. No matter what I put in the Preferences->Networking area (identifying the interface as Manual)... it still will query DHCP for an address if I run the dhclient command. I'm using to using ubuntu server where I just set the IP in the interfaces config file.
I am running my own Postfix mail server. Some time ago I noticed that most email was rejected because of the server's dynamic IP address. So I got a fixed IP address. However then I noticed that some mails got rejected due to failing the reverse DNS check. So my ISP told me to get a range of IP addresses and they could then create a PTR record for one of those addresses. That is now running but it turns out that the IP address used for the PTR record is a ... dynamic IP address. So Spamhaus PBL rejects my emails again.
I have a few external IP's assigned to me by my ISP. I have IPcop as my router/firewall. I am wondering how to bind 1 of my external ip's to my internal ip address. So I do not have to port forward, etc. For Example, 77.77.77.77 to 192.168.1.123 and on the server it see's the external IP address.
In my job I use some ethernet embedded devices. They take an ip address from dhcp server or auto ip. I only know mac address.How can I obtain ip from mac address? In other words I need a rarp packet generator.
I dont know for what reason, since 2 days, I started having this message whenever I try to start httpd.I commented "Listen 443", restarted httpd started correctly. I needed to comment "listen 443" in order to be able to start httpdWhat is strange is when I do
I have a dedicated control computer that can only be accessed with web-browser (with its ip-address). My DHCP-server gives a static ip-address to the control computer (base on its mac-address). Somehow and after some time the control computer looses its ip-address (can't ping to it any more) ... and then I have to reset the control computer to get it to pick up the ip-address ... this is not a good solution since the control computer is not nearby. is there a way to force the control computer to renew its ip-address based on its mac-address
My security software has picked up multiple port scanning detections on my router/network and only the IP addresses are available. Is it possible to find out what the remote mac address is to see if the IP source has been spoofed? I've got a couple of different IP sources which were found scanning my ports.
I don't know if my IP and the remote IP address are on the same network or subnet for that matter which is the reason for my wanting to know what the mac address is to find out if its coming from the same remote machine.
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash # Script to check important ports on remote webserver # Copyright (c) 2009 blogama.org # This script is licensed under GNU GPL version 2.0 or above
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh ' not found.4.4: host/network `127.0.0.1 Try `iptables -h' or 'iptables --help' for more information. ' not found.4.4: host/network `192.168.1.8