Networking :: Middleman Machine Using The Iptables?
Jan 5, 2010
I have a machine that is like a firewall, I use iptables to route traffic through it, to the router. For ex
Host1 -> Middleman -> gateway -> Internet
Internet -> gateway -> middleman -> Host1
I have this working using these rules:
Code:
# 192.168.0.6 = host
# 192.168.0.8 = middleman
iptables -A PREROUTING -t nat -d 192.168.0.6/32 -j DNAT --to 192.168.0.8
iptables -A POSTROUTING -t nat -d 192.168.0.8/32 -j SNAT --to 192.168.0.6
On the middleman machine when I analyse the traffic using Wireshark, I can only see the outbound traffic, I don't see any traffic from gateway->host only host-gateway The traffic must be passing through both ways because the host has Internet access. How can I modify the iptables rules to see the traffic both ways?
View 13 Replies
ADVERTISEMENT
Mar 16, 2011
I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.
View 1 Replies
View Related
Mar 22, 2011
I've got the following two subnets.
Code:
Subnet 1: 10.1.0.0/24
Subnet 2: 172.16.0.0/24
A machine in subnet 1 is natted to a static address in subnet 2. For instance 10.1.0.10 is natted to 172.16.0.10.
I have achieved this with the following iptables rule. (in addition to enabling forwarding)
Code:
iptables -t nat -A POSTROUTING -s 10.1.0.10 -j SNAT --to 172.16.0.10
So far this works perfectly. What I want to do now is to add another rule that only nats the machine in case it is NOT accessing subnet 1.
In other words, when this machine accesses any other machine in subnet 1, it should show up as 10.1.0.10. Whenever it accesses subnet 2 of anything else, it should appear as 172.16.0.10.
View 1 Replies
View Related
Jan 9, 2010
I want to do port mapping on a linux machine using iptables.I have a service listeneing on port 2000 udp and I want to add iptables rule, which will map incoming packets on port 2001 to port 2000, so that service will accept the connections.The idea is that I don't want to change the default port for the service, but to make internal port redirection from (2001 to 2000), so the default service port will be filtered by iptables, and the other port will be open to the outside. The internet host connects to the linux machine on port 2001. The linux machine change destiation port from 2001 to 2000 and the service (on the same machine) process the packets and accepts the connection.I tried adding the following to my iptables rules, but it didn't work out:
$IPTABLES -A FORWARD -p udp --destination-port 2001 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 2001 -j REDIRECT --to-port 2000
View 6 Replies
View Related
Sep 21, 2010
I have task to do configure a two httpd service in a same linux machine using iptables.
For example: Run primary httpd instance on 80 and 443 port if primary instance is down switch to second instance running on 8080 and 4443 this can be achieved using iptables.
View 5 Replies
View Related
Feb 13, 2011
I try to access my ubuntu machine via my Windows Machine (Samba Server on Ubuntu Machine). Anytime I try to access the machine it asks me for my password...I enter it but it says it is invalid....is there anyway to reset it? I have already tried to remove and purge everything Samba related and then tried reinstalling, but that still didn't do anything
View 2 Replies
View Related
Mar 18, 2010
I have an ubuntu kk laptop connected via wireless to my mixed network (xp, win7, other ubuntu), but i can not ping said machine or connect via ssh. Internet and smb-browsing ON this machine work, as does pinging FROM it. If this was a windows machine, I'd say a firewall is in the way, but since it's a vanilla karmic install, this should not be the case (or should it?).
View 2 Replies
View Related
Jul 24, 2010
It seems whenever i create a folder it creates the folder as untitled folder, but i can't change the folder name it just says "you don't have permission to rename item" but yet i created the folder and it is there. One thing i have noticed is that once i enter a folder it won't even let me move the folder.
View 6 Replies
View Related
Dec 3, 2008
I have ubuntu-8.04.1-server installed on virtual machine. It works perfect. Now, I made copy of this virtual machine. I started that copied machine and it works fine, except one thing: network does not work!
I have several others VMs with freeBSD, openBSD or Windows on it, but only ubuntu machine hes network problem after coping. I tried some other VM with ubuntu on it - same problem! I downloaded VM with ubuntu - same problem.I take a look into /etc/network/interfaces file and it looks just as it should (same as before coping) but ifconfig command returns parameters for lo only (before coping there was eth0 and lo).
View 2 Replies
View Related
Feb 20, 2011
I have an issue with the manner in which Network Manager is configuring the network and short of ditching Network Manager I can see no solution.The issue : Getting a machine to update its machine name in the DNS serverSounds simple doesn't it I operate a FreeBSD based firewall / DHCP / DNS server, using a default Network Manager DHCP configuration the Fedora clients do not register their names with the DNS server when they obtain an address.
I have traced the communications with Wireshark and the Fedora clients are NOT supplying the PC's hostname as part of the exchange so this is NOT a DNS server configuration issue. If I uncheck the option 'Automatically obtain DNS information from provider' under the DHCP settings the Fedora clients DO register the hostname that is put into the Hostname (optional) databox. They do NOT however store the DNS server IP address or any other records defined by the DNS server.
Is there some hidden settings or is this a bug because it isn't acceptable 'DHCP' behaviour if it isn't possible to automatically set DNS server IP addresses and at the same time register the hostname during the DHCP negotiation. Before it is said I know I can use a fixed DNS IP address but am not prepared to long term, I am also not prepared to define the Fedora clients with a 'static' IP. I am similarly not interested in playing around with scripts or any other such 'frigs' to achieve what should be a standard activity - registering a host with DNS during the DHCP negotiation.
View 3 Replies
View Related
Aug 28, 2010
I am trying to establish the easiest way to share a folder from an Ubuntu machine to a Windows machine.In the past I have added things to smb.conf and that has all worked fine but what I am trying to do is to figure out what the "new user" way of doing this is so that when I am helping other people I know I am getting them to do the simplest thing.I completely removed samba and reinstalled it so that I didn't have any configuration. Right clicked on a folder and selected "Sharing Options" ticked the "Share this folder box" gave it a name and a comment and ticked the other two boxes.
When I went to the windows laptop then it kept asking for a username/password and nothing worked.Back on the ubuntu machine I did sudo smbpasswd -a [username] and created a blank password. Now from the windows machine I can access the shared folder.Is the smbpasswd step still required? It's very confusing for a new user as there is no suggestion that anything other than right clicking on the folder and choosing the options you want would be required. Is it something to do with the fact that this is an ubuntu machine that has gradually been upgraded through versions and this problem wouldn't have been there from a new install?
View 3 Replies
View Related
Apr 9, 2010
I need to access a Windows Server 2000 machine using a Linux machine via KDE, but that will migrate to Gnome. The Linux user to connect to Windows machine, you should open an application 'XYZ' automatically, and only this, denying any unauthorized access. When you close the application 'XYZ' communications (RDP?) Should be terminated. Do I need a log of accesses and possible attempts to circumvent the system and access other application.
View 7 Replies
View Related
Jul 6, 2010
I had run one script in unix machine and want to copy the results to a windows machineBoth the machines are on different networksIn linux machine trying to do the ftp to the windows machine its giving connection refused. How to chech whether ftp is running on that linux machine or not?Also tried scp and ssh , both are failing
View 6 Replies
View Related
May 29, 2010
I can set-up an ssh tunnel from machine A to Machine B:-
fred@my-linux:~$ ssh -P myport fred@myserver.homelinux.com
I can successfully logon to machine A to Machine B.
what address and port will my tunnel 'appear' on machine B? I want to send a stream back from B to A up the encrypted tunnel, not over the open network.
View 5 Replies
View Related
Oct 31, 2009
I have two machines, one has XP service pack2, second one has CentOS 5.3 (Linux), they are connected through crossover cable. I have configured everything fine but don't know why till now can't ping!
A. Windows machine settings as follows:
IP Address: 192.168.1.3
Subnet Mask: 255.255.255.0
Default Gatway: 192.168.1.1
+ Firewall is turned OFF.
B. For Linux machine, I will list everything stored in network files, logged as [root@localhost ~]# :
1. /etc/sysconfig/network:
ifconfig eth0 192.168.1.4 netmask 255.255.255.0 up
route add -net 192.168.1.0 netmask 255.255.255.0 eth0
route add default gw 192.168.1.1 eth0
NETWORKING = yes
NETWORKING_IPV6=no
HOSTNAME=localhost.localdomain
2. /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
IPADDR="192.168.1.4"
NETMASK="255.255.255.0"
ONBOOT="yes"
BOOTPROTO="yes"
3. /etc/resolv.conf
nameserver 192.168.1.4
search locadomain
4. I restarted network service using this command:
/etc/init.d/network start
everything is fine. When checking using ifconfig command. I get the following:
eth0 Link encap: Ethernet HWaddr 00:08:0D:EE:19:66
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr:........
[code]....
I mean I assigned the IP: 192.168.1.4 to Linux machine (Eth0). I did everything above and can't ping till now, when pinging from windows or Linux I get a message "destination host unreachable" restarted Linux many times but same result. NETWORK CABLE is working fine I tested it.
View 14 Replies
View Related
Mar 1, 2011
I've run into a weird problem. Two of my linux machines (A and B, both running CentOS 5.5) are connected to the same wall ethernet socket via a hub. Bothf them are configured for static IPs. The trouble is that when machine B goes offline or hits a kernel panic, machine 1 goes offline too. What I've noticed is that in this condition the "route" output from machine A does not show any entry for the default gateway either The contents of /etc/sysconfig/network-scripts/ifcfg-eth0 for machine A are:
Code:
# Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
DEVICE=eth0
[code]...
View 3 Replies
View Related
Jan 6, 2010
I have a ubuntu 9.04 machine i'm using as a file server. I'm able to see that machine from any XP machine, connect to it's shares play music, movies, work off of it NO problems. But i can't view the shares from a windows 7 home edition PC (garbage). AND, from the ubuntu PC, i can't see any of the other shares on network. I get "Fail to receive share list from server".
NOTE: Originally i had this machine connected with wireless card because of location. and I was able to see all shares then - both ways (still not from Windows 7 PCs though). However, when I moved to hard wire connection, the network disappeared. I've tried changing IP addresses, changing switches, but no network. I'd like to keep it hard wire. Can anyone point me in right direction or am i missing information?
View 1 Replies
View Related
Jan 25, 2011
I am a new user trying Ubuntu 10.Got it up and running.Can connect to the internet.Can send and receive E Mail.Can see my Win XP machine that is also on my home netwook.Can transfer files from my Win XP machine to my Ubuntu Machine but just cannot work out how to get my WIn XP machine to see my Ubuntu machine.
View 5 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Sep 17, 2010
I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
View 6 Replies
View Related
Nov 3, 2010
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
View 3 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Apr 16, 2011
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
View 2 Replies
View Related
Apr 28, 2009
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies
View Related
Feb 5, 2010
Iptables manual page says:
Why doesn't it make sense for packets coming from a wireless interface?
View 1 Replies
View Related
May 7, 2010
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible.
What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
View 3 Replies
View Related
Nov 11, 2010
How can I add ip address which is multiple of 3 and to 255? That is I want to block ip address which is coming from multiple of 3 to 255.
As an example 192.168.0.3,192.168.0.6,192.168.0.9,192.168.0.12 etc.
View 4 Replies
View Related
Mar 2, 2010
how to allow a specific hostname with specific ports in iptables?
View 1 Replies
View Related
Apr 24, 2011
We are stuck big time with IP forwarding where we have to use IP tables. Any advice will be appreciated.
Setup
Machine A --> Machine B -->Machine C
- Machine A connects with Machine B on "internal network"
- Machine B has 2 NIC (and two IP address) , one connected to Machine A (internal network) and one connected to Machine C (External Network)
We need all traffic coming from Machine A which flows to Machine B on port 60 to be directed/forwaded to Machine C (port 60).
Not allowed to configure Machine B as a gateway . Things work with rinetd program when we do a tcp redirect from Machine B port 60 to Machine C (port 60).
But just unable to make it work with IP tables rules. We tried following,but in vain
iptables -t nat -A PREROUTING -s Machine_A -d Machine_C -p tcp --dport 60 -j DNAT --to-destination Machine_C .6:60
/sbin/iptables -A FORWARD -i Machine_B -o Machine_C -p tcp --dport 60 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Any valued inputs?
View 4 Replies
View Related
Jul 26, 2010
pc need download file from internet ftp server, but can't now, how set iptables ?
iptables mod
[root@ad ~]# lsmod |grep ip
ip_nat_ftp 7361 0
ip_conntrack_ftp 11569 1 ip_nat_ftp
[code]....
View 4 Replies
View Related
