Networking :: Promiscuous Interface And Iptables To Receive Packets Not Destined To Localhost
Mar 22, 2010
I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
View 2 Replies
ADVERTISEMENT
Sep 16, 2010
I need to route packets coming from a standalone switch port which is a mirror ("tap") of another port ("source"). I can't seem to forward packets whose MAC address is for a different device (the actual "target" of "source"). My device is in promisc mode,I can see the incoming packets in tcpdump and Wireshark. The only packets which get forwarded are those which have my MAC destination address (I changed the wiring to come straight from source and not the mirror port, to get "my" MAC address in the packet). My routing table is configured to forward and I have ip_forwarding enabled, obviously (otherwise packets sent to my MAC wouldn't route). By the way, the incoming packets are all VLAN tagged and I have matching subinterfaces.
Q1 - is this inherent, that packets won't get "passed up" to the IP layer unless the MAC addresses match?
Q2 - Would ebtables be a good solution, i.e. rewrite the dest MAC address to my own MAC addr and send to the INPUT target?
View 5 Replies
View Related
Dec 10, 2008
I've got an application that compiles in Windows and Linux and is using UDP multicast to communicate. I'm running it on a Windows machine, a Linux machine and a small board (Gumstix) that is running Linux as well. The Windows and Linux machines have no problems sending/receiving packets with each other. The Gumstix and Linux machines have no problems sending/receiving packets with each other. The Gumstix can also send/receive packets with two instances of the application both running on the Gumstix.
But when running on the Gumstix I can send udp multicast packets to Windows, but cannot receive them. (It works if I do point to point with a known IP port#, but not multicast.) I can run tcpdump on the Gumstix and see the packets, but they are not being received on my socket. Here's what tcpdump (running on the Gumstix) outputs when sending the same packet from different sources. Notice the IP header ID and flags (don't fragment) are different when coming from Windows.
WINDOWS to Gumstix
-7:-45:-2.015784 IP (tos 0x0, ttl 15, id 35331, offset 0, flags [none], proto: UDP (17), length: 444) 172.30.42.3.1165 > 239.255.183.180.47028: UDP, length 416
LINUX to GUMSTIX
-7:-43:-38.451991 IP (tos 0x0, ttl 15, id 0, offset 0, flags [DF], proto: UDP (17), length: 444) 172.30.42.13.32771 > 239.255.183.180.47028: UDP, length 416
GUMSTIX to GUMSTIX
-7:-33:-10.955608 IP (tos 0x0, ttl 15, id 0, offset 0, flags [DF], proto: UDP (17), length: 444) 172.30.42.110.1025 > 239.255.183.180.47028: UDP, length 416
I've tried everything I can think of to get this to work but am not getting anywhere. Also I'm pretty inexperienced when it comes to Linux. Anything I could try to be able to receive udp multicast packets from Windows?
View 1 Replies
View Related
Mar 5, 2010
Assume this: Machine A sends a packet to machine B, no application in machine B is waiting for the packet, Now: What happens in kernel? What happens to this packet exactly?
View 6 Replies
View Related
Jun 10, 2009
Suppose I have computer A with ip address on eth0 of 192.168.0.1 and ip address on eth1 of 192.168.1.1. If I send packets to 192.168.1.1 from computer A, it automatically uses the loopback interface. Is it possible to modify the routing table some how to send these packets out on eth0 instead and have them route around the network and come back on eth1.I've tried 'route add -host 192.168.1.1 dev eth0' but it seems to completely ignore this entry.
View 5 Replies
View Related
Feb 24, 2011
I am working on uClinux/almost same as Linux. I am new to socket programming. I have two micro controllers running on same code. Simple run with arguments mean send merged string.
run 1st micro controller (Send): ./Name "anystring"
run 2st micro controller (Recive):/Name
My code is:
int receive() {
// Create socket
int sock_fd;
struct sockaddr_in addr;
char buffer[kBufferSize];
int bytes_received=0;
int addr_len = sizeof(addr);
printf("receive start ");
sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
if ( sock_fd == -1 ) {
printf("receive Create ");
// Error occurred return 0; }
printf("Res Create sucee ");
// Create address from which we want to receive, and bind it
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_port = htons(kPortNumber);
if ( bind(sock_fd, (struct sockaddr*)&addr, sizeof(addr)) < 0 ) {
printf("receive bind "); // Error occurred return 0; }
printf("Bind Succeful sucee ");
while ( 1 ) {
// Receive a message, waiting if there's nothing there yet
bytes_received = recvfrom(sock_fd, buffer, kBufferSize-0, 0,
(struct sockaddr*)&addr, &addr_len);
if ( bytes_received < 0 ) { // Error occurred
printf("receive bytes "); return 0; }
printf(" bytes_received succeful ");
printf("Ressocketstring : %s ",buffer);
memset(Ressocketstring,0x00 , sizeof(Ressocketstring));
strcpy(buffer,Ressocketstring); printf("Ressocketstring : %s
",Ressocketstring); printf(" ");
printf("Hello Receive finished");
// Now we have bytes_received bytes of data in buffer. Print it!
fwrite(buffer, sizeof(char), bytes_received, stdout); } }
int transmit(char * data, int length) {
int sock_fds[kMaxSockets];
// Obtain list of all network interfaces
/* struct ifaddrs *addrs;
if ( getifaddrs(&addrs) < 0 ) {
// Error occurred return 0; } */
// Loop through interfaces, selecting those AF_INET devices that support broadcast, but aren't loopback or point-to-point
struct sockaddr_in addr; int number_sockets = 0; struct hostent *he;
/* const struct ifaddrs *cursor = addrs;
while ( cursor != NULL && number_sockets < kMaxSockets ) {
if ( cursor->ifa_addr->sa_family == AF_INET
&& !(cursor->ifa_flags & IFF_LOOPBACK)
&& !(cursor->ifa_flags & IFF_POINTOPOINT)
&& (cursor->ifa_flags & IFF_BROADCAST) ) {
// Create socket*/
sock_fds[number_sockets] = socket(AF_INET, SOCK_DGRAM, 0);
if ( sock_fds[number_sockets] == -1 ) // Error occurred {
printf("Error Create "); return 0; }
he = gethostbyname((char *)BCASTADDRESS) ;
if (he==NULL ) {printf("Error gethostbyname ");
herror("gethostbyname"); printf("Error host "); exit(1);
} printf("Res He ");
// Create address from which we want to send, and bind it
memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET;
addr.sin_addr = *((struct in_addr *)he->h_addr);//((struct sockaddr_in *)cursor->ifa_addr)->sin_addr; addr.sin_port = htons(kPortNumber);
if ( bind(sock_fds[number_sockets], (struct sockaddr*)&addr, sizeof(addr)) < 0 )
{ // Error occurred printf("Error bind "); return 0; }
// Enable broadcast int flag = 1;
if ( setsockopt(sock_fds[number_sockets], SOL_SOCKET, SO_BROADCAST, &flag, sizeof(flag)) != 0 ) // Err occur { printf("Error Enable "); return 0; }
number_sockets =1; printf("Succes 1 "); printf("transmit Create ");
// Initialise broadcast address memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET; addr.sin_addr.s_addr = INADDR_BROADCAST;
addr.sin_port = htons(kPortNumber);
// Send through each interface int i;
for ( i=0; i<number_sockets; i++ ) {
if ( sendto(sock_fds[i], data, length, 0, (struct sockaddr*)&addr, sizeof(addr)) < 0 )
{ printf("Error Send "); // Error occurred return 0;
} printf("Succes 2 "); } return 1; } void MergeMessage( ) {
memset(socketstring,0x00,sizeof(socketstring));
sprintf(socketstring,"%s@%s@%s@%s@%s@%s@%s@%s@%s@%s@%s
",Tmeg.s1,Tmeg.s2,Tmeg.s3,Tmeg.s4,Tmeg.s5,Tm eg.s6,Tmeg.s7,Tmeg.s8,Tmeg.s9,Tmeg.s10,Tmeg.s11);
printf(" MergeSocketMessage : %s ",socketstring); }
int main (int argc, char** argv) {
int fd=0,bdc=0; struct ifreq ifr; printf("Tsarting man ");
fd = socket(AF_INET, SOCK_DGRAM, 0);
strncpy(ifr.ifr_name, "eth0", IFNAMSIZ-1);
ioctl(fd, SIOCGIFADDR, &ifr); close(fd);
memset(MYIP,'-',sizeof(MYIP));
memset(BCASTADDRESS,'-',sizeof(BCASTADDRESS));
strcpy(MYIP, inet_ntoa(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr));
printf("Etho: %s ,len:%d ", MYIP,strlen(MYIP));
for(bdc=strlen(MYIP);MYIP[bdc-1]!='.';bdc--) {}
strncpy(BCASTADDRESS,MYIP,bdc-1); strcat(BCASTADDRESS,".255");
printf("BCASTADDRESS: %s ,len:%d
", BCASTADDRESS,strlen(BCASTADDRESS));
printf("Initial Broad Cast message "); {
/*s0"0" (id=76)
s1"500" (id=77)s2"100" (id=78)s3"100" (id=78)s4"startVD" (id=79)
s5"lighting" (id=80)s6"reading" (id=81)s7"Anna" (id=82)s8"0" (id=76)
s9"";s10"" (id=64)s11"" (id=64)*/
strcpy(Tmeg.s0,"0"); strcpy(Tmeg.s1,"500");strcpy(Tmeg.s2,"100");strcpy(Tmeg.s3,"100");
strcpy(Tmeg.s4,"startvd");strcpy(Tmeg.s5,"lighting");strcpy(Tmeg.s6,"reading");
strcpy(Tmeg.s7,"anna");strcpy(Tmeg.s8,"0"); }
MergeMessage (Tmeg); if( strlen(argv[1]) ) {
//strcpy(socketstring,Tmeg,sizeof(Tmeg));
if(transmit(socketstring, strlen(socketstring) ) ) {
printf(""%s" transmitted. ", socketstring); } else {
printf("Error occurred: %s ", strerror(errno)); return 1; } }
else { for( ; ; ) {
if ( argc < 2 ) // No argument: Just listen {
printf("Listening... "); if ( !receive() ) {
printf("Error occurred: %s ", strerror(errno)); return 1;
} return 0; } } } printf("Finished "); return 0;
} //////////////// .h file is /////////////
//#define WIN32_LEAN_AND_MEAN// Exclude rarely-used stuff from Windows headers
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#define SubLen50
//#include <ifaddrs.h>
#include <errno.h>
char MYIP[20];
char BCASTADDRESS[20];
typedef struct {
char s0[SubLen];
char s1[SubLen];
char s2[SubLen];
char s3[SubLen];
char s4[SubLen];
char s5[SubLen];
char s6[SubLen];
char s7[SubLen];
char s8[SubLen];
char s9[SubLen];
char s10[SubLen];
char s11[SubLen];
}msg_struct;
msg_struct Sendmsg;
msg_struct Tmeg; //Recivemsg;
Boolean pri[6];
char socketstring[SubLen*12];
char Ressocketstring[SubLen*12];
int kBufferSize = (SubLen*12);
View 2 Replies
View Related
Aug 27, 2010
I need to receive a number of raw ethernet packets (say, 100 packets) into a user-mode accessible buffer large enough to hold all the packets. The way I have done this so far is by looping over the recvfrom() system call 100 times, passing an incremented pointer addressing the location in my buffer to store the packet. Is there a way to receive the 100 packets into my buffer with one system call, perhaps by instructing the kernel to DMA the 100 packets into my buffer?
View 1 Replies
View Related
Mar 31, 2010
I'm having problems with my internet connection; it seems to be working fine then every other click of a page there is no connection, then I click it again a second later and it works. I am using a wired network connection plugged into an addon wireless router.
When I use ping under network tools it seems to be fine, then freezes halfway through and doesn't receive those few packets, giving me a transmission percentage of about 70%.
View 2 Replies
View Related
Dec 6, 2010
I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
View 1 Replies
View Related
Feb 17, 2010
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies
View Related
Mar 16, 2011
I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.
View 1 Replies
View Related
Mar 13, 2011
I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?
View 1 Replies
View Related
Sep 10, 2010
I have a very weird case in my firewall.I have an asterisk server and some phones and between them there is a linux firewall based on iptables.With basic rules on iptables everything works ok, but when I put a single nat rule (no matter what rule I use) some packets from some phones misteriously disappear from interfase to interfase.
Clearer:The firewall has two interfases: eth0 (pointing to phones) and eth2 (pointing to asterisk).One problematic phone is 192.168.3.242, so I use tcpdump this way.
View 14 Replies
View Related
Jun 26, 2009
if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?
View 4 Replies
View Related
Feb 20, 2010
For learning purposes i've set up a vpn between a laptop (running ubuntu) and a pc (running windows). The 2 computers are on the same lan. The VPN server is set on the laptop, and as a guide i used this tutorial:The problem is that the mtu on the ppp0 interface is 1396 and the mtu on the eth0 interface is 1492 so in order to pass packets from the et0 if to the ppp0 if, the laptop needs to fragment the packets, and here is where the problem appears: the packets come with the don't fragment bit set. I've tried lowering the mtu of the eth0 if but that didn't work. The only way i managed to make this work is setting the ppp0 mtu size to 1492. The thing is that setting the mtu and mru in the pptpd-options file to 1492 doesn't do anything (at least to solve this problem) and the only way to set the mtu of the ppp0 if is to manually set it using: Code:sudo ifconfig ppp0 mtu 1492 The issue with this is that every time the connection resets i have to enter the command.
View 2 Replies
View Related
Oct 13, 2010
I want to build a topology of this kind:
|eth0 (a.a.a.a) |
Linux PC |<----------------> | ROUTER
|eth1 (b.b.b.b) |
|<----------------->|
the linux machine has two interfaces eth0 (a.a.a.a) and eth1 (b.b.b.b) connnected to two interfaces of a router. Now that if I send any packet destined to b.b.b.b from a.a.a.a interface on the linux machine, it should take the folowing path: eth0->router->eth1 . and it should be the same for vice versa.
View 1 Replies
View Related
Jul 2, 2010
I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
View 5 Replies
View Related
Mar 30, 2011
I have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
View 1 Replies
View Related
Sep 25, 2010
When setting up an alias for eth0, the interface works as expected for normal traffic, but does not receive broadcast traffic.
Host 1's setup:
Code:
Pinging host 1's normal interface from host 2 works as expected:
Code:
Pinging host 1's alias interface from host 2 works as expected:
Code:
Broadcast pinging from host 2 only gets a reply from host 1's real interface (as well as some other uninteresting devices on the network):
Code:
I have confirmed by listening on both interfaces using netcat, and broadcasting using netcat, and again only the real interface receives data.
Is this by design, or is it possible to get interface aliases to receive broadcast traffic?
View 1 Replies
View Related
Feb 9, 2011
I'm a student who is working on a wireless research project. I have a madwifi driver for Atheros chipset on Debian Linux. With having the wireless interface get into monitor mode, I want to forward the captured packets from the wireless interface to the other Ethernet interface so that a different computer which is connected to this machine via Ethernet receives those packets. I checked that alll packets are received in the wireless interface using TCPDUMP. I tried to forward those packets with IPTABLES like 'iptables -p FORWARD -i ath0 -o eth2 -j ACCEPT' However, I couldn't see any packets forwarded to eth2 using TCPDUMP.
View 5 Replies
View Related
May 11, 2015
I am trying to build a socket to retrieve the ethernet packets from ECU(I do not know much about the ECU). When i run my code on windows there is no problem and the code runs correctly. But when i run my code on Debian it gets stuck at s.recv(1024).
I have already set static ip in /etc/network/interfaces as follows:
Code: Select alliface eth0 inet static
address 160.48.199.91
netmask 255.255.255.0
gateway 160.48.199.254
The simple code is as below:
Code: Select all import socket
import sys
HOST = "160.48.199.91"
port = 30490
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
s.bind((HOST, 30490))
while True:
data = s.recvfrom(1024)
print(data)
There is no LAN or Router. When i check netstat -s i see that there are 0 UDP and 0 TCP messages received. But when i check in Wireshark on Debian i could see the displayed UDP packets. Does it mean that the UDP packets are reaching the Raspberry Pi but not received by Debian ? Or are these packets being dropped?
View 4 Replies
View Related
Mar 11, 2011
How can I send and receive packets using libpcap, reply as early as possible.
View 1 Replies
View Related
Nov 18, 2010
I've looked today on my logs /var/log/message and I find device eth0 entered promiscuous mode I don't remember putting eth0 in promiscuous mode I'm connected to the net thru a router how do i turn that off ?
View 1 Replies
View Related
Feb 24, 2011
I am establishing a VPN connection with a Cisco VPN server, but only want outgoing connections to a certain set of IP addresses to actually go through the VPN. I tried something like this:
Code:
sudo iptables -A OUTPUT -t mangle -p tcp -d 111.222.0.0/16 -j ROUTE --oif tun0
but keep getting
[code]...
View 4 Replies
View Related
Dec 15, 2010
it�s been several years since i played with iptables. I have setup like this:eth0 is the only physical device on box and eth0:0 is aliased. Traffic going out of the box to internet uses eth0eth0 116.55.58.1eth0:0 116.55.58.2I have a service listening on port 80 on 116.55.58.2Lets say my client connect to 116.55.58.2:80 through 116.55.58.1 , how do I force (mangle you name it) with iptables that the outgoing source address will be always 116.55.58.2?
View 1 Replies
View Related
Jun 18, 2010
The following is my setup. wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3) as show above i have target board for that i have a wireless interface and a linux pc is connected to target board.now the ips are like this for linux pc 192.168.36.3 and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.but when i do the same from target board connected linux pc its not pinging from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1 .I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
View 14 Replies
View Related
Aug 26, 2010
I'd like to (if it's possible, of course) to redirect the packets originated within a linux box, and I've been tryin' to do it through the OUTPUT chain in nat table:
Code:
iptables -t nat -A OUTPUT -p tcp -d 192.168.0.74 --dport 80 -j DNAT --to-destination 192.168.0.17:80
The policy for the rest is ACCEPT.This redirection didn't work this way. If I do lynx http://192.168.0.74:80 I reach 192.168.0.74 host, so there is no redirection.Could I achieve what I'm needing through with IPTABLES' OUTPUT chain (in nat table)?
View 1 Replies
View Related
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
Mar 8, 2011
I am a newbie in Linux. I have Fedora 13 OS 32 bits. I am working with PowerDNs and Poweradmin. How can I configure this with PowerDNS?
1. Allow localhost recursion but deny recursion to external clients. Is there a tutorial for that?
2. Set up cache nameserver for localhost (like caching-nameserver in Bind).
Is there a tutorial for that?
3. My Master Server with PowerDNS is working well from localhost but external clients cannot access it.
I have iptables with these rules:
[Code]....
View 1 Replies
View Related
