Networking :: Configuring Iptables To Locally Translate Some Ports?
Apr 27, 2011
Because my ISP is blocking every IP port under 1000, I'd like my local nat'ed server to be able to translate incoming and outgoing traffic from some port above 1000 to the default server port locally.Example :
To connect to my IMAP server (default port : 143) from the outside,I'd connect to my public IP, port 1143 (opened and nat'ed to the right server on my router) and the server would translate this port to 143 on the same machine.I wish I could simply configure my router to do that but sadly Linksys doesn't permit such setting... I also could modify the listening port of my server but I prefear to keep the default port inside my network.I think that iptables is the right tool to do that and I never used it and I must say that this tool is not so easy to configure at first sigh
View 5 Replies
ADVERTISEMENT
Apr 16, 2010
I have a system with one (sometimes two) ethernet ports, that works happily in an old Fedora 5 build. But I can't get it to work on a new Centos 5.4 build. Original system: One dedicated ethernet port on card always connected to the systems dedicated equipment and no external access (the system is the DHCP master for that network). An optional second USB dongle that is a second ethernet port, used for debugging and development. (This is a DHCP client with full conectivity. In /etc/sysconfig/network-scripts I have ifcfg-eth0, ifcfg-eth1 and a route-eth0. Neither of the ifcfg files needs an explicit HWADDR, which means the same ones work for all boxes. And when one needs to be connected to the network all is fine.
The system is being moved to Centos 5.4, most is working with minimal change, but I am having problems with the ethernet ports. If it only has the on board ethernet connected, all is fine. If you have the USB dongle connected things go wrong: This system brings up the USB ethernet first, and tries to assign it to eth0 (which fails), and then brings up the on board ethernet as eth1 (which also fails). I have tried forcing the behaviour of the network by setting the HWADDR(s), but this does not result in the on board coming up as eth0, it comes up as __tmpxxxx as follows:
ifconfig -a
__tmp226406138 Link encap:Ethernet HWaddr 00:80:66:07:A8:63
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
[Code]...
Currently the only solution is to unplug the USB dongle through restart and plug in afterwards, and this wont work when the unit is remote and in the field.
View 14 Replies
View Related
May 14, 2009
Since there was no response on my other post which i spent about a hour writing, ill go for something simpler. I run this on my server
Code:
# set default policy for the NAT table
iptables -t nat -P PREROUTING ACCEPT
[code]...
View 9 Replies
View Related
Dec 23, 2010
I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also. However, the only port that gets successfully forwarded is port 22. The other two appear closed. here is what the script looks like:
Code:
#!/bin/sh
#
[code]...
View 2 Replies
View Related
Apr 21, 2011
I'd like to pass all traffic between bridge ports via the FORWARDING chain, so I changed following sysctl parameters:
Code:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[code]...
View 1 Replies
View Related
Feb 16, 2011
I like to set in iptables to allow access from one host to my server on any ports.
Currently the iptables have been configured to deny all and to allow access only to those I've specified.
Can anyone advice on the command to achieve this?
View 1 Replies
View Related
Jun 30, 2011
I want to portforward client connections from an ubuntu lts server to another external server. btw i am a noob on iptables. i have tryed using the basic commands for iptables with no success. For example:iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 7878 -j DNAT --to 91.23.45.67:7878iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 91.23.45.67 --dport 7878 -j ACCEPTso basically i just want a rediraction for from one ip to another. Example: A client tries to connect to ip 123.45.67.89 on port 7878 and the server forwards him to ip xx.xx.xx.xx on port 7878, meaning that xx.xx.xx.xx is the actual server with services. Server with ip 123.45.67.89 is only forwarding the client to external ip... how can this be done in a simple command?
View 7 Replies
View Related
Mar 3, 2009
I new in Linux, I have a Centos5 since sunday and well I have to configure the iptables security of this cpu, I read a lot of examples of iptables in the internet and also another Thread from here but Really a don't know what to do, I saw lots of codes but first of all I don't know where I have to write that and my teacher don't want to help me in this homework. I tried to write the codes in applications --> accessories --> Terminal
View 3 Replies
View Related
Feb 15, 2011
I like to set in iptables to allow access from one host to my server on any ports.Currently the iptables have been configured to deny all and to allow access only to those I've specified.
View 2 Replies
View Related
Jul 6, 2011
I'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this:
Clients <-> Proxy Server + DHCP Server <-> Internet
With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).
For Iptables I used:
Code:
iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP
Squid3 config:
Code:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl Safe_ports port 80 # http
acl whitelist dstdomain "/etc/squid3/whitelist"
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny !whitelist
http_access allow localhost
http_access allow all
http_port 3128 intercept
hierarchy_stoplist cgi-bin
View 2 Replies
View Related
Apr 26, 2009
I've tried both the firewall interface that comes with Fedora and Firestarter, neither can configure as I want. So I think I'm going to have to do it by hand. In this laptop I have one 10/100 Nic and one wifi connection, at times either of them can be connected to the network. How can I configure IPtables so that any traffic is allowed out, nothing is allowed in (other than std stateful firewall replies), no icmp and that the fw logs any attempts to connect to the laptop?
View 5 Replies
View Related
Mar 30, 2011
We do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.
View 4 Replies
View Related
Feb 16, 2011
I have a mail server with IPTABLES enabled.I want to allow access to:
41.0.0.0/8
58.0.0.0/8
61.0.0.0/8
[code]....
View 7 Replies
View Related
Sep 18, 2009
I am trying to open VNC ports(5901,5902) on my RHLinux machine using iptables. I am able to do it from GUI system-config-security. Go to the Administration > Security Level and Firewall, then select "other ports" at the bottom and enter the portNum 5901 to open and select tcp, then click OK and OK again to save your settings. From my windows m/n iam able to open vncsession using vncviewer on 5901 port.But when I am trying to do it from command line:#iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPTThis command added the entry in /etc/sysconfig/iptables and listed in iptables -L command.Then I saved and restarted the iptables.#service iptables save
#service iptables restartWhen I am trying to open the VNC session from vncviewer, it is giving me error and session not opened.Is there some thing I missed here? where can I check the logs for this? I definetly need
View 3 Replies
View Related
Feb 18, 2009
I seem to be having a strange problem configuring Piranha to load balance (Direct route) 2 ports across 2 w2k3 servers in a test environment. What is strange is that 1 of the ports are working fine but the other port doesn't work. I've read many how-to and after many frustrating hours I disabled the firewall, iptables and arptables services and one of the ports are load balanced across the 2 real servers. Here's the environment.
[Code]....
I can telnet from the client to the realserves on both ports and it's works. When I telnet to the VIP only one port gets through and the other gives me "could not open connection to host port 32777 : connect failed. The configuration in Piranha for one port is the same as the other. I can't help but think that some other configuration for port 32777 was missed.
View 1 Replies
View Related
Jun 25, 2010
I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.
So now I'm struggling a bit with Iptables. Basicly what I'm looking for is how to block all ports but 80 in this last subnet with iptables.
View 5 Replies
View Related
Jun 15, 2010
How can I block all ports except
ssh (port 22)
httpd (port 80)
using iptables and iphains?
View 1 Replies
View Related
Jan 20, 2010
how to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3
View 2 Replies
View Related
Jul 23, 2010
How to configure iptables to allow only 22,80,3306 ports for only a dynamic public ip/dyn dns domain name on a ubuntu server?
View 9 Replies
View Related
Jun 16, 2010
I am trying to edit the iptables to include some ports/ip for openfire server. The problem is the computer is very locked down with permissions...I logged in as ROOT with ID 0.Now the iptables has ROOT for permission BUT ID 1 which reflects BIN.As root i cant edit or chmod/chown the iptables. Here is what i tried:
1. change password of BIN - successfully changed with no errors BUT still cant su BIN with the new password...
2. tried changing the ID of ROOT to 1 but I dont have permission to use the command....
so anything i can do here??? I dont have permission with Shadow either...
View 3 Replies
View Related
Jun 20, 2010
I'm running Ubuntu 10.04 LTS as a VM in Hyper-V, and accessing it via VNC with a machine in the same broadcast domain. I'm using OpenVPN to connect to XeroBank. I have instructions for configuring iptables to permit establishing and using the XeroBank connection, while blocking all other traffic on eth0. I've followed them successfully. I need to also permit the VNC connection, and haven't managed that. FWIW, the VM is at 192.168.111.12::5900 and the workstation is 192.168.111.2.
The attachment to this post lists the recommended contents for each Shorewall file. Which files need changed, and what do I add to each?
View 3 Replies
View Related
Oct 3, 2010
I have 4 linux nat firewall boxes on 4 seperate networks all plugged into one WRT54G with the wireless function disabled. The WAN port is DHCP to my ISP modem (comcast.) WRT54G is set to gateway mode. WRT54G is not handing out IP's to clients, DHCP set to disable. Modem is a bridge and hands out dynamic internet routable ip addresses. All 4 linux boxes eth0 are static ip's and go to the WRT54g. Each Linux box is a dhcp nat firewalled router to my clients. Problem: DNS is not being resolved to my ISP from my clients. I can ping from a client to any where on the net or through my system. Tried placing the ISP DNS numbers in the /etc/resolv.conf file of servers but did not work.
Question does the WRT54G nat translate the ISP's DNS numbers also and to what? If so placing those numbers in the /etc/resolv.conf might solve the issue. Last bit of info. On one system there is 32 clients using win7 and dhcp. Some clients can surf all the time. Some never, some intermitently. IF I restart the server the above will applies to different clients. The same thing happens on the other 3 server systems. Attaching the Linux box directly to the modem and setting eh0 to DHCP I have no problems. I know it's not the linux boxes. It's placing the WRT54G between the modem and the Linux box that creates the loss of DNS resolution.
View 10 Replies
View Related
Nov 11, 2009
I've been tasked with setting up a RHEL FTP server to mirror one we currently have. From what I've read, I need to install and configure VSFTPD and then configure IPTables. From what I've been able to come up with, I need to follow the steps in this article to install and setup VSFTPD. Is this a good complete article to follow you think?Also, how do I copy the iptables config from that server to my new one? I think that iptables on our current server only allows certain IPs or blocks certain IPs (not sure which), so I need to have it do that on my new server as well
View 14 Replies
View Related
Aug 9, 2010
How would I set up a website that would be only accessible locally. There's a router machine (server) that keeps provides internet access for a number of client machines. I need to set up a learning platform (moodle) locally. The server machine runs moodle server (apache server) and students should have access to their accounts locally (no need to be accessible outside of LAN). First of all, what would be the best network configuration for it.Sorry for a dumb question, but could I just come up with any domain name if everything stays locally within LAN?
View 4 Replies
View Related
Jun 6, 2010
I have a home server that I was able to up and till recently able to connect to externally and internally but something has changed. I can't connect through vnc, putty or ftp. if I ping the local address it can't be found. If I try to get to it using its external IP address I can get to the server and put in my user name but it wont accept my password.If I go to the server and use the password it works fine.
View 13 Replies
View Related
Feb 18, 2010
I'm behind a very blocked firewall that only allows connections through port 80 and 443. I wish to ssh to my machine at home, but the port is blocked. Is there a simple server that I can run to route my ssh connection through http?
View 2 Replies
View Related
Aug 9, 2010
My requirement was to direct certain traffic from various ports down different Internet connections. Basically, for locally generated packets, the OUTPUT chain in the mangle tables is used. You can MARK packets in this chain for ip rule processing.Now the "clear as mud" part. There must be a valid routing decision made without the fwmark, selecting the right source address, even if the gateway ip is invalid.
View 2 Replies
View Related
Jan 15, 2010
If you use Nautilus then you can just use the "Connect to server" from the file menu. However if you file manager does not support connecting to servers (like Thunar ) then you can use sshfs.
Code:
sudo apt-get install sshfs
You should create a directory as your mount point, say
Code:
mkdir /media/Server
[Code]....
View 1 Replies
View Related
Jan 4, 2011
I've got two things I am trying to do and there seems to be no simple solutions. I am wanting to ssh into my Linux box from my laptop (Mac) and play the arsenal of music I have stored on the Linux box back to the laptop locally. I hear of people ssh-ing from work and playing music from home all the time. I have googled for days relentlessly with no way of getting the music to play back to my laptop.
1. I would like to be able to do this outside my LAN. 2. Inside my LAN, I can only seem to get the songs to play on the server. It seems there is a way to forward the sound via ssh somehow. I haven't figured it out yet.
View 4 Replies
View Related
Apr 11, 2011
there's a way to locally proxy or spoof just one web page. That is, use tsocks or hosts or something so that when I run an application that requests [URL], it receives /home/user/myversion.html, but for any other address it gets the normal page. Seems simple enough, if a little unusual... (I'm trying to work around a wget bug.)
View 10 Replies
View Related
