Networking :: Iptables Outgoing Adress Using An Aliased Interface?
Dec 15, 2010
it�s been several years since i played with iptables. I have setup like this:eth0 is the only physical device on box and eth0:0 is aliased. Traffic going out of the box to internet uses eth0eth0 116.55.58.1eth0:0 116.55.58.2I have a service listening on port 80 on 116.55.58.2Lets say my client connect to 116.55.58.2:80 through 116.55.58.1 , how do I force (mangle you name it) with iptables that the outgoing source address will be always 116.55.58.2?
View 1 Replies
ADVERTISEMENT
Nov 21, 2010
My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies
View Related
Apr 15, 2009
I have three machines on three networks192.x.x.x10.x.x.x172.x.x.xThe routers are set to forward communication between 192. network and 10. network, and between the 10. network and the 172. network.However, there's not routing between 192. and 172.I want to fix that by using a machine on the 10. network to forward communication between the other two networks.The machine has one etherent connection eth0 whose address is 10.1.1.11I set up an aliased ip address eth0:0 to be 10.1.1.12 using Quote:ifconfig eth0:0 10.1.1.12Then I tried to set forwarding rules the 10. machine such that 10.1.1.12 address will provide access to the machine 172.1.1.55 as followsQuote:# iptables -t nat -A PREROUTING -d 10.1.1.12 -j DNAT --to-destination 172.1.1.55The default policies for all chains is ACCEPT.I then try to access 10.1.1.12 from 192.1.1.20 expecting it to actually access 172.1.1.55 ; it does not work
View 3 Replies
View Related
Dec 7, 2010
Unsure about IP tables lingo, so excuse me for not looking this up:I have a server, running IP tables, that I do not want to allow any type of outgoing traffic to 192.168.1.21
View 3 Replies
View Related
Dec 6, 2010
I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
View 1 Replies
View Related
Jan 6, 2011
I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.
I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)
The following was used:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
Also, even allowing NOT SYN requests still prevents outgoing traffic.
iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT
Another point:
# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep
How to install ipt_state module on ubuntu?
View 2 Replies
View Related
Mar 9, 2010
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
View 3 Replies
View Related
Apr 28, 2010
i need is to have http and https allowed, together with mail server (incoming and outgoing) and ftp, ftps and ssh. all other ports have to be closed.
View 3 Replies
View Related
Aug 25, 2009
When I create virtual ethernet interface and do a ping -I <v_int> <host> the outgoing address is the one of the physical interface and NOT the virtual interface.Is there no chance that trafic will go out with virtual interface address??Incoming trafic is done well i.e. responds to the virtual interface have the virtual address.
My problem is that I have 2 modems and want to check both default gw behind the modems.
If I do a "normal" ping both are reachable over default route even the modem which is not the default route will not work because ping goes over the working modem.So I have 2 routing tables and want to route the virtual interface to one modem the other to the other modem
View 3 Replies
View Related
Feb 24, 2011
I am establishing a VPN connection with a Cisco VPN server, but only want outgoing connections to a certain set of IP addresses to actually go through the VPN. I tried something like this:
Code:
sudo iptables -A OUTPUT -t mangle -p tcp -d 111.222.0.0/16 -j ROUTE --oif tun0
but keep getting
[code]...
View 4 Replies
View Related
Jun 18, 2010
The following is my setup. wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3) as show above i have target board for that i have a wireless interface and a linux pc is connected to target board.now the ips are like this for linux pc 192.168.36.3 and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.but when i do the same from target board connected linux pc its not pinging from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1 .I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
View 14 Replies
View Related
May 10, 2010
I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
View 1 Replies
View Related
Aug 19, 2009
I want to block all the outgoing ssh form my machine, i.e my machine will not be able to ssh to any outside machine using iptables. The distro is RHEL, I added the following entry in the iptables but unfortunately it didnt worked, -A OUTPUT -p tcp -m tcp --dport 22 -j DROP
View 13 Replies
View Related
Mar 22, 2010
I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
View 2 Replies
View Related
Nov 18, 2010
Rather new to Ubuntu. I was wondering for advice on a basic iptables configuration blocking all incoming/forward and just allowing outgoing to http(s) and dns of course.
View 5 Replies
View Related
Feb 26, 2011
When I do...# iptables -L...I see rules in my INPUT and OUTPUT chains that look scary:ACCEPT all -- anywhere anywhere...but these rules only apply to the loopback interface. I tested it and the server cannot be reached on open ports from the outside world. How can I make iptables show the interfaces that the rules apply to?Otherwise, every time I do iptables -L it will scare the crap out of me.
View 3 Replies
View Related
Mar 31, 2009
I need to know what the Iptables "code" is to change the outgoing/Incoming IP for port 53 (DNS). I'm running CentOS on a dedicated server. I very familiar with Putty and SSH. So I don't need much details, I just can't figure this out. I asked my server providor but they deleted my ticket and didn't answer me.I tried this but am not sure if this correct of working?
View 5 Replies
View Related
Apr 7, 2011
I am having following problem:
RHEL 5.5 won't accept specifying an aliased interface (e.g. eth1:0) when I add a new host route to the routing table of a machine with multiple Ethernet interfaces. I have read that this works with Ubuntu, but RHEL gives problems. It only understands the interface card (e.g. either eth0 or eth1, but does not understand the aliased virtual interfaces within say eth0 or eth1).
As such, when I try to reach a host in the same subnet with the aliased interface and after adding that route to the routing table, Redhat won't reach that host.
View 4 Replies
View Related
May 5, 2010
Okey I have a good start i know there is something I'm missing. After Following this great help tutorial.[URL]..And kinda guestimating and messing around with my Linksys creating a new router assigning a static ip "Lan and wireless" address. configuration for the router looks like this.
[Code]...
I think I might be messing up the interface config file at the "NETWORK" section but i don't know.
View 9 Replies
View Related
May 20, 2009
Is there any tool or command where I can track down the IP-ADDRESS of a machine within the subnet using its MAC-ADDRESS .
View 11 Replies
View Related
Dec 10, 2010
I'm not able to set up eth0 with a static ip adress.service network restart and it was okkay but when I try to turn off and turn on, the ip adress is set up with dhcp.
View 7 Replies
View Related
Jan 14, 2010
just installed ubuntu in 1 of my boxes is an old compaq presario v2000. Is running dual boot with XP, the problem is i dont have internet connection(wireless and wired) with Ubuntu but i do with XP. I read like hundreds of posts from diferent forums and i wrote all crazy commands in terminal but aint working. I tried directly trough the modem (motorolla 2210)and with the router(netgear wgr614) via wired and wireless and aint working either. For some reason ubuntu doesnt request an ip adress from the router or the router dont asign an ip adress to my linux box.
View 7 Replies
View Related
Feb 3, 2010
I run a local apache server, that has some virtual hosts running. Now I want to be able to locally connect to these virtual hosts, but when I try this, it puts www and .com behind the url and says it can't find it. On Windows I know the equivalent, editing the hosts file. Is there something similar in linux?
View 1 Replies
View Related
Jul 14, 2011
i want to view my iptables log on web interface, with chart (in option, but this is not my priority).
View 1 Replies
View Related
Aug 12, 2010
I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables:
# Simple Firewall configuration
#
# Set default policies --------
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
#
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
#
# Accept established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Services --------------------
#
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
#
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
#
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
#
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
#
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
#
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
#
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#
#PLESK
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
#
#Games
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets
-A INPUT -f -j DROP
#
# Log & Block broadcast packets
-A INPUT -d 255.255.255.255/0.0.0.255 -j LOG
-A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
# Log & Block multicast packets
-A INPUT -d 224.0.0.1 -j LOG
-A INPUT -d 224.0.0.1 -j DROP
#
# Log and drop all other incoming packets
-A INPUT -j LOG
-A INPUT -j DROP
#
COMMIT
View 18 Replies
View Related
Feb 14, 2010
I just had an ATT Uverse RG installed. However my Smoothwall router that previously worked fine with the ADSL SpeedStream is no longer accepting an address assignment DHCP ip address from this new gateway. (3800HGV-B)Any thoughts ideas or experience working with this hardware? ATT only supports Windows and Mac
View 2 Replies
View Related
Jul 18, 2011
I have a ppp0 entry with post-up options like this
mapping ppp0
map none photon-plus motorola
map timeout: 12
[code]...
View 8 Replies
View Related
Jun 7, 2011
it is probably very basic but I'm new to linux and the shell "dev" is defined to take me to the newest version (some kind of an alias?), in this case to the directory v0.9 in fact if I go one directory up to /design/ libs/at77000 and I do "ll" I can see: dev -> v0.9/.I am using ocean scripts and for documentation it is important for me to print/show which version is been used in the simulation.how to show the current version directory "v0.9" instead of "dev", i.e. I need to print this:Version Used: /design/libs/at77000/ v0.9/ the version is changing from time to time and that's why the path is defined as "/design/libs/at77000/dev/"
View 3 Replies
View Related
Mar 19, 2010
Apache httpd.conf (with server identity info removed)
CentOs 5.4 system info
I have a problem I've been banging my head against for hours.
I can't get an aliased folder to turn up: I just get a 404.
I've chowned the folder to apache:apache and most of it is chmod to 755. I tell apache of the changes, and have even tried restarting a few times.
I'm expecting it to turn up like this yyy.com/laura_shop/
(within which is a php script to do a shopping cart)
The apache directives look similar to what I have on my dev computer (which is Windows, mind you).
The directory and alias are defined within my main virtual server which you can see here:
virtual host conf directives
(see at top of the message if you would like to see the whole httpd.conf file)
I realise this is more of an apache/linux problem but perhaps familiarity with CentOS may get me the right answer quicker.
View 10 Replies
View Related
Jun 23, 2010
I am testing my setup which will have 2 public servers. HTTP & MAIL both with reverse DNS established.
www.mydomain.no -> xxx.xxx.xxx.034 -> internal name server
mail.mydomain.no -> xxx.xxx.xxx.035 -> internal name mail
Both addresses are on the same NIC with 34 being the main address.
The system work fine except one thing. The IP address mail sends out from is the Firewall Address _FW. I can see why as the default gateway set on the mail server is the FW_IP (The main gateway ip)How can I get the MAIL server to send through it's own public IP.I understand I can change the Firewall public IP to that of the Mail server and that would cure the problem for now. If it's possible I would like to learn a little in the process.
View 10 Replies
View Related
