Networking :: Iptables Redirect On RHEL 6 ?
Jul 18, 2011
I have a virtual environment, RHEL6 minimal install. On that, I am trying to run Liferay6 on Tomcat6 for the purpose of writing prototype business portals. I used the Liferay+Tomcat bundle downloaded from the Liferay website.
For security reasons, the server can only be accessed through port 80, and Tomcat listens on 8080. (I know I can run it so that it listens on another port, but I'd like it on 8080)
Goal:
Use iptables to forward traffic destined for 80 to port 8080.
What I Did:
Configure nat to forward tcp packets from 80 to 8080:
Code:
List the nat iptable:
Code:
wget to 80 doesn't work:
Code:
What I Already Checked:
Tomcat did start normally. Logs show no errors, and specify that Coyote HTTP/1.1 is initialized on http-8080. I can provide this log if need be.
Tomcat is listening on port 8080:
Code:
Code:
I get the same negative result on the VM on the server as I get on a RHEL6 VM on my laptop.
The iptables method that I described above does in fact work with Liferay6 on Tomcat6 on Ubuntu 10.10.
I have looked at this thread. I appear to have tried everything that was mentioned there.
Actual Question: I would like to know how to effectively forward 80 to 8080 on RHEL6, so that I can access Liferay on Tomcat (listening on 8080) at 80.
View 4 Replies
ADVERTISEMENT
Apr 9, 2010
I'd like to set up an iptables configuration as follows:- Allow all traffic by default- For one user account (anonymous), block all traffic except:- All traffic on lo- All DNS requests, which should be redirected to 127.0.0.1Here's what I tried:
# Redirect
iptables -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
[code]....
View 3 Replies
View Related
Mar 30, 2010
I'm trying to redirect the requests from port 80 to ports 8080 and 8081 through iptables because I've got two services which need accept requests from the same port(80):
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080-8081
The problem is that the second port (8081) never gets a request, just the first one.
View 1 Replies
View Related
Jun 19, 2011
how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
View 2 Replies
View Related
Jan 13, 2010
We host a web server in which we are hoping to implement some form of traffic redirection based on source IP address, and I am wondering whether the squid proxy built on iptables would be capable of managing this task? Essentially we are trying to redirect traffic from specific set of source IP ranges to a "Your IP has been restricted" type of page at a different IP/FQDN.
View 2 Replies
View Related
May 3, 2011
I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies
View Related
Apr 7, 2010
I'm installing Webmin on a older DNS server here at work. Can't connect to port 10000 so I checked the server ports via NMAP, looked like the port is closed. I tried to run /etc/sysconfig/iptables but this returned a "permission denied" message. I'm logged in as root, not sure what I'm missing, maybe I'm running the command incorrectly?
View 4 Replies
View Related
Jun 11, 2010
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
View 2 Replies
View Related
Mar 4, 2010
I use Centos 5.4, squid 2.6 stable21
I want to redirect only one url to another in a simpliest way.
View 3 Replies
View Related
Mar 9, 2011
I am trying to grep multiple numbers from file, grep does have the -f option for that.
Code: grep -f <`seq 500 520` /etc/passwd I know this could be done with
Code: for i in `seq 500 520`; do grep "$i" /etc/passwd; done But my question is fare more behind this example. It is possible to redirect one command output which will be treat as a content of file for another command ?
View 2 Replies
View Related
Jul 20, 2011
where to look for setting up my web server A so that if I have to bring it down for maintenance, all web traffic will go to my backup server B. I thought about changing DNS entry but that will take time to update.
View 2 Replies
View Related
Mar 24, 2010
I work for a auto dealership, and they have a proxy server that is provided by toyota that does nothing other than route traffic some specific sites they use in the dealership. We are looking to put a local proxy server in place to filter web traffic of virus/inappropriate content. What I am looking to do is set everyone's proxy settings to point to our server but when someone puts in the toyota sites it will redirect them to toyota's proxy server and out. I am not sure if this is possible or not.
View 2 Replies
View Related
Feb 2, 2010
I have "Server A" with real internet ip 1.2.3.4 (eth0) and lan ip 192.168.1.1 (eth1) There's also "Server B" with lan ip 192.168.1.2 (eth0), I'm running an Apache Web server on "Server B", so I want to redirect all traffic from IP 1.2.3.4 port 80 (Server A) to 192.168.1.2 port 80 (Server B), using the following rule:
[Code]....
iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to 192.168.1.2:80 This actually works pretty good, from internet I can browse ttp://1.2.3.4 But the problem is that if I check the Apache logs, all incoming connections seems to come from 192.168.1.1 instead of showing the real source ip addresses (internet ip's) so this is screwing up all my web stats, I've been looking for hours and hours on how to make a transparent redirect, but can't find any info, I know there must be a way because my old WRT54G router which uses iptables could do it.
View 12 Replies
View Related
Dec 15, 2009
I have a bit of a strange scenario. I have a machine with a fixed IP (192.168.0.108), running Linux. It has an external IP 99.99.99.8 via a 1:1 NAT on a Cisco ASA/router. Port 3389 (MS RDP) is open for 99.99.99.8. I want my Linux machine to listen on port 3389 and redirect all traffic to that port to a Windows machine (192.168.0.100). In this way, my Linux box is able to respond to requests on all ports, but port 99.99.99.8:3389 connects to Remote desktop on the Windows PC. I do not have access to the Cisco NAT config. I was able to get this setup to work by using an SSH tunnel.
I ran this command on the linux box:
ssh -L 3389:192.168.0.100:3389 ergosteur@192.168.0.108
Any ideas? Perhaps using iptables or something?
View 5 Replies
View Related
Mar 31, 2010
I have recently just got another internet connection at home via cable as well as my exisiting DSL connection. I was wanting all my web browsing that I did via squid to be redirected down the cable connection. The box has a single nic at the moment and the default route sends it via the dsl connection for the mail server that is also running on the box.I was hoping that anything that hit squid would go down the cable connection that is plugged into a router and thus I can route to 172.16.2.251 and everything will go out via cable.
I was reading about iproute2 and marking the packets and is wondering whether this is the way to go?
View 3 Replies
View Related
Jul 6, 2011
is there any way to point certain packets from my outgoing traffic to a LAN : port ?
can iptables do this ? if yes how ?some like this [URL] ?
View 1 Replies
View Related
Jul 7, 2011
My company requires a proxy server that requires a manual configuration to use. Many Ubuntu apps, however, do not respect the HTTP proxy settings.Is there anyway to modify my local firewall settings to automatically forward IP traffic to the company proxies in the same way a transparent proxy might work?Would I need to set-up my own local, transparent squid proxy which itself forwards to the company proxy?
View 1 Replies
View Related
Jan 12, 2010
i have problem with my configuration iptables, i have configured for transparent like this,
for masquerade -> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
for transparent -> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
how to make a rule if there 1 address i dont want to redirect to port 3128? in other words 1 specific address just run on port 80.
View 3 Replies
View Related
Jan 10, 2011
Hi,
In squid i have blocked some sites like facebook and ......I want to know is there any way when user type in his browser like www.facebook.com instead it show something like following it automatically redirect to www.google.com
Error
The requested URL could not be retrieved
The following error was encountered:
Access Denied.
Basically I want to redirect the http request so the user should not see the page not found error but www.google.com page may open automatically.
thanks
garden
View 2 Replies
View Related
Jun 2, 2011
I have a strange problem and I can't seem to find clear information on how to do this . I have 2 loadbalancer set up keepalived NAT mode with 2 interfaces each
internal vip - 192.168.0.199
external vip - 195.x.x.21
lb1 -master
bond0 - private - 192.168.0.239
[code]...
View 1 Replies
View Related
Jul 23, 2011
My network isPC1 -- (NIC1,10.1.1.x) Linux (NIC2,10.1.2.x) -- Server 1 (HTTP/FTP)My question isIn the linux system, can I change the PC1 source port from 20000 to 30000? for examplePC1(sport:20000,dport:80)---Linux-- (sport:30000,dport:80)--- Server 1 (HTTP/FTP)
View 2 Replies
View Related
Sep 10, 2009
From what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
View 6 Replies
View Related
Feb 17, 2010
I was trying to find some free VPN service for access restricted pages. I found some working programs for win XP, but nothing works under Linux (TOR was too slow and now it is blocked). I was using program PacketiX under win, and it has also Linux version without GUI, but i was not able to make it work, because I dont know, how can I make firefox to connect through the VPN service.
I downloaded the client here [URL]
I was able to make it work with this guide [URL]
But i dont know, how to adjust routing table so I can connect to the internet through the VPN service.
ifconfig
Code:
ath0 Link encap:Ethernet HWaddr 00:05:4e:4d:c5:5f
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:576 Metric:1
[Code].....
View 1 Replies
View Related
Dec 17, 2010
I found this really cool guide / info about creating an internet portal where users have to register (their MAC) with the server to use the internet. basically if users MAC's are in the list they get routed to the internet if not they get routed to an internal page asking them to register. It works great and works well. I was wondering if there are some smart people out there who could help me reverse the process.. eg if your mac is not in the list you can access the internet if it is, you are redirected to an internal page saying "youve been blocked"
The firewall rules are as follows.
Code: IPTABLES=/sbin/iptables
# Create internet chain
# This is used to authenticate users who have already signed up
$IPTABLES -N internet -t nat
# First send all traffic via newly created internet chain
[Code]...
View 3 Replies
View Related
Sep 12, 2011
Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment
VoIP Provider_____Gateway_____________My server
ADSL Provider____(non pingable)
x.x.x.2 <====> A.A.A.1 <======> A.A.A.3
[code]....
View 2 Replies
View Related
Apr 10, 2010
I have a dell desktop PC that runs with ubuntu 9.04 jaunty jackalope and has 2 network cards eth0 that is connected to internet with an pppoe connection and is shared on eth1 for the other pc that is with windows on the ubuntu server machine is installed EHCP controls panel and No-IP, No-IP works fine but if I add a host as a domain in EHCP where I want to add EHCP {itself, problem appears. No-IP does not redirect to my IP after I added host in EHCP. EHCP is set to have the original IP of my pppoe and I tried with the 127.0.0.1 IP and the problem is still there.
View 2 Replies
View Related
Feb 19, 2011
I have had a look at the the information on the ubuntu forum about this but am having trouble getting the server to do what i want it to do.
I have a VPS running ubuntu 9.10 and i am trying to set it up to redirect port 25 to a remote machine via a VPN connection (remote machine connected via VPN)
i have tried setting this up in the firewall using webmin but it is not working.
View 3 Replies
View Related
May 26, 2010
i have a problem........ How to redirect local http port to remote ip ddress(192.168.10.64) using iptables..my destro is Centos 5.3 my rule is this iptables -t nat -A PREROUTING -s 0/0 -d <my local ip> -p tcp --dport 80 -j DNAT --to-destination 192.168.10.64
View 1 Replies
View Related
Mar 22, 2010
I'm trying to workaround a limitation in a server application. The limitation is that I can only connect to a LOCAL mysql database. I am trying to fool the server in to using a remote mysql database. I was hoping to do this by simply forwarding 3306 to another server on the same subnet.To that end I've set up iptables rules to forward all connections to port 3306 to a non-standard mysql port on a remote server. This works, except that I need to deal with the loopback interface in a special way and I'm stuck.
View 14 Replies
View Related
Apr 22, 2009
I'm using OpenWRT on a WRT54GS. I'm using wifidog in combination with openvpn. For those of you familiar with wifidog, my auth server is located at the other end of an openvpn tunnel and the "wifi dog gateway" is running on the WRT itself. I'm don't really think that wifi dog is the issue. Basically, I'm using openvpn with the "redirect-gateway" option which works well. In this mode, openvpn removes my current default gateway setting and adds the remote openvpn server as the default gateway (as it should). However, overnight, my default gateway on the local network keeps reapperaing (along with the openvpn one as well).
This causes confusion and I don't want any packets (But ovbiously the connection to the actual openvpn server) to go down this local gateway. Why do you think it reappears? Do you reckon openvpn is dropping connection and somehow the normal gateway is being added back? I *could* run a cron script which runs every minute or so with something like "route del default gw xx.xx.xx.xx" (where xx.xx.xx.xx is the default gateway which I don't want to be there) but that is quite messy and means that if I were to ever move the router I would need to reconfigure this and considering that I would like in the future to have many of these wifi dog gateways, this really isn't an ideal option (as every network will have a different default gateway).
View 2 Replies
View Related
