Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
View 2 Replies
I want to know what is a source port and what is a destination port.
View 7 Replies View RelatedQuote:
-A RH-Firewall-1-INPUT -s 10.12.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Ex- 10.12.0.0/16, 172.150.0.0/16, 192.168.20.0/24
How can we add multiple sources network address in the above INPUT chain?
Which of these (if any) are correct?
cp -r /var/www/vhosts/niftyfiftyparty.com/httpdocs/sites/all/modules/*.* /var/www/vhosts/keylargodivecenter.com/httpdocs/sites/all/modules/*
in /var/www/vhosts/niftyfiftyparty.com/httpdocs/sites/all/modules/
cp -r *.* /var/www/vhosts/keylargodivecenter.com/httpdocs/sites/all/modules/*
in /var/www/vhosts/keylargodivecenter.com/httpdocs/sites/all/modules/
cp -r /var/www/vhosts/niftyfiftyparty.com/httpdocs/sites/all/modules/*.* *
Both the source and destination folders are valid. There are several folders in the niftyfiftyparty modules folder that I need in the other one.
I am trying to run the same command(s) on the many destination servers from my source server.source server user "report" ssh keys are added to all destination hosts.
hosts.cfg:
----------
gadikota_dev01
[code]....
why do we have to define both Source/Destination AND Direction when building firewall.Isn't direction= source->destination? what would happen if source and destination were swapped?
View 3 Replies View Relatedi want to copy one or more files or directory from one drive to multiple drive simultaneously. It like a cloning a disk. But i dont like clone entire disk. i want to copy/clone only certine files or folder. if any one can know how to copy one source to multiple destination simultaneously.
View 3 Replies View RelatedTo make a full backup I run a live Knoppix DVD and clone the computer's HDD to an external HDD using the dd command. Is there a possible problem with the source being copied onto bad sectors on the destination disk? If so is there a way to prevent this from happening? A typical dd command I use looks like: dd if=/dev/sda of=/dev/sdb bs=4096 conv=notrunc,noerror. Is this the recommended command for cloning to a disk of equal size?
View 1 Replies View RelatedI had a situation in which the the path of the file to be copied is written in other file and I had to copy it using shell script..I can use cp $(cat /home/robert/location.txt) /media/sda1 on normal linux shell...But I am using buildroot script where $(cat /home/robert/location.txt) evaluate to nothing..is just blank..
View 1 Replies View RelatedWhen you run the following cp command in the BASH terminal, how does Linux know which files are the source and which are the destination when copying multiple files from one location to another?How does Linux know that the services, motd, fstab, and hosts files are the source and the /home/fred/my_dir is the destination?This question came up in a Linux class and I was not sure of the answer. I was thinking it is based on the source path entered ending with a file path and the destination being a directory, but was not sure.
View 4 Replies View Relatedi'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies View RelatedThis is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
I want to know how to add (ports to open)in firewall using command or scriptor any ather method
View 4 Replies View RelatedHere's my setup: Slackware 13.1 External IFace = eth0 / DHCP (assigned from comcast) Internal IFace = eth1 / 192.168.0.0/24 I've made it connect/authenticate, but I can't get anything to route through it..
[Code]...
Really wanting to try and get this setup to where all computers on my lan are forced through the VPN, i've tried most of all things I've googled, and no real luck.
My internet gateway is 192.168.1.1 with a 255.255.255.0 subnet mask. I have a router connected to it running ddwrt with an ip 192.168.2.1/24 creating a second subnet behind it. I have a tenant moving in that will be wirelessly connecting to the ddwrt router, so to the 192.168.2.0/24 subnet. What I am looking for is a rule that will pass internet traffic to and from this client, but restrict him access from the 192.168.1.0/24 subnet otherwise. The ddwrt router is connected to the 192.168.1.1 gateway through its wan port, btw. For example, the client would get an ip address of 192.168.2.100 wirelessly from the ddwrt router. I want him to be able to surf the internet through the 192.168.1.1 gateway, but not to have any other access to the 192.168.1.0/24 subnet (ideally not have access to ANYTHING besides the internet).
View 4 Replies View RelatedIs there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.
View 1 Replies View RelatedI configure IPtable on RadHat as firewall and i want to allow for IP Phone using SIP protocol.I already allow port 5060 for IP Phone using SIP Protocol and I can call out.The problem is:
1. I can call out and in but when they pick up my call they hear what i'm saying but i can't hear they are saying.
I've been trying to add a redirect iptable record but each time I add it, it appears to add successfully (meaning it doesn't throw me any errors); yet when I run 'iptables -L' I can't see it listed:
iptables -t nat -A PREROUTING -p tcp --dport 82 -j REDIRECT --to-ports 8081
I also tried to do a DNAT redirection but this too, executed successfully but did not show in the list:
iptables -t nat -A PREROUTING -p tcp --dst 0.0.0.0/0 --dport 80 -j DNAT --to-destination 10.10.10.10
Am I missing something or am I not applying the rule correctly?
i have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
I have six .iso files of CentOS 5.5 (I believe it is a distro of Linux) in a removable External HDD and I want to combine the six files to an only iso. I searched on the Internet and found a script named mkdvdiso.sh and the syntax of that script is: ./mkdvdiso.sh /source /destination/DVD.iso However, I don't know what I can replace the two parameters "source" and "destination" with. I have tried everything I can but it's useless.
View 11 Replies View Relatedwrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?
View 2 Replies View RelatedWhen I ping the router 165.213.100.1, i get the following proper response.
[root@ ~]# ping 165.213.100.1
PING 165.213.100.1 (165.213.100.1) 56(84) bytes of data.
64 bytes from 165.213.100.1: icmp_seq=1 ttl=62 time=0.860 ms
[code]...
This is my first use of Ubuntu, but I have previous decent experience on Centos & Mandriva. I've just installed Natty 11.04 on a box that was running a mandriva 2010 - and the network is acting quite strange. When I define a static IP for eth0 through the gui, along with route & dns, it sort of works: ssh is fine, vnc too. However, I have an asterisk running on the box, and it is wild: some packets get lost in the box.
An ngrep shows the packets reaching the interface, but they dont show in asterisk !!! I've done a ufw disable, iptables is empty (why cant I service iptable restart btw ?). ip route list show decent routes (eth0 default); When I switch to DHCP, it is better, but unstable... If i plug a wifi usb stick, it seems to be better... Is there some known issues that could explain this behaviour ? The nic is a: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf) can some one explain me the problem with theses codes
Code:
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit
tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8
code2:
[Code]...
I am playing around with transparent proxies, The current way I am doing things is the program makes a request to a computer on port 80, I use
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that I am playing with. the proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy) so I want to do something like
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80 The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip? Or am I doing this setup completely wrong,
I am doing a university course and am struggling to find a method of sending 1 message down route A and then the next message to the same destination via route B, alternating between the two with each new message sent.I am going to use a Linux computer with two Ethernet cards connected to two different networks via a routers and then to the destination host via a switch.
View 4 Replies View RelatedOn my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
View 1 Replies View RelatedI have 5 1955 blades in an enclosure for an custom application cluster.All were running Centos 4.4 no problem.We wanted to start upgrading them cleanly to 5.5 so two of them got fresh installs of 5.5.The installs went well enough, no glaring errors.However they can only ping each other! The network settings are fine, no firewall or selinux. I'd run the info script but I can neither download it to them nor paste it in via kvm.Standard static entries, virtually identical to their 4.4 brethren. They ping each other so network drivers are fine, no built in switch configuration changes. It has to be some kind of network configuration issue that i'm just not seeing.
Edit* When i try and ping anything else, including the other blades, I get Destination Host Unreachable.
I have a problem with the Fedora 12 Network Manager - OpenVPN configuration. If I use the same configuration and manually start openvpn (as client) I get connected to the OpenVPN server and I can ping the network that I am accessing. With Network Manager - I get connected but when I try to ping is giving me "Destination host unreachable". The routing table looks similar except that when connecting with network manager is giving me on more route in table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xxx.xxx.xxx 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
Where xxx.xxx.xxx.xxx is the IP of the OpenVPN server. When connecting "manually" I this routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
What I do wrong in Network Manager? If I try to delete the route with xxx.xxx.xxx.xxx is disconnecting the vpn connection.
I am an 'experienced perpetual newbie' using Ubuntu 9.04. I know a little about quite a few things but nothing past intermediate knowledge so:I am trying to set up a simple LAN between 'rhino' (192.168.1.102) and 'polly-laptop' (192.168.1.101). My router address is 192.168.1.1
From polly-laptop:
sudo mount rhino:/home /media/rhinohome
polly-laptop can access rhino:/home fine.
[code]....
