Red Hat / Fedora :: Iptables And Forwarding Stuff Doesn't Work On The Private Network
Mar 27, 2011
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping google.com on the gateway machine, it works, while it doesn't work on the private network. Note: I am using VmWare 7. I need your quick assistance about this issue.
View 2 Replies
ADVERTISEMENT
Mar 27, 2011
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping [URL]... on the gateway machine, it works, while it doesn't work on the private network.
View 7 Replies
View Related
Mar 26, 2010
we have here a few openSUSE-machines (some 11.1 and 11.2) which mounts their /home from a NFS-Server and imports the users via NIS. I now wanted to use X-Forwarding via SSH, but that doesn't work with NIS-Users.On my machine I use Gnome and my XAUTHORITY-Variable points to /var/run/gdm/auth-for-bup_deg-E3TMSz/database
Why isn't the default ~/.Xauthority-File used for my cookies? What do I have to change to get X-Forwarding in my Setup running?
View 1 Replies
View Related
Sep 12, 2009
For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:
Code:
# /etc/network/interfaces
# Loopback interface
auto lo
iface lo inet loopback
[code]....
From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:
Code:
iptables -A INPUT -j QUEUE
And then to forward traffic, I did:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.
View 7 Replies
View Related
Mar 8, 2011
I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:
Code:
# Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011
*nat
:PREROUTING ACCEPT [2443:347058]
[Code]...
Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.
View 1 Replies
View Related
Nov 25, 2010
I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
View 4 Replies
View Related
Sep 9, 2011
I just performed a KDE update from 4.7.0 to 4.7.1 on my OpenSUSE 11.3 64-bit machine and my desktop is in bad shape: the plasma stuff doesn't seem to work at all...and I don't have any panels...the default one on the bottom of the screen is gone also. I tried creating a new user in Yast, but when I log in I get a blank black screen. KDE seems to be pooched!
View 9 Replies
View Related
Feb 15, 2011
I have 2 guest machines on 1 VBox host installed : - one guest with hostname 'debian' is configured as follows and has IP Forwarding enabled to be able to route traffic from eht1 to eth0.
Code:
eth0 Link encap:Ethernet HWaddr 08:00:27:f1:ef:5f
inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fef1:ef5f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
View 2 Replies
View Related
Oct 22, 2009
I used the following 2 rules in iptables to forwarding some packagesiptables -t nat -A PREROUTING -p tcp --dport 8000 -j DNAT --to-destination 192.168.0.244:8000iptables -t nat -A POSTROUTING -p tcp --dport 8000 -j MASQUERADEIt works perfectly before, the kernel was 2.6.18-92.1.22.el5.After we did a update, the kernel now is 2.6.18-128.7.1.el5.and the forwarding is stop.I just wondering where can I get some debug information. I checked /var/log/message, dmesg ... seems nothing there.
View 1 Replies
View Related
Aug 8, 2011
I'm a absolute "server- noob" but I've got some experienced with desktop linux and want to build my own file server to access my stuff over the internet. I'm using dropbox for a while now like a cloud drive by simply mounting the "private" folder (which I encrypted with encfs/BoxCrypt) in order to cross-platform use important files. The problem is that Dropbox only provides 2 GB for free and I don't know how secure my data is up there. Moreover I don't wanna always sync all files locally.
I got an intel atom machine standing around and so I want to build my own file server to provide the same or at least a similar service.
1. Which type of server application provides a "network drive" that computers (several users) from the internet can access?
2. What's the best way to encrypt my data and transmission in order to make the system absolutely unattackable/unreadable from outside?
3. Is there a service that can provide a dropbox-style sync mechanism?
4. Which distro should I use? I'd prefer a non-desktop enviroment solution but never had anything to do with it. Is that possible for an average linux user?
I'm aware that this solution won't be very fast because of the limited upload of a standard internet connection but that would be ok! It's more that I want to have the possibiltiy to access all my data as a thin-client anywhere, anytime on any machine and still be on the safe side. I know that this is some kind of contradiction but what would be the best compromise? I know some questions may sound stupid but I really never had anything to do with servers at all in the past...
View 3 Replies
View Related
Jan 20, 2010
I have x11 forwarding enabled in /etc/ssh/sshd_config on a suse 11.2 32 bit box running kde I can open x apps on a windows machine using xming and putty just fine, but when I boot the same machine into suse 11.2 64 bit using kde and try using konsole I get: cannot connect to x server
The command I'm using to log in is: ssh -X -l username host I doubt the problem is with the server I'm logging into or it wouldn't work in windows, not really sure what to look for as I've never had a problem using x11 forwarding from a linux client before only windows ones
View 7 Replies
View Related
May 31, 2011
my problem is following: I'm running a bridged OpenVPN on my Debian. If the service is running, everything works fine: local and Internet, ftp, mailing from in and outside etc. But, when stopping OpenVPN, sending mails from inside (LAN) fails: I cannot reach smtp (postfix) listening on port 465. And even reaching mailboxes using IMAP gets horribly slow eg. in Thunderbird. Here is my firewall.sh script.
Quote:
#!/bin/sh
echo "
IPTABLES FIREWALL inicializalasa - szures"
# Enter the designation for the Internal Interface's
INTIF="eth0"
[Code].....
View 9 Replies
View Related
Jan 12, 2011
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
[Code]...
View 6 Replies
View Related
Jan 2, 2011
I'm new to Fedora and have a problem with the network manager. Everytime I start Fedora, it does not automatically connect to the default WIFI Browsed Google and just found [URL]..
View 1 Replies
View Related
Dec 13, 2010
I have 2 Linux boxes one acting as a router with a direct connection to the internet, second as a server using the first box as a gateway to the internet. I need to forward requests that I get from the outside to port 8400 to my internal server box at 192.168.0.7:8400
Router IP 192.168.0.5
Server IP 192.168.0.7
iptables -t nat -A PREROUTING -p tcp -d [internet ip] --dport 8400 -j DNAT
[code]...
These rules are on the router (192.168.0.5) I've been trying to find a solution for hours with no success. Basically the problem is I can forward ports on the same box but not to a different ip.
View 1 Replies
View Related
Feb 24, 2010
Currently my OS is Ubuntu 9.04 Jaunty Jackalope Desktop OS and my web server is Apache2. I have a public address 60.x.y.z and my pc local address is 10.x.y.z. I have a web app in my Apache2 which currently run in localhost(10.x.y.z).
I would like to enable the web app so that it could be browse from outside. I know there maybe some port forwarding process and some commands involved in order to do that. But I have no idea on the steps to do that.
View 5 Replies
View Related
Aug 23, 2009
I wireless network card is Broadcom Corporation BCM431, but is doesn't work after I update kernel from
2.6.29.6-217.2.7 to 2.6.29.6-217.2.8.
Linux localhost.localdomain 2.6.29.6-217.2.7.fc11.x86_64 #1 SMP Fri Aug 14 20:53:08 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies
View Related
Nov 22, 2009
I have a pppoe adsl connection. When I disconnect and try to reconnect, network-manager keeps asking for my password. I type it again and again with no success. When I reboot, it works again. On ubuntu, I use pppoeconf and it works well. So on Fedora I made a connection with pppoe-setup but neither ifup nor
Code:
pppoe-connect
commands work. When I type
Code:
pppoe-connect
, it says
Code:
/usr/sbin/adsl-start: line 217: 13409 Terminated $CONNECT
"$@" > /dev/null 2>&1
. When I type
Ifup ppp0 doesn't work either. However, with exactly the same settings, ubuntu connects to the internet.
View 2 Replies
View Related
Aug 14, 2010
I have a CentOS box which is Internet Facing. It has 3 LAN's connected to it which are for virtual machines.
I want to port forward port 445 to a machine on one of the LAN interfaces. I have tried various ways to get it done, but still cannot access that port from the interface. I definately know device hosting port 445 is live, as I can ping it from the CentOS box and use lynx to access it! (It's a web server)
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j DNAT --to-destination 192.168.0.2:445
View 6 Replies
View Related
Jun 7, 2010
I've been Googling about port forwarding iptables and even though there's result and I've applied it in my script, I can't make iptables forwading request to another machine so I decided to ask help.
eth0 is my Internet Interface (1.2.3.4 is the public ip)
eth1 is my Lan Interface
eth2 is my DMZ Interface
[code]....
View 14 Replies
View Related
May 4, 2011
I have 2 Ubuntu boxes sitting in the same subnet; server 1 [130.15.6.68] and server 2 [130.15.6.69] What I am trying to achieve here is the following: server 1 act as a gateway or proxy to server 2, meaning that server 1 is exposed to the Internet and all traffic to server 2 should go though it (i hope!).
server 2 act as application server and I don't want a direct access to it from the internet. I want all the inbound traffic comes through server 1. for testing purposes, i will limit the traffic to simple http or port 80
in server 1, i have done the following settings: iptables -t nat -A PREROUTING -p tcp -i eth0 -d 130.15.6.68 --dport 80 -j DNAT --to 130.15.6.69:80 iptables -A FORWARD -p tcp -i eth0 -d 130.15.6.69 --dport 80 -j ACCEPT In server 1, I've edited the value of net.ipv4.ip_forward to equal 1 (uncomment that line in /etc/sysctl.conf) Currently, both server 1 and server 2 has its own apache2 servers with different index.html files. the problem is, when i browse to server 1, I am still seeing its index page rather than being forwarded to the index page of server 2. how can i achieve the traffic forwarding from server 1 to server 2 when my browser pointing to server 1?
View 3 Replies
View Related
May 6, 2011
I have a server running debian squeeze and kvm to virtualize a Windoze box. It's setup to use NAT. This is because of limits on the network by the admin and unfortunately, there isn't a way to get around this.
View 1 Replies
View Related
Dec 23, 2010
I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also. However, the only port that gets successfully forwarded is port 22. The other two appear closed. here is what the script looks like:
Code:
#!/bin/sh
#
[code]...
View 2 Replies
View Related
Jun 16, 2011
how to set an external static IP address to forward to an internal static IP address. Here is an example:
Linux box (slackware) IP address =
eth0: 10.xxx.xxx.xxx (internal)
eth1: xxx.xxx.xxx.170
eth1.0: xxx.xxx.xxx.171
eth1.1: xxx.xxx.xxx.172
DVR system that I need to forward to: IP address =
xxx.xxx.xxx.251
xxx.xxx.xxx.252
This was all setup by someone else whom I have never spoken with. The IP tables seems to be set up but I cannot provide a screen shot at this time. What I need to do is this. When a user connects to the external static IP address of xxx.xxx.xxx.171 with their DVR software, IP tables will forward to the DVR system at xxx.xxx.xxx.251. The ports desired are 554,555,556, and 557. I know some about Linux but not about IPtables.
View 1 Replies
View Related
Mar 22, 2009
I have a question regarding port forwarding. I have a fedora server, with two eth cards: eth0 ---> external IP, eth1 ----> LAN IP I use SNAT for connection sharing. I also have an internet domain hosted on this server... let's call it [URL] Anyway, one of our computers in the LAN has some kind of web server on it, which must be accessed from the internet on the port 23700.
So, using iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 23700 -j DNAT --to 192.168.1.25 (the IP of the network computer) Everything works perfectly fine from outside the lan. When I type [URL], I connect to that computer. My problem is that inside the lan, typing [URL] does not work! It only works if I enter it by IP 192.168.1.25:23700 Is there any way to make the server forward my request to that specific computer even if I'm inside the LAN?
View 3 Replies
View Related
Jun 7, 2011
I installed Fedora 15 to my server. I preffer to work over SSH and I enable X forwarding. My configurational file:
/etc/ssh/sshd_config:
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
From my laptop I run next commands
ssh -X user@xx.xx.xx.xx
startx
and the session start on server, no redirect occur. Next output I saw in terminal
[Code]....
View 4 Replies
View Related
Nov 10, 2010
I've been trying to forward some ports using iptables for some time now, but still haven't figured out how to get it to work..What i'm trying to accomplish is to forward all traffic from port 80 to port 8080, and all traffic from port 443 to port 8443, this because i would like to run tomcat as a non-root user, and the original ports can only be used as root.. I've currently setup my iptables like this:
# Generated by iptables-save v1.4.2 on Wed Nov 10 16:44:45 2010
*nat
:PREROUTING ACCEPT [39350:6120333]
[code].....
View 2 Replies
View Related
Jan 28, 2011
I've used iptables since it replace ipchains, and I've never had a problem like this.The problem is, as you can see by the title, that port forwarding simply does not work.
network topology:
Slackware Linux Server:
eth0 - LAN (192.168.0.0/25)
eth1 - DSL Static IP
eth2 - cable Static IP
eth1 is our standard office connection; it handles all of our default traffic (web browsing for the staff, email, etc). eth2 is our VPN connection, as well as use for all incoming connections (www, etc). Behind the linux box I have a series of Windows Server 2008 R2 boxes that are used to run our office software, website, etc - I don't care how nice they make their products these days, I simply don't trust any MS box open to the net.
Therefore, this leaves me with having to port forward port 80 from eth2 to the internal IP address of the web server.
My ruleset is as follows:
$WWW - ip address of the web server
iptables -A FORWARD -d $WWW -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to $WWW
Running ip route shows that I have routing entries for all 3 networks, and I can ping, ssh, etc to any of the addresses without issue. OpenVPN connects across eth2 as well, and all 15 of my VPN tunnels work fine. However - and here's the kicker - if I delete the default route and replace it with the route for eth2, port forwarding works fine.
If we accept that my networks are as follows:
192.168.0.0/25 - eth0 net, gw .1
1.1.1.0/29 - eth1 net, gw .1, eth1 ip .2
2.2.2.0/30 - eth2 net, gw .1, eth2 ip .2
then ip route reveals the following:
2.2.2.0 via 2.2.2.1 dev eth2
2.2.2.0 dev eth2 scope link src 2.2.2.2
1.1.1.0 dev eth1 scope link src 1.1.1.2
[code]....
View 7 Replies
View Related
Aug 3, 2010
I have a linux server I'm intending to use as a firewall. The server has the following adapters
eth0 - Public IP (VLAN2)
eth0:1 - Public IP2 (VLAN2)
eth1 - 10.241.4.4 (VLAN4)
the Default gateway is my ISPs gateway. Additionally, I have the following route set: route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.241.4.1
I have a server that exists on VLAN 208 at IP 10.241.209.67/21., its GW is 10.241.208.1 (first IP in /21 range)
as it is on the 10.0.0.0/8 network, traffic from the firewall is successfully routed from that server through my router to the FW and out to the Internet. The FW can ping, ssh, etc... the server and vice versa.
I want an iptables rule that will allow me to forward port 4401 on eth0:1 to 10.241.209.67:4401.
Is this possible since the IP is not on the same subnet as eth1, even though it is accessible?
I'm a bit better than a neophyte linux user. I have not made port forwards with it in the past without scripts to assist so I'm looking for not just "it is possible", but also the syntax of how to add it.
View 2 Replies
View Related
Mar 26, 2010
I have the following setup and Im trying to forward all incoming connection on port 1194 on eth2 which is the external network to ip 192.168.10.100, but seems its not working.
Current config:
# Generated by iptables-save v1.3.8 on Sun Nov 16 00:00:54 2008
*nat
:PREROUTING ACCEPT [26751696:2175544875]
:POSTROUTING ACCEPT [339911:19096812]
[code]....
plus im adding the prerouting:
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 1194 -j DNAT --to-destination 192.168.10.100
This configuration doesnt work. I also I have tried:
iptables -D PREROUTING -t nat -p tcp -d XX.XX.XX.XX --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.10.100:1194
and the same its not working. Connecting thru telnet to the domain: telnet mydomain.org 1194 doesnt work, but within the server, running telnet 192.168.10.100 1194 it works.
View 8 Replies
View Related