Ubuntu Security :: Redirect All IP Tables Rule To Forward UDP Traffic?
May 16, 2011How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies
ADVERTISEMENT
Ubuntu Security :: Iptables To Redirect Traffic Back To Its Source
May 3, 2011I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies View RelatedCentOS 5 Networking :: Configure Firewall - Allow And Forward All Traffic On Eth0 And Block All Traffic On Eth1 Except Ssh Ping
Sep 29, 2010I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies View RelatedGeneral :: IP Tables Won't Save The Rule?
Jan 9, 2011I'm using ArchLinux and I have an IP tables rule that I know works (from my other server), and it's in /etc/iptables/iptables.rules, it's the only rule set in that directory. I run, /etc/rc.d/iptables save, then /etc/rc.d/iptables/restart, but when I do "iptables --list", I get ACCEPTs on INPUT,FORWARD & OUTPUT.
# Generated by iptables-save v1.4.8 on Sat Jan 8 18:42:50 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
[Code]....
Ubuntu Security :: Set A Rule In Iptables, Does That Rule Also Apply To Ipv6, Or Just Ipv4?
Jul 16, 2010Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
Networking :: Using Ip Tables And Rules, Will Be Able To Make All Three Of These Able To Handle Traffic?
Mar 22, 2011I have a machine with 3 internet facing nics, all of which have static IP's. The IP's are all in the same subnet, and use the same default gateway.Using ip tables and rules, will I be able to make all three of these able to handle traffic?I have the following configured, but it doesn't appear to work:
# ip rule
0:from all lookup local
500:from 72.43.220.146/29 lookup 1
[code].....
Server :: Redirect Rule On Apache - Not Working
Jul 16, 2009I'm trying to make a redirect rule on my .htaccess but it's not working as planned.
Quote:
The first rule works fine, but on the second rule i do have a problem.
When I type http://domain.com/?tempskin=_rss2 the redirect does not work, but if I change the ? to any other character or even group of characters, the redirect works fine. example:
[url] will be redirected to [url]
But i do need to redirect the ?tempskin=_rss2. I already tried some variations on the redirect rule without any success.
Ubuntu Servers :: Forward All Web Traffic From One To Another?
Jun 2, 2011My kind isp had set up a authoratitive dns server that can't be cancelled that points to the wrong ip address. Hence I need to take all the traffic going into server A at the ip address aa.aa.aa.aa and send it all onto server B at ip address bb.bb.bb.bb. After much head scratching, I managed to achieve it as follows:- On the server at ip address A, set up following :-
iptables -t nat -A PREROUTING -d aa.aa.aa.aa -j DNAT --to bb.bb.bb.bb
iptables -t nat -A POSTROUTING -d bb.bb.bb.bb -j MASQUERADE
General :: Forward All Traffic From One IP To Another IP On OS X
Apr 9, 2010I have two IP address on my iMac I want to "bridge". I'm not sure what the proper terminology is... here's the situation.
My iMac has a firewire connection to my laptop and an ethernet connection to the rest of my office. My laptop has an ip of 192.168.100.2 (on the firewire interface). My iMac has an IP of 192.168.100.1 on the firewire interface, and two IPs, 10.1.0.6 and 10.1.0.7, on it's ethernet interface.
If I wanted to forward all traffic coming in from 192.168.100.2 on my OS X machine to go out on IP 10.1.0.7, and vice-versa, can this be done? I assume I would use the ipfw command.
Essentially I want to "bridge" the firewire network to the ethernet network so my laptop can see all the machines on the 10.1 network, and all those machines can see my laptop at 10.1.0.7. Is this possible?
Ubuntu Networking :: Routing - Forward All Traffic To An Ip To Another Ip
Jul 25, 2010I need to be able to do the following: Physical Router located at 192.168.40.1
On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
Debian Configuration :: Routing - Forward All Traffic To An Ip To Another Ip?
Jul 25, 2010I need to be able to do the following: Physical Router located at 192.168.40.1 On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
General :: Forward Traffic From Internal NIC To External?
Jul 29, 2009I have a (virtual) server with 3 NIC's: 1 external (inet), 1 local and 1 DMZ. This server is my gateway.
I would like my internal network, where every server has a static 192.168.0.x IP, to access the internet via the gateway.
That means the traffic has to pass from the 'local' NIC to the 'external' NIC, connected to the internet.
Which setting do I change to accomplish this ?
Please check the sceenshot (attachment) for my current setup
Networking :: Ip / Port - Redirect All Traffic
Feb 2, 2010I have "Server A" with real internet ip 1.2.3.4 (eth0) and lan ip 192.168.1.1 (eth1) There's also "Server B" with lan ip 192.168.1.2 (eth0), I'm running an Apache Web server on "Server B", so I want to redirect all traffic from IP 1.2.3.4 port 80 (Server A) to 192.168.1.2 port 80 (Server B), using the following rule:
[Code]....
iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to 192.168.1.2:80 This actually works pretty good, from internet I can browse ttp://1.2.3.4 But the problem is that if I check the Apache logs, all incoming connections seems to come from 192.168.1.1 instead of showing the real source ip addresses (internet ip's) so this is screwing up all my web stats, I've been looking for hours and hours on how to make a transparent redirect, but can't find any info, I know there must be a way because my old WRT54G router which uses iptables could do it.
Server :: Redirect All Traffic To A Dynamic IP?
Oct 7, 2010I was wondering what the best way of redirecting all traffic, not just http traffic, from my hosted web server on hostmonster (with a domain name) to my home server.... I wondered if it would be possible to do it with a simple script running on the hosted web server?? Also is there a way of getting round having all the ports open on the hosted web server that I want to use on my home server??
View 2 Replies View RelatedUbuntu Servers :: Forward Traffic From A Domain To Another Server Behind A Firewall
Jan 29, 2010I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
Server :: Redirect / Forward Mail To Another User From Specific Address?
Jun 30, 2009I wish to intercept/forward emails that is sent to one user on multi user mail server.I only want email from one specific address or group,to be redirected and it will be redirected to another user on same server.The email should not arrive in original users inbox.".forward" file can not give me such solution,because ".forward" file will forward all mails to another specific mail id,which i don't want. I want only specific users mails onto another local user.Is this possible in sendmail?Anybody have clear idea of "virtusetable" & "aliases" file?
View 1 Replies View RelatedUbuntu Networking :: Redirect Traffic To Free Vpn PacketiX?
Feb 17, 2010I was trying to find some free VPN service for access restricted pages. I found some working programs for win XP, but nothing works under Linux (TOR was too slow and now it is blocked). I was using program PacketiX under win, and it has also Linux version without GUI, but i was not able to make it work, because I dont know, how can I make firefox to connect through the VPN service.
I downloaded the client here [URL]
I was able to make it work with this guide [URL]
But i dont know, how to adjust routing table so I can connect to the internet through the VPN service.
ifconfig
Code:
ath0 Link encap:Ethernet HWaddr 00:05:4e:4d:c5:5f
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:576 Metric:1
[Code].....
Networking :: Using Route Tool To Forward Traffic Between Two Nics?
May 10, 2011I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two nics in it. I am trying to use the linux route command to set up a route between the two interfaces. I am finding it difficult to do. Let me explain how I am trying to set up my network: I have the ethernet cable from my modem connecting to eth0 of my Debian box, then I have eth1 connecting to a switch, which I connect all my computers and other devices to. I want to have two different ip address schemes for the devices. So here is my interfaces file:
Code:
#eth0 connects to modem
allow-hotplug eth0
iface eth0 inet static
[code]....
So I am wondering, to get my ethernet traffic from eth0 to eth1 and vice versa, do I need to make it so the Gateway for Destination 192.168.1.0 is 10.1.1.1, and for Destination 10.0.0.0, Gateway 192.168.1.0? I have looked at the linux manpage for route and I am still confused. I have also looked at the Debian networking page, but it is still unclear to me how to do this. how I am to use the route command to get this working? Or am I not even supposed to use the route command?
Software :: Control Traffic Forward To Squid Server?
May 5, 2010The network in my company use Squid Proxy serveto browse internet.Browser is IE or Firefox, and OS is Windows XP.The company need to use a new software for work, but the software don't have function that can configure Proxy server to connect to Server outside.I don't want to NAT port on router because I cannot control the traffic.Is there any software same as Proxy Client ... installed on Windows XP?My idea is that the software same as ISA server - ISA client
View 1 Replies View RelatedUbuntu Installation :: Redirect Internet Network Traffic Through Server?
Sep 30, 2010I tried to setup a home server that will redirect the internet traffic through the server before it reach the client. Because i don't want to install anti virus on every machine, it will slow them down a lot. There are some anti virus for ubuntu. Most of my home machines are running windows, which is a pain with virus.
p/s: I'm running 1 ubuntu server 10.04 and the rest are windows 7 machines.
Ubuntu Networking :: Redirect Network Traffic To A New IP Address Using IPtables?
Jun 19, 2011how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
View 2 Replies View RelatedSoftware :: Using Squid/Iptables To Redirect Inbound Web Traffic To Url/IP
Jan 13, 2010We host a web server in which we are hoping to implement some form of traffic redirection based on source IP address, and I am wondering whether the squid proxy built on iptables would be capable of managing this task? Essentially we are trying to redirect traffic from specific set of source IP ranges to a "Your IP has been restricted" type of page at a different IP/FQDN.
View 2 Replies View RelatedCentOS 5 Networking :: Redirect All The Traffic To An Ethernet Interface
Sep 12, 2011Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment
VoIP Provider_____Gateway_____________My server
ADSL Provider____(non pingable)
x.x.x.2 <====> A.A.A.1 <======> A.A.A.3
[code]....
Ubuntu Networking :: Redirect All Http/https/ftp Traffic Through The Remote Proxy?
Apr 6, 2011I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
View 3 Replies View RelatedGeneral :: Redirect Incoming Traffic To An Other Port (ubuntu Openvpn Server)?
Dec 5, 2010I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
Security :: Mod_security And PCI-DSS Compliance With Breach Security's Enhanced Rule Set
Jul 19, 2010Currently I'm looking into implementing mod_security on all our apache servers. The installation on CentOS 5.5 comes directly with the "Core Rule Set" by the mod_security devs (curiously Debian and Ubuntu do not carry these) They also offer the Enhanced Rule Set for mod_security in a commercial package [URL] The main point there in their info link is the first point
Quote:
Tracking Credit Card Usage as required by the Payment Card Industry Data Security Standard However acc. to this wiki article ( http://en.wikipedia.org/wiki/Payment...urity_Standard ) that specific requirement isn't stated anywhere, as well as my colleague who's working on the PCI-DSS compliance for our code/servers/etc. mentioned that he hasn't heard of this specific requirement either. So my question would be if anyone has any experience with their ERS package and if it's needed for the PCI-DSS compliance compared to the requirements given in bullet points @ wiki article.
Networking :: Easiest Way To Redirect External Traffic To VMWare Web Host On Same Machine?
Jul 14, 2009Have done a bit of Googling around this but got totally swamped so will try here. Basically we are running a CentOS server which hosts a number of virtual hosts under Apache. Recently I needed to set up a development environment for another site using Ubuntu and have this running and accessible on the LAN from a VMWare image. I'm using bridged networking so the VMWare machine has its own IP on the LAN subnet.
I've set up a DNS to point to the external IP of the physical host but can't figure out how to route traffic requested on this domain to the VMWare host. I've basically tried two approaches (configuring a proxy web server and reverse proxy in an httpd.conf file and mucking around with iptables forwarding rules but without success.
Ideally I'd like somesite.somewhere.com to point to the VMWare IP but I could live with a custom port on the end if thats whats required.
To throw further complication into the mix I need reliable communication between the VMWare machine and external mail relay servers in order to debug any issues with mail bouncebacks, embargos etc.
Any idea what's the easiest way to accomplish this?
Security :: Preventing IP Spoofing Using Ip Tables?
May 15, 2010I have a problem as following: "using iptables to prevent IP spoofing".
View 4 Replies View RelatedUbuntu Security :: Can To Write Block All But NOT Rule For UFW?
Jul 23, 2011For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?
View 3 Replies View RelatedUbuntu Security :: How To Create An Iptable Rule
Sep 1, 2011I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.
Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:
Quote:
FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1
Obviously, That was just a guess, I need someone that knows iptables to help me.
Code:
Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....