CentOS 5 Networking :: Error When Redirect Through Iptables?

Mar 30, 2010

I'm trying to redirect the requests from port 80 to ports 8080 and 8081 through iptables because I've got two services which need accept requests from the same port(80):

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080-8081

The problem is that the second port (8081) never gets a request, just the first one.

View 1 Replies


ADVERTISEMENT

Networking :: Iptables Redirect Before Filter?

Apr 9, 2010

I'd like to set up an iptables configuration as follows:- Allow all traffic by default- For one user account (anonymous), block all traffic except:- All traffic on lo- All DNS requests, which should be redirected to 127.0.0.1Here's what I tried:

# Redirect
iptables -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53

[code]....

View 3 Replies View Related

Networking :: Iptables Redirect On RHEL 6 ?

Jul 18, 2011

I have a virtual environment, RHEL6 minimal install. On that, I am trying to run Liferay6 on Tomcat6 for the purpose of writing prototype business portals. I used the Liferay+Tomcat bundle downloaded from the Liferay website.

For security reasons, the server can only be accessed through port 80, and Tomcat listens on 8080. (I know I can run it so that it listens on another port, but I'd like it on 8080)

Goal:

Use iptables to forward traffic destined for 80 to port 8080.

What I Did:

Configure nat to forward tcp packets from 80 to 8080:

Code:

List the nat iptable:

Code:

wget to 80 doesn't work:

Code:

What I Already Checked:

Tomcat did start normally. Logs show no errors, and specify that Coyote HTTP/1.1 is initialized on http-8080. I can provide this log if need be.

Tomcat is listening on port 8080:

Code:

Code:

I get the same negative result on the VM on the server as I get on a RHEL6 VM on my laptop.

The iptables method that I described above does in fact work with Liferay6 on Tomcat6 on Ubuntu 10.10.

I have looked at this thread. I appear to have tried everything that was mentioned there.

Actual Question: I would like to know how to effectively forward 80 to 8080 on RHEL6, so that I can access Liferay on Tomcat (listening on 8080) at 80.

View 4 Replies View Related

Ubuntu Networking :: Redirect Network Traffic To A New IP Address Using IPtables?

Jun 19, 2011

how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.

View 2 Replies View Related

CentOS 5 Server :: VsFTP Iptables Wont Start Get Error - CentOS 5.5

May 11, 2011

i am currently trying to install vsFTP onto my new linux server and btw i just started using linux today this is my first time using linux so i got the ftp installed good it got downloaded and everything then i went to open a port for my server for vsFTP i used this comand to open it "-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT" then i closed it by pressing ESC then :wq! and it brought me back to my comand line again so now when i try to start the ip table thing with the comand "service iptables start" then when i execute that comand putty respondes with this "Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]"

The install Guide im using: [URL]

View 5 Replies View Related

CentOS 5 Networking :: Redirect All The Traffic To An Ethernet Interface

Sep 12, 2011

Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment

VoIP Provider_____Gateway_____________My server
ADSL Provider____(non pingable)
x.x.x.2 <====> A.A.A.1 <======> A.A.A.3

[code]....

View 2 Replies View Related

Software :: Using Squid/Iptables To Redirect Inbound Web Traffic To Url/IP

Jan 13, 2010

We host a web server in which we are hoping to implement some form of traffic redirection based on source IP address, and I am wondering whether the squid proxy built on iptables would be capable of managing this task? Essentially we are trying to redirect traffic from specific set of source IP ranges to a "Your IP has been restricted" type of page at a different IP/FQDN.

View 2 Replies View Related

CentOS 5 Networking :: Proxy - Error "can't Initialize Iptables Table `nat': Table Does Not Exist"

Aug 19, 2011

We purchased a virtual server from GoDaddy (1 month trial) to set up as a proxy for our networks (24 of them). I am having 2 separate issues. The first is I can't configure/install NAT and support is telling me the only way I can is to purchase a dedicated server. Here's the error:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Here's the fix: [URL] So, what I am hoping to do is configure this by just opening port 3128 directly, and only allowing access from our networks. As a test I did this and allowed only from our office and it did not work. However I can't connect, so I am wondering what I am doing wrong? Here's my squid configuration:

[Code]....

View 4 Replies View Related

Ubuntu Security :: Iptables To Redirect Traffic Back To Its Source

May 3, 2011

I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.

View 7 Replies View Related

CentOS 5 Networking :: Iptables U32 Does Not Work

Apr 7, 2010

When I try something like, I get:

iptables -A FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
iptables: No chain/target/match by that name.

So I re-compiled the kernel enabling WAN Router, and all the subsections. Downloaded latest iptables, removed the RPM one, installed the iptables from source.. Guess what, same error!

PS: iptables -m u32 -h works, it displays a page of info.

View 1 Replies View Related

CentOS 5 Networking :: Iptables Empty After Reboot?

Aug 5, 2009

I have a strange problem with IpTables.after a server reboot, the complete rule-list of iptables is empty. After a manually start, all my old rules are there again.I checked chkconfig if autostart of iptables is enabled:chkconfig --list iptablesiptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off

View 2 Replies View Related

CentOS 5 Networking :: Firewall Insanity Iptables And Apf Don't Seem To Like Each Other?

Aug 13, 2009

I'm at my wits end at this point.

CentOS 5
iptables 1.4.1.1
APF 9.7
Webmin 1.4.80 (yes i can be a gui noob at times)

I'm currently running a dedicated server that hosts a couple of sites and runs a game server or two. I was using iptables on its own for a while, but recently I'm a target of all sorts of attacks (typically aimed directly at the gameserver on port 7777. UDP flood attacks, etc). I'm also seeing an spike in foreign spam, SSH brutes, and a few people in Turkey thought it would be cute to download files over and over and over I have decided to start banning entire countries, using the subnets listed here [URL]... I'm trying to block Central and South america (189,190,200,201.x.x.x), China, Ukraine, Turkey, Iran, Spain and Italy. I do this because a majority of the traffic from those areas are usually up to no good.

I installed APF so I could easily add these ranges in deny_hosts.rules and be done with it. I added the ranges, which turned out to be too many, and the system tanked. I decreased the amount of ranges to just 4:

189.0.0.0/8
190.0.0.0/8
200.0.0.0/8
201.0.0.0/8

Restarted APF and it loaded fine. Do an apf --list and iptables --list and it shows those 4 ranges as blocked. The only issue...I have people from 190.x and 200.x connecting to the gameserver and PLAYING. Its as if the firewall isnt there. Also, adding those ranges to /etc/hosts.deny (or whatever) doesn't block them either.

I add one of my own ips and I get blocked instantly. WTF?? I look in the iptables for webmin, and it shows an empty firewall. I do iptables --list and it shows the ranges I added in APF. I'm looking at building (or whatever its called) an fresh iptables with the geoip module added in. [URL]...

I've never done anything like this, and I don't want to kill the box. I also don't want to spend the effort if 1) something is wrong with my system to begin with and 2) the geoip module doesn't work. geoip module aside....how exactly should i configure the firewall? Empty iptables completely and then rely on APF for everything? Oh and heres another tidbit: I tried this before 2 years ago and it used to be that anything I put in APF would show when i looked at iptables using the webmin module. Thats no longer the case now. That was also on CentOS 4 when it did that. I don't know if moving to 5 is whats preventing it now.

In a nutshell, I'm new at this and I'm being inundated with terrible people trying to do terrible things and I'm ready to just give up. Can someone just give me a quick rundown on:

1) how to test that my firewall is actually firewalling

2) how I should configure the/a firewall on this CentOS5. Not too specific, I just want to know if I should empty iptables then load apf, should i not bother with APF (i like it when it works), is there a specific order of doing things?

View 8 Replies View Related

CentOS 5 Networking :: Iptables Not Loading Some Modules?

Jan 23, 2010

The problem I am having is that iptables won't load the required modules for my firewall rules.

iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

[code]....

View 1 Replies View Related

CentOS 5 Networking :: Iptables For Transparent Proxy?

Mar 11, 2010

I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)

eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1

I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21

[Code]...

View 1 Replies View Related

CentOS 5 Networking :: Adding Iptables -F To Boot?

Sep 5, 2010

How I add this " iptables -F " to my Servers boot I already asked this from my Provider, but it seams he forget each time I ask.

View 3 Replies View Related

CentOS 5 Networking :: Large Iptables Rule Set?

Jan 10, 2011

Loaded up Centos 5.5 final. Configured iptables to block regions of the world based on networks. An example would be:

-A INPUT -s 139.82.0.0/16 -j DROP

My /etc/sysconfig/iptables file contains about 10k entries like this. If I use this, the machine lags hardcore network wise.

View 3 Replies View Related

CentOS 5 Networking :: Iptables DOS Temporarily Block IP?

May 5, 2011

I have the requirement that if our website receives 20 or more requests within 60 seconds, to block the offending IP address for 5 minutes, then allow them access again. My only certain mechanism to do this is iptables. I wrote the following series of commands:

iptables -N RATE_CHECK
iptables -N DOSAttack
iptables -N RemoveBlock

[code]...

I am limited in my testing, but the little I have been able to test seems to be having no effect. will the above commands have the desired effect.

View 4 Replies View Related

CentOS 5 :: Custom Iptables: Remove The Existing Iptables First?

Apr 28, 2009

To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?

View 4 Replies View Related

Fedora :: IPtables Creates An Error During Startup - Applying Firewall Rules: Iptables-restore: Line 21 Failed

Jul 17, 2010

IPtables creates an error during startup as well as when I try to restart it: Here's the output of:

[Code]....

View 11 Replies View Related

CentOS 5 Networking :: IPTables Service Failed To Start

May 9, 2009

I have CentOS 5.2 just installed and massively updated with yum -update command. Than I tried to configure firewall. After changes via system_config_securitylevel_tui (open ssh, http, ftp, and 3306:TCP ports) iptables service can't start with message

> /sbin/service iptables start
Flushing firewall rules: [OK]
Setting chains to policy ACCEPT: mangle filter nat [OK]
Unloading iptables modules: [OK]
Applying iptables firewall rules: iptables-restore v1.3.5: Couldn't load match `TCP':/lib64/iptables/libipt_TCP.so: cannot open shared object file: No such file or directory
Error occurred at line: 18
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]

I erased the iptables service and installed it again with yum. How can I make this service work?

View 7 Replies View Related

CentOS 5 Networking :: View The Packets Saved By Iptables?

Jun 26, 2009

if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?

View 4 Replies View Related

CentOS 5 Networking :: IPtables Module Load Fail

Apr 10, 2010

I'm encountering a known problem with IPtables. I set up rules and apply them, restarting firewall, then I get this message:

Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw nat mangle filter [ OK ]
Applying iptables firewall rules: [ OK ]
Loading iptables additional modules: ip_conntrack_ftp ip_conntrack_netbios_ns [FAILED]

View 4 Replies View Related

CentOS 5 Networking :: IPTABLES - Should This Rule Take Care Of Port 5090?

Jun 6, 2010

I am new to iptables. The setup tool on a VPS doesn't work. So, I am learning to insert rules. I have inserted so many and some of them show as duplicates now.

1- I want to know how to remove the duplicates. Is there a file that these rules are store in so I can go in and easily edit it?

2- Is there any other utility that handles firewall in Linux that I am unaware of? or is the iptables the ultimate door guard? This is a plain install of CentOS.

3- Since I believe I opened port 5090 but I think it still might be blocked, could SELINUX be the problem? How can I get my way around setting it to permissive or disable if I don't have access to "setup" command?

4- What is the order of iptables reading? does rule #1 supersede all other rules? or does the last rule supersede all rules prior to it?

5- Do the rules below make a fairly safe system? (except for the duplicates which should be remove) I understand that a safe system is dependent also on the applications that are allowed in this category and I am not talking about those. I am talking about dropping all other inquiries and in general is this how iptables are setup? This is what I currently have:

[root@tel ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination

[Code]...

View 2 Replies View Related

Networking :: Error While Blocking This Websites Bittorrent & Edonkey Using Iptables

Nov 30, 2010

When i was try to execute this command in my router device it will show error...

First execution:-

Second Execution:-

So I Need to block this kind of websites ...kindly tell me what i have to rectify & change..here i didnt execute this command...

View 1 Replies View Related

CentOS 5 Networking :: Configure - Set Iptables On Server 1 - To Acces Webserver From Other City

Jan 13, 2010

I am using centos 5.3 , and also using webserver in local network

Here is all configuration

1, server

eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1

2, webserver

eth0 10.0.0.2

I want set iptables on server 1 , to acces webserver from other city ,

How to configure iptables

View 2 Replies View Related

CentOS 5 Networking :: Iptables Not Opening Port To Connect Via Vnc To A Server Running 5.5?

Apr 27, 2011

I'm trying to open up some ports to connect via vnc to a server running Centos 5.5. I've edited /etc/sysconfig/iptables everything *looks* fine, but I still can't seem to get access to the port I've opened (I added some newlines for clarity between commands):

[Code]....

View 4 Replies View Related

Software :: Squid 3.0 Access List / Remove Redirect Statement From Iptables All Internet Access Is Blocked?

Jun 11, 2010

I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.

On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.

I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.

The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.

These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid

View 2 Replies View Related

Fedora :: Firefox Redirect Error 404 Not Found

Jun 14, 2010

I have been using F12 for quite some time now...and its working really great...although am still having some problems...but am sure will get used to it. I have a simple wifi setup at my place, with the dsl modem connected directly to the wifi router. For the past couple of days, whenever i try to access some websites it takes me to [URL] web page. with the following error. Theres no website hosted at this address

[Code]....

Couple more thing that i have noticed is

1. when i clear all my history cache cookies etc.....it starts to work fine....for some time.

2. If i type an address like...www.google or www.facebook it shows the same [URL] page with no website hosted error...instead of the default firefox error page.

3. The search toolbar in firefox also doesnt works properly when ever this thing happens......any search will give a 404 error 404 Not Found The requested URL /search?q=test&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a does not exist.

View 3 Replies View Related

Server :: Error - Iptables: Unknown Error 18446744073709551615

Feb 9, 2010

When i try to add value 150 on portflood section of csf,i get following error:

iptables: Unknown error 18446744073709551615 PORTFLOOD tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 state NEW recent: UPDATE seconds: 5 hit_count: 150 name: 80 side: source

Error: iptables command [/sbin/iptables -v -A INPUT -i ! lo -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 5 --hitcount 150 --name 80 -j PORTFLOOD] failed, at line 996

how is limitation with ip_recent where highest value for hit_count is 20,and how i need to modify and recompile ip_recent.But i was not able find anything about either modify or recompiling that module.I have cent os 5.4 64 bit,iptables are installed over yum.Also i have 4 servers with completely identical configuration,yet on two servers portflood works while on other two it reporting that error.Maybe it was different install cd which caused this,but again i dont know why this doesnt work since iptables version are indetical.

View 1 Replies View Related

Networking :: Redirect Only One Url To Another?

Mar 4, 2010

I use Centos 5.4, squid 2.6 stable21

I want to redirect only one url to another in a simpliest way.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved