I have "Server A" with real internet ip 188.8.131.52 (eth0) and lan ip 192.168.1.1 (eth1) There's also "Server B" with lan ip 192.168.1.2 (eth0), I'm running an Apache Web server on "Server B", so I want to redirect all traffic from IP 184.108.40.206 port 80 (Server A) to 192.168.1.2 port 80 (Server B), using the following rule:
iptables -t nat -A PREROUTING -p tcp -d 220.127.116.11 --dport 80 -j DNAT --to 192.168.1.2:80 This actually works pretty good, from internet I can browse ttp://18.104.22.168 But the problem is that if I check the Apache logs, all incoming connections seems to come from 192.168.1.1 instead of showing the real source ip addresses (internet ip's) so this is screwing up all my web stats, I've been looking for hours and hours on how to make a transparent redirect, but can't find any info, I know there must be a way because my old WRT54G router which uses iptables could do it.
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused while nc -v -w2 -z localhost BBBB
I was trying to find some free VPN service for access restricted pages. I found some working programs for win XP, but nothing works under Linux (TOR was too slow and now it is blocked). I was using program PacketiX under win, and it has also Linux version without GUI, but i was not able to make it work, because I dont know, how can I make firefox to connect through the VPN service.
I downloaded the client here [URL]
I was able to make it work with this guide [URL]
But i dont know, how to adjust routing table so I can connect to the internet through the VPN service.
Code: ath0 Link encap:Ethernet HWaddr 00:05:4e:4d:c5:5f inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:576 Metric:1
Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment
VoIP Provider_____Gateway_____________My server ADSL Provider____(non pingable) x.x.x.2 <====> A.A.A.1 <======> A.A.A.3
how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
Have done a bit of Googling around this but got totally swamped so will try here. Basically we are running a CentOS server which hosts a number of virtual hosts under Apache. Recently I needed to set up a development environment for another site using Ubuntu and have this running and accessible on the LAN from a VMWare image. I'm using bridged networking so the VMWare machine has its own IP on the LAN subnet.
I've set up a DNS to point to the external IP of the physical host but can't figure out how to route traffic requested on this domain to the VMWare host. I've basically tried two approaches (configuring a proxy web server and reverse proxy in an httpd.conf file and mucking around with iptables forwarding rules but without success.
Ideally I'd like somesite.somewhere.com to point to the VMWare IP but I could live with a custom port on the end if thats whats required.
To throw further complication into the mix I need reliable communication between the VMWare machine and external mail relay servers in order to debug any issues with mail bouncebacks, embargos etc.
Any idea what's the easiest way to accomplish this?
My network isPC1 -- (NIC1,10.1.1.x) Linux (NIC2,10.1.2.x) -- Server 1 (HTTP/FTP)My question isIn the linux system, can I change the PC1 source port from 20000 to 30000? for examplePC1(sport:20000,dport:80)---Linux-- (sport:30000,dport:80)--- Server 1 (HTTP/FTP)
I'm new to iptable configuration. I've set up a VPN using DD-WRT on my router and it works fine. However the VPN company does not allow port 25 traffic (in case of spammers) so now I can't get my emails sent out.
I'm guessing I can add some rules to my iptable so that all traffic except port 25 traffic can go out through the VPN tunnel. And hopefully, all port 25 traffic will go out through the normal Internet connection.code...
made software which we can get network traffic Report of of Switches for Daily,monthly and yearly base , in MRTG we can configure as a switch so we can get particular switch Traffic but how can we get each port of traffic of a switch in MRTG
i have a problem........ How to redirect local http port to remote ip ddress(192.168.10.64) using iptables..my destro is Centos 5.3 my rule is this iptables -t nat -A PREROUTING -s 0/0 -d <my local ip> -p tcp --dport 80 -j DNAT --to-destination 192.168.10.64
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question: When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic. Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
I was wondering what the best way of redirecting all traffic, not just http traffic, from my hosted web server on hostmonster (with a domain name) to my home server.... I wondered if it would be possible to do it with a simple script running on the hosted web server?? Also is there a way of getting round having all the ports open on the hosted web server that I want to use on my home server??
We host a web server in which we are hoping to implement some form of traffic redirection based on source IP address, and I am wondering whether the squid proxy built on iptables would be capable of managing this task? Essentially we are trying to redirect traffic from specific set of source IP ranges to a "Your IP has been restricted" type of page at a different IP/FQDN.
I tried to setup a home server that will redirect the internet traffic through the server before it reach the client. Because i don't want to install anti virus on every machine, it will slow them down a lot. There are some anti virus for ubuntu. Most of my home machines are running windows, which is a pain with virus.
p/s: I'm running 1 ubuntu server 10.04 and the rest are windows 7 machines.
I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
My poblem: At work I have a proxy with some closed ports. I need to connect to an Oracle DB on some DB_IP at port 1521. DB_IP is a public IP. What I Have: At home, I have a Linux machine and a Linksys WRT54G Router. What I need: How can I do to communicate a PC at work with DB_IP:1521?
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
I am looking to set up a system that will bring in an e-mail on a port like 4082 then sent it out to a standard e-mail port. this is a fire wall issue. I am looking for the best software I can use on an Ubuntu-Desktop platform to accomplish this and an idea on how to set this up?
I have been beating my head for the last few weeks on this problem, (although I have been taking the wrong approach, it seems).
I need a gateway to direct web traffic to three separate servers/domains. I have been trying to do this with both a dns server and , (seperatly), apache server to forward requests. The dns server was a no go, and <i can only get apache to redirect http and ftp.
After Googling this ALOT, I believe that what I need is a gateway server to redirect my traffic to the 3 different servers. I have been reading about using using nat and iptables for this and was wondering if anyone had any advice/suggestions on this. The other thought I had was to use something like pfSense to create the gateway, but I am still reading the documentation, and I am unsure if this approach will work.
This is where it starts: I have 2 networks. The first: 192.168.1.0/24 composed by the router which has access to the internet with the IP 192.168.1 and the server (who is a gateway) with the IP 192.168.1.42 The other network: 192.168.2.0/24 composed by the gateway with the IP 192.168.2.1 and the clients (on the 192.168.2.0/24 subnet). To sum up, the gateway has 2 IPs (192.168.1.4(eth0) and 192.168.2.1(eth1)). On this gateway, I have squid installed (and listening on port 3128). I also made a redirection to redirect some computers who want to access to the web (port 80) to squid (port 3128) with this command: /sbin/iptables -t nat -A PREROUTING -m mac --mac-source CLIENT_MAC -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
At this stage, everything works fine. The clients can access the web by the proxy without "knowing". What I wanted to do, is redirect also the port 443 (HTTPS). Actually, when a client wants to access to, for example, [URL]. He cannot. So I would want to be able to redirect people (without passing by any proxy) directly to google. Like a NAT. But the problem is that I can't. The thing would be to, in the gateway, take all the packets with port 443 in destination and handle them to the router 192.168.1.1. Then, when the router sends the packet back, the gateway takes the packet and handles it to the client. I tried putting ip_forward to 1, but the problem is that all IPs and ALL PORTS are forwarded. And I just want port 443 to be forwarded.
* a router/gateway. The external interface have the public IP, an other the DMZ, a third the internal room* a DMZ with the web server* an internal network (internet public room)I redirect the http port 80 to the web server. You should see him there.But I can't see this web site from the internal room. From the public IP /URL I have some sort of non existent message (sorry forgot to copy it). If I call for the private IP, I get the home page (but not the CSS files)the gateway nat's the networks.What is the trick to see the web site from the internal network?
Currently my home internet provider does not allow services on ports 1 to 1024 but allow the use of high ports to whatever users want to do and I was wondering what ways are there to mask my webserver @ ip:8080 and yet maintain the servernames ? For example currently if I use myexample.com:8080 it will open just fine but I know there some ways to make it look like if port 8080 never existed, one example of this would be using a proxy server somewhere else to redirect the access but I don't have one available nor money to use for this.
In the above case what would happen is that when user hitted the proxy server it would redirect and query my server so user would never know 2nd server existed at all. Another way would be creating a page somewhere else and put your site as a iframe or frame which would hide it but may be a problem to some browsers etc...
So I belive the question here is what options do I have to mask my server at 8080 to look like a transparent webserver? While I do know this seems a bit technical I belive the place to ask this question would be here instead of serverfault
*Am trying to configure on machine ?MyServer.net? apache on port 8586. *Two applications run on same machine on different ports Jenkins on 8081 and Hudson on 8080.*Request coming to 8586 port should redirect to either 8080 or 8081 on one condition. *The request from client machine coming to MyServernet:8586 looks something like this ?MyServer.net/job/<JOBNAME>/build?token=TOKEN?.
Condition If <JOBNAME> is ?naveen? apache should redirect to 8081. If <JOBNAME> is not ?naveenn? apache should redirect to 8080.
I have multiple jvm instance of tomcat application on a unix server and its running on different port.i would like to redirect the port and uri.How can i achieve this with the help of apache. i heard we can do it using mod_proxy.
Currently when i access http://myapp.xx.com/offer i get 404 error.
one way to achieve this is to rename my exploded app name (offers-service-main) to offer. But i dont want to do that.anyway to achieve it.