Questions tagged [iptables]
Iptables is a module that provides the Linux operating system functions of firewall, NAT and logging of data traveling over a computer network.
1,937 questions
1
vote
0
answers
8
views
Duplicating and routing packets with iptables
Forgive me. I am inexperienced with CLI networking tools.
I have 3 Linux machines (a client (C), server (S), and a node in the middle (M)). C and M have a direct link on subnet 192.168.100.0/24. For ...
1
vote
0
answers
12
views
Exposing a Minikube nodeport in ethernet interface via iptables so it's visible to ther hosts in the network
For an enterprise project prototype I am using Minikube to test a complex on premise Hyperledger Fabric (HLF) network. I need to expose HLF (non http) services running on Minikube. I have already done ...
- 111
6
votes
1
answer
455
views
How to have an application (running on port 7443) be accessible via IPtables on port 443 but not 7443?
I have a Python HTTP server on one machine with IP address - IP1 running at port 7443.
I would like to drop all the connections of INPUT by default from outside world except 443, 22 (7443 should be ...
- 61
2
votes
1
answer
35
views
How can I prevent a redirect loop with iptables when running a local forward proxy?
I'm trying to forward outgoing traffic to a forward proxy called mitmproxy running on my machine. I've tried using the following two approaches (see below), one using ttl and one setting a mark. ...
- 151
1
vote
1
answer
35
views
Unable to access services on my local network through Wireguard, using Caddy and Docker
Architecture
Problem
I want to be able to reach my services, hosted on my local network (192.168.1.0/24), through my domain (example.com). At this time, I can access the Wireguard UI service hosted ...
- 11
2
votes
0
answers
29
views
How to Configure Debian Server with ISP-Delegated Static IPs?
I'm setting up a Debian server to act as both a router and a server, but I've encountered issues with my ISP's unique static IP assignment method. Here's the situation:
I have been assigned two static ...
- 173
1
vote
0
answers
74
views
How to forward ports with IPv6 using iptables
I have two separated networks and there is one computer that is in both of them.
I want to forward connections made to that computer on one port from one of the networks to a port on a specific ...
- 23
0
votes
0
answers
29
views
Iptables which network interface am i using?
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
...
- 11
0
votes
0
answers
22
views
Iptables rules to allow outgoing DNS lookups, only from my DNS ip
Well, i'm getting mad whith this :D
This is the only configuration which allow me to browse.
My Iptables rules:
iptables -t filter -A OUTPUT -o lo -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
...
- 11
1
vote
1
answer
116
views
Running Docker on AlmaLinux with csf firewall (or any firewall script)
I have recently learned a piece of software I use has upgraded to Docker. I asked a devop to install it and they said docker doesn’t work with csf iptables firewall. It goes without saying, I need ...
- 19
1
vote
0
answers
63
views
What did I do wrong in the iptables?
I'm trying to route all the traffic to my ShadowSocks tproxy access point by configure iptables, however not just the traffic didn't been route to the proxy, I don't think it did anything at all. I ...
- 129
2
votes
2
answers
136
views
Routing packets from one wireguard client to another using iptables
This summarizes what I want to achieve:
Phone (192.168.1.245) -> Raspberry Pi 1 (wg0 10.8.0.3, wlan0 192.168.1.174) -> VPS (wg0 10.8.0.1 VPN Server) -> Raspberry Pi 2 (wg0 10.8.0.110, wlan0 ...
- 31
1
vote
1
answer
80
views
DNS not working when transparent proxy is active
I started a ShadowSocks(Socks5) tproxy and configured iptable to route all the traffic towards it. It is working and listenning to traffic, I can access webpages by directly typing in the ip address; ...
- 129
-1
votes
1
answer
76
views
Tip for optimal FW configuration (Iptables) [closed]
This is my Iptables configuration:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:port-scan - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-...
- 11
0
votes
1
answer
94
views
How can I connect two hosts behind CGNAT with wireguard using an untrusted VPS?
I have a home network behind CGNAT and I would like to connect to it over wireguard from the internet on my phone, also behind CGNAT. My ISPs don’t support IPv6.
Since neither side will have a public ...
0
votes
0
answers
69
views
How to make hotspot use proxy
I'm using Ubuntu 24.04 Noble, main network interfaced is a ethernet called enx144fd7c333e3, another wifi interface is called wlp1s0; there is also a shadow-socks(socks5) proxy server running at 127.0....
- 129
0
votes
1
answer
157
views
forward packets between TUN interface and physical interface
I'm attempting to create a remote access VPN from scratch and am currently developing a proof-of-concept for the server-side functionality that forwards data between tun0 and enp4s0.
Code for ...
- 1
0
votes
0
answers
58
views
How to block outgoing SSH on an Ubuntu server?
I have a local Ubuntu server, I want a certain group to be able to SSH into the server but not out. What I mean by that is I want users to be able to connect to this server via SSH but if they try to ...
- 101
0
votes
0
answers
29
views
How can I block all requests to Docker containers from eth0?
I'm running some Docker containers on a machine, and I want all of my Docker containers to be only accessible on localhost (so caddy can use them) and from the tailscale0 interface only, so other ...
0
votes
0
answers
20
views
Network interface changes not seen in docker container
I'm running a distributed system that uses a pseudo-microservices architecture using docker containers. We use Data Distributed Service (DDS) as our transport layer; at the lowest level this just ...
- 101
2
votes
1
answer
267
views
How to forward one IP request to another port
Due to some issues in my country (Iran), I have some connectivity issue with an API like this:
https://api.another.website.com
I know the above URL, but it's included in an encoded PHP file with ...
- 35
0
votes
0
answers
60
views
How can I perform geoip-based routing on Ubuntu without kernel modules?
I have a container-based VPS (Ubuntu 22.04, kernel 4.4.0), and I want to add some geoip-based rules to its routing table.
Unfortunately, every tutorial I can find relies on xtables-addons, which ...
- 101
2
votes
2
answers
165
views
What type of NAT does iptables MASQUERADE implement?
According to several sources (e.g. https://stackoverflow.com/questions/11719572/how-to-simulate-different-nat-behaviours), MASQUERADE in iptables behaves like a Symmetric NAT (i.e. Endpoint-Dependent ...
- 268
0
votes
2
answers
139
views
How to allow only one way traffic with wireguard
With wireguard, is it possible to create a tunnel that will only allow traffic in one direction? For example heres the following scenario:
Given PC-s: A, B, C. A should be able to reach (ping, telnet, ...
- 113
0
votes
1
answer
55
views
Any updates ways to block wildcard outgoing traffic to a domain?
Suppose I'm going to block a domain and its subdomains that I know it has.
I tried these ways, but none of them worked as expected or didn't work at all:
/etc/hosts.deny (I later figured out this ...
- 433
0
votes
0
answers
52
views
IPTables NAT Forwarding SSH
I have a VPS with an IPSEC VPN using Strong Swan to a partner network. They are expecting all traffic from my network to come from one NAT'd address. I have the NAT set up successfully outbound to the ...
- 1
2
votes
0
answers
78
views
Linux bridge forwarding specific udp message to local process for correction
I have been trying to set up a Linux machine with a Bridge using brctl, and then using iptables to forward a specific set of udp messages to a local process. I have a test set up of three PC's, "...
- 21
0
votes
0
answers
11
views
External networks and docker container
I've a docker container on my VM , exposing ports 5042, 7247. And I want to make it available from external networks. OS: Ubuntu 22.04.3 LTS
curl http://172.17.0.2:5042/v1/user/HasUsers gives me 200 ...
1
vote
0
answers
48
views
Set up a proxy for ingoing and outgoing traffic on Mac OS X
I'm trying to duplicate some behavior of iptables on a Mac. I have seen some people recommend pf but I am willing to use whatever to get this working.
The idea is to redirect incoming traffic on port ...
- 11
0
votes
1
answer
42
views
Select routing policy based on gateway address
I run a wireguard interface wg0 on my remote VPS, the wireguard interface has 2 IP addresses, 10.9.0.1 & 10.9.0.2, the network interface of the VPS is ens3 (1.2.3.4), and I also run a VPN ...
- 53
0
votes
0
answers
27
views
Forwarding from one interface to another in a docker container
I have a wireguard container on a docker network, the docker network subnet is 10.18.0.0/16. The container ip is 10.18.0.2 and is receiving data on eth0, which I can see with tcpdump from within the ...
- 1
0
votes
0
answers
30
views
What is suitable tool for filtering large ranges of ips
[question replaced from server fault]
I'm trying to setup OpenVPN connection that would work only with certain sites and domains (filtering) (installed via https://github.com/Nyr/openvpn-install). ...
- 1
0
votes
0
answers
19
views
Can't drop connections from outside to access docker container
I have a container running gvm community edition. I recently installed it and it is working fine
docker ps
CONTAINER ID IMAGE COMMAND CREATED ...
0
votes
0
answers
34
views
How to properly make routes for a server with two internet connections (one behind NAT, second with public IP). Also add proper port forwarding
ubuntu 22 desktop. So Network Manager it is ;)
Initial conditions - 2 network interfaces.
Both with internet. One with a "public IP" and the second with a local network.
I want to make it so ...
0
votes
1
answer
189
views
OpenConnect VPN Server and DNSMasq DNS Server on Same Machine
I am running an OpenConnect VPN server on a Debian 11 machine. The VPN server works perfectly when configured to use Google public DNS, but I want to run my own DNS server on the same machine and use ...
1
vote
0
answers
54
views
routing traffic through second wireguard server
I have 3 wireguard nodes. one acts as "main-server", the second as "web-gateway" and the third as "client".
The "client" and the "web-gateway" connect ...
- 11
0
votes
0
answers
26
views
SSH into Virtual machine issues
I recently set up an Ubuntu server inside a virtual machine and I have been trying to SSH into this VM from the host (using Oracle VirtualBox). I keep receiving a timeout error no matter what I try.
I ...
0
votes
1
answer
90
views
fail2ban iptables rule has no effect for SoftEther VPN ... unless sshd rule is place
I am completely perplexed as to why this doesn't work.
This is my bare iptables ruleset:
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain ...
- 589
0
votes
0
answers
33
views
IPTables NAT Explanation
Let's say I have a static LAN behind a NAT with the WAN network being dynamic. If I try to traceroute google.com from a board on the LAN, how does the board I'm tracerouting from know to send the ...
2
votes
1
answer
64
views
How to set up routing and firewall to achieve the desired result in this specific scenario (selective routing through wg tunnel)?
I have 2 linux computers connected via wireguard over the internet.
Their wg configuration is as follows.
Computer1:
[Interface]
PrivateKey = <computer1-private-key>
Address = 10.6.0.2/24
...
- 23
1
vote
0
answers
295
views
Wireguard client loses connection in different network
I'm trying to figure out how to fix my remote access issue between the wireguard server and the client machines.
I configured an Ubuntu PC as a Wireguard server. And another Ubuntu PC configured as a ...
- 21
0
votes
1
answer
42
views
IPTables Nat Confusion
I'm trying to make a NAT using IP Tables with the following configuration. OrangePI1 has two interfaces LAN and WAN.
LAN is a static address network where OrangePi2 lives and has a static ip.
On the ...
1
vote
1
answer
206
views
Cannot reach web server in vm from bare metal using DNS after iptables rules forward packets to virtual bridge
This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.
Topology:
The topology of my setup is illustrated below. ...
- 11
0
votes
1
answer
168
views
Linux Docker compose container cannot ping another bridged Docker container
Overview
I need a Docker Compose zabbix host to ping a host on a containerlab docker network.
These two Docker networks run under a linux Docker host machine as below... This information comes from ...
- 1
1
vote
1
answer
365
views
Firewalld port redirect to rootless podman container
I'm having a podman container running rootless on port 8080 and 8443. But I want to have access to them on port 80 and 443.
This is working quite well with firewalld and this command:
firewall-cmd \
...
- 11
1
vote
0
answers
174
views
Linux - Preserve client IP Addresses when connecting to game server over wireguard VPN tunnel from VPS
My question is almost perfectly summarised here:
Preserve connecting clients IP address through an OpenVPN tunnel
And the solution provided in that post hints at what I need to do, and have been ...
- 11
0
votes
0
answers
47
views
How do i use IPTables to forward a port to a different local ip when using DMZ
My router software is garbage, it only allows forwarding certain ports, luckly i found out that DMZ works, i have a linux server, can i point DMZ to that linux server and just use it to forward ports ...
- 1
0
votes
0
answers
78
views
Round-robin between two VPNs with route tables and iptables
I opened to vpn interfaces with
openvpn --config vpn1.ovpn
openvpn --config vpn2.ovpn
and I want to send all from my laptop by one of the vpns.
I prevented the vpns from changing my default gateway ...
- 101
1
vote
0
answers
97
views
Configuring a WireGuard Server to Forward Each Client's Traffic Through a Local SOCKS5 Proxy for Different External IP Addresses?
How to configure the WireGuard server to forward each client's traffic to a monitored port on the local machine, and this monitored port will send traffic out through a SOCKS5 proxy, thereby achieving ...
- 11
2
votes
0
answers
44
views
Forward (share) network to a bridged interface of 3 adapters
I have this network (network structure picture):
I need to configure the Kylin laptop to let other clients (PC, phones) access Internet. I have 3 USB ethernet adapter (enx000ec6c5afc1, ...
- 21