All Questions
912 questions
1
vote
0
answers
9
views
Duplicating and routing packets with iptables
Forgive me. I am inexperienced with CLI networking tools.
I have 3 Linux machines (a client (C), server (S), and a node in the middle (M)). C and M have a direct link on subnet 192.168.100.0/24. For ...
2
votes
1
answer
35
views
How can I prevent a redirect loop with iptables when running a local forward proxy?
I'm trying to forward outgoing traffic to a forward proxy called mitmproxy running on my machine. I've tried using the following two approaches (see below), one using ttl and one setting a mark. ...
- 151
1
vote
1
answer
35
views
Unable to access services on my local network through Wireguard, using Caddy and Docker
Architecture
Problem
I want to be able to reach my services, hosted on my local network (192.168.1.0/24), through my domain (example.com). At this time, I can access the Wireguard UI service hosted ...
- 11
1
vote
0
answers
74
views
How to forward ports with IPv6 using iptables
I have two separated networks and there is one computer that is in both of them.
I want to forward connections made to that computer on one port from one of the networks to a port on a specific ...
- 23
1
vote
0
answers
63
views
What did I do wrong in the iptables?
I'm trying to route all the traffic to my ShadowSocks tproxy access point by configure iptables, however not just the traffic didn't been route to the proxy, I don't think it did anything at all. I ...
- 129
2
votes
2
answers
136
views
Routing packets from one wireguard client to another using iptables
This summarizes what I want to achieve:
Phone (192.168.1.245) -> Raspberry Pi 1 (wg0 10.8.0.3, wlan0 192.168.1.174) -> VPS (wg0 10.8.0.1 VPN Server) -> Raspberry Pi 2 (wg0 10.8.0.110, wlan0 ...
- 31
0
votes
0
answers
69
views
How to make hotspot use proxy
I'm using Ubuntu 24.04 Noble, main network interfaced is a ethernet called enx144fd7c333e3, another wifi interface is called wlp1s0; there is also a shadow-socks(socks5) proxy server running at 127.0....
- 129
0
votes
1
answer
157
views
forward packets between TUN interface and physical interface
I'm attempting to create a remote access VPN from scratch and am currently developing a proof-of-concept for the server-side functionality that forwards data between tun0 and enp4s0.
Code for ...
- 1
0
votes
0
answers
29
views
How can I block all requests to Docker containers from eth0?
I'm running some Docker containers on a machine, and I want all of my Docker containers to be only accessible on localhost (so caddy can use them) and from the tailscale0 interface only, so other ...
0
votes
0
answers
20
views
Network interface changes not seen in docker container
I'm running a distributed system that uses a pseudo-microservices architecture using docker containers. We use Data Distributed Service (DDS) as our transport layer; at the lowest level this just ...
- 101
2
votes
1
answer
267
views
How to forward one IP request to another port
Due to some issues in my country (Iran), I have some connectivity issue with an API like this:
https://api.another.website.com
I know the above URL, but it's included in an encoded PHP file with ...
- 35
2
votes
2
answers
165
views
What type of NAT does iptables MASQUERADE implement?
According to several sources (e.g. https://stackoverflow.com/questions/11719572/how-to-simulate-different-nat-behaviours), MASQUERADE in iptables behaves like a Symmetric NAT (i.e. Endpoint-Dependent ...
- 268
0
votes
2
answers
139
views
How to allow only one way traffic with wireguard
With wireguard, is it possible to create a tunnel that will only allow traffic in one direction? For example heres the following scenario:
Given PC-s: A, B, C. A should be able to reach (ping, telnet, ...
- 113
0
votes
1
answer
55
views
Any updates ways to block wildcard outgoing traffic to a domain?
Suppose I'm going to block a domain and its subdomains that I know it has.
I tried these ways, but none of them worked as expected or didn't work at all:
/etc/hosts.deny (I later figured out this ...
- 433
2
votes
0
answers
78
views
Linux bridge forwarding specific udp message to local process for correction
I have been trying to set up a Linux machine with a Bridge using brctl, and then using iptables to forward a specific set of udp messages to a local process. I have a test set up of three PC's, "...
- 21
0
votes
0
answers
11
views
External networks and docker container
I've a docker container on my VM , exposing ports 5042, 7247. And I want to make it available from external networks. OS: Ubuntu 22.04.3 LTS
curl http://172.17.0.2:5042/v1/user/HasUsers gives me 200 ...
1
vote
0
answers
48
views
Set up a proxy for ingoing and outgoing traffic on Mac OS X
I'm trying to duplicate some behavior of iptables on a Mac. I have seen some people recommend pf but I am willing to use whatever to get this working.
The idea is to redirect incoming traffic on port ...
- 11
0
votes
0
answers
27
views
Forwarding from one interface to another in a docker container
I have a wireguard container on a docker network, the docker network subnet is 10.18.0.0/16. The container ip is 10.18.0.2 and is receiving data on eth0, which I can see with tcpdump from within the ...
- 1
0
votes
0
answers
30
views
What is suitable tool for filtering large ranges of ips
[question replaced from server fault]
I'm trying to setup OpenVPN connection that would work only with certain sites and domains (filtering) (installed via https://github.com/Nyr/openvpn-install). ...
- 1
0
votes
0
answers
19
views
Can't drop connections from outside to access docker container
I have a container running gvm community edition. I recently installed it and it is working fine
docker ps
CONTAINER ID IMAGE COMMAND CREATED ...
0
votes
1
answer
90
views
fail2ban iptables rule has no effect for SoftEther VPN ... unless sshd rule is place
I am completely perplexed as to why this doesn't work.
This is my bare iptables ruleset:
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain ...
- 589
2
votes
1
answer
64
views
How to set up routing and firewall to achieve the desired result in this specific scenario (selective routing through wg tunnel)?
I have 2 linux computers connected via wireguard over the internet.
Their wg configuration is as follows.
Computer1:
[Interface]
PrivateKey = <computer1-private-key>
Address = 10.6.0.2/24
...
- 23
0
votes
1
answer
168
views
Linux Docker compose container cannot ping another bridged Docker container
Overview
I need a Docker Compose zabbix host to ping a host on a containerlab docker network.
These two Docker networks run under a linux Docker host machine as below... This information comes from ...
- 1
1
vote
0
answers
174
views
Linux - Preserve client IP Addresses when connecting to game server over wireguard VPN tunnel from VPS
My question is almost perfectly summarised here:
Preserve connecting clients IP address through an OpenVPN tunnel
And the solution provided in that post hints at what I need to do, and have been ...
- 11
0
votes
0
answers
47
views
How do i use IPTables to forward a port to a different local ip when using DMZ
My router software is garbage, it only allows forwarding certain ports, luckly i found out that DMZ works, i have a linux server, can i point DMZ to that linux server and just use it to forward ports ...
- 1
2
votes
0
answers
44
views
Forward (share) network to a bridged interface of 3 adapters
I have this network (network structure picture):
I need to configure the Kylin laptop to let other clients (PC, phones) access Internet. I have 3 USB ethernet adapter (enx000ec6c5afc1, ...
- 21
0
votes
0
answers
56
views
Docker container not recieving packets from specific port
So I have an instance in Oracle cloud, running OL7. In that instance I'm trying to setup some docker containers with multiple servers. These container should be reachable from the outside on different ...
0
votes
0
answers
87
views
How to prevent iptables NAT caused network jitter?
Background is as follows:
Currently, we have an OpenVPN tunnel that connecting from Point A to Point B (Point B has a public IP address), but if the internet route is suboptimal, the latency is quite ...
- 41
0
votes
1
answer
57
views
Communication between 2 internal NICs when using ip tables to route internrt
My Setup:
In my home setup, I have 3 NICs one that is connected to the internet (enp1s0),
The other two forward internet access to local devices (enp2s0 & enp3s0).
PC1 is connected to enp2s0 with ...
0
votes
0
answers
120
views
Linux 6.5 netfilter NAT reuses TCP ports in TIME_WAIT status?
In my understanding, Linux (netfilter)'s NAT doesn't reuse TCP ports in TIME_WAIT status, but seemingly Linux >= 6.5 reuses TCP ports in TIME_WAIT, even if the destination is the same.
For example, ...
- 101
5
votes
1
answer
2k
views
Access remote SSH tunnel from inside docker container
I have a webserver on my MacBook in my home network behind a NAT, serving on port 80.
I also have a publicly accessible server running Ubuntu, from which I want to access my local webserver, so I open ...
- 191
0
votes
3
answers
153
views
iptables not dropping udp port for exact ip address
My iptables rules are as follows:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b
-A INPUT -d (my public facing ip)/32 -p udp -m udp --...
- 213
0
votes
1
answer
345
views
How to set up port forwarding to guest VM using iptables
I am trying to do a proof of concept for port forwarding to a libvirt guest server.
The following are the variables I use for generalization:
port=500 # Arbitrary port, for proof of ...
- 115
0
votes
2
answers
279
views
What determines if a packet should be routed locally or forwarded?
As seen in the diagram, when the Linux kernel receives a packet, it goes through the prerouting chain, and then a routing decision is made on whether to forward it to somewhere else or deliver it to a ...
- 138
0
votes
0
answers
80
views
Route all TCP traffic from port to another host:port
I have a wireguard config, creating a VPN between a remote server (10.0.1.1) and my local machine (10.0.1.2), so that the server can reach the local machine and vice versa.
I'd like the server to ...
- 125
0
votes
1
answer
64
views
How can I simulate NAT reflection failure with `iptables`?
Let's say that:
My workstation LAN IP is 192.168.0.101
My WAN IP is 12.34.56.78.
My consumer-grade router is port-forwarding WAN:80 to 192.168.0.101:8080
NAT Reflection / Hairpinning is working
So ...
- 983
0
votes
2
answers
135
views
iptables port REDIRECT works locally but not from outside
I have a server that can only listen to port 23006. I want to access it from outside and on port 443.
I have systemctl setup:
$ sudo sysctl --system
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* ...
- 1
0
votes
0
answers
114
views
How to redirect traffic coming from exterior to a proxy chains of 2 proxy?
I'm using redsocks to redirect the incoming non-local traffic to forward it to a socks5 proxy. Unfortunately,redsocks does not support proxy chaining, So I tried to do a turn around by running 2 ...
- 13
0
votes
0
answers
195
views
How to proxy all traffic received by Windows using Linux and redsocks?
I have a Windows machine where all of it's traffic is routed through a Linux machine simply by doing changing the Windows route :
route add 0.0.0.0 mask 0.0.0.0 192.168.1.48 where 192.168.1.48 is the ...
- 13
0
votes
1
answer
191
views
routing traffic using iptables and l2tp
Internet restrictions in my country have essentially made it impossible for VPNs to work.
As such, I wanted to circumvent this issue by using the following method.
Although "residential" ...
0
votes
0
answers
116
views
No internet connection after setuping OpenConnect server on ArchLinux
ip tuntap add mode tun dev vpn0
ip addr add 192.168.2.2/24 dev vpn0
# systemctl restart ocserv
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -...
- 101
0
votes
0
answers
120
views
Using (Linux) iptables to drop duplicates?
Is there an easy way to use "iptables" rules to drop duplicate packets on Linux?
If not, I'll have to spend more time figuring out why the problem is happening. In short, it has to do with ...
- 1
2
votes
1
answer
271
views
Preserve incoming interface for answers in openwrt router
I have a Openwrt router with three interfaces:
interface br-lan: IP: 172.16.21.1 in a LAN network (172.16.21.0/24).
interface eth1: IP: 172.16.22.2 a WAN network (172.16.22.0/30) with Internet access....
- 31
1
vote
1
answer
345
views
Stateful forwarding rule in iptables
I have created this bridge device
ip link add dev br0 type bridge
ip addr add 172.16.0.254/16 broadcast 172.16.255.255 dev br0
ip link set br0 up
sysctl -w net.ipv4.conf.br0.forwarding=1
This device ...
- 65
0
votes
0
answers
228
views
Ping not leaving linux VM
Firstly, only just learning Linux and networking, so please assume I have minimal knowledge!
Perhaps a week ago I was working on a small python script that involved pinging devices from the Kali Linux ...
0
votes
1
answer
550
views
Unable to open port on debian vps
Trying to open 51820 UDP
I do
iptables -A INPUT -p udp --dport 51820 -j ACCEPT
then iptables -L
I can see
ACCEPT udp -- anywhere anywhere udp dpt:51820
then I do
/sbin/...
- 47
1
vote
1
answer
138
views
In Linux how to loop-back the internal traffic that's destined to the server's own NATed public IP?
By internal I mean only the traffic originating within the server itself (not LAN or other servers). I have a cloud VM where the Public IP provided by the cloud vendor is not directly attached to the ...
- 35
0
votes
0
answers
76
views
triple vpn tunnel to bypass vpn blocks
is it technically possible to setup a VPN tunnel (or port-forwarding,or any other ways) as illustrated with bellow picture ?
Assuming there is an restricted FW which even VPNs do not work plus "...
- 281
-1
votes
1
answer
556
views
IPtables dropping packets I can't see with tcpdump and I don't know why?
My IPtables rules are blocking apt update for example:
root@vpn:~# apt update
Ign:1 https://pkgs.tailscale.com/stable/ubuntu jammy InRelease
Ign:2 http://de.archive.ubuntu.com/ubuntu jammy InRelease
...
- 11
0
votes
0
answers
129
views
Iptables redirect outside requests to 127.0.0.1 (VirtualBox)
I have a virtual machine installed with the output:
ifconfig:
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::...
- 45