Skip to main content

Questions tagged [iptables]

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.

553 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
9 votes
1 answer
4k views

Using UFW with ipsets

I am running Ubuntu 14.04 on a VPS for business purposes. The firewall is setup using ufw; testing reveals that it's working well. I'd like to further secure my server using techniques described ...
codewise's user avatar
  • 191
5 votes
3 answers
5k views

Restrict Deluge to tun0 only but allow Deluge Web UI over eth0

After many searches I have been able to restrict deluge network traffic to only the VPN interface tun0 using the following command: sudo iptables -A OUTPUT -m owner --uid-owner deluge \! -o tun0 -j ...
Corann Faun's user avatar
5 votes
0 answers
1k views

How do I share my wlan0 internet connection to eth0 using command line and config files?

I understand how it is done using the GUI (1, 2, 3), but I need to do MANUALLY using linux command (iptables, ebtables ...). I have been struggling with this for days, and I can seem to get it right. ...
zabumba's user avatar
  • 283
4 votes
0 answers
670 views

UFW status is getting problem running iptables

I want to use UFW (version 0.36) but I get this error when running ufw status: ERROR: problem running iptables: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?...
AlexxanderX's user avatar
4 votes
0 answers
535 views

IPv6 is disabled, but netfilter-persistent complains with `ip6tables-save v1.6.1: Cannot initialize: Address family not supported by protocol`

I've disabled IPv6 on a set of Docker nodes following the instructions from Disabling IPv6 in Ubuntu Server 18.04. However, netfilter-persistent is still complaining about IPv6: root@docker10:~# ...
Stefan Lasiewski's user avatar
4 votes
0 answers
2k views

Completely disable IPTables

I have been playing around with switching to nftables (purely as a learning exercise). I have it all working perfectly except for the fact I have to manually unload iptable_nat from the kernel after a ...
Cipher Menial's user avatar
4 votes
0 answers
862 views

Enable packet routing from network interface eth0 to bridge interface

I have a Ubuntu server connect to LAN 10.1.200.21/24 (bond0), and an Macbook connect to LAN 10.1.200.50/24 (eno1) There are another bridge create by brctl addbr br0 in Ubuntu 10.3.100.1/24, and there ...
王予智's user avatar
4 votes
0 answers
1k views

Help creating a Network Namespace to run a VPN

My intention is to setup a Network Namespace which will have a VPN running in it. I plan on having certain applications configured to start in that Namespace to be behind the VPN. Anything not ...
Viperean's user avatar
  • 141
4 votes
0 answers
395 views

How to get Docker images to use my transparent/intercept squid on the host without touching Docker images?

I have a squid instance running on my server which is connected to 192.168.178.0/24 through eth0 with 192.168.178.26 and serves as gateway for the LAN 192.168.179.0/24 through p18p1 with 192.168.179.1....
Kalle Richter's user avatar
4 votes
1 answer
3k views

Docker Transparent Squid Proxy

I am trying to run a squid3 transparent proxy in a docker image, on my laptop. Then on the same laptop I want to use the transparent proxy. The reason for the proxy is to abstract a corporate proxy ...
ex0b1t's user avatar
  • 41
4 votes
1 answer
61 views

Is there an iteractive firewall extension available for Ubuntu?

Every time something on my computer tries to contact an external host or an external host tries to contact my computer I would like to be asked if I authorize this and if I would like to create a rule ...
Ivan's user avatar
  • 57.5k
4 votes
0 answers
364 views

How do I find which OS layer (iptables, rp_filter, etc) is dropping a packet?

Let's say that I'm running a ping towards a machine and I see from tcpdump that the icmp echo reply is being received at the ethernet port but the ping program is not getting it. So I know that ...
RubenLaguna's user avatar
4 votes
0 answers
5k views

Webmin Port Forwarding

I have not been able to figure this out at all. I have 1 Lan IP address and 5 external static IPs: eth0: 10.0.0.1 - internal lan ip and router IP. eth1: xx.xx.xx.217 - external eth2: xx.xx.xx.218 - ...
Matthew St Nicholas Iverson's user avatar
3 votes
3 answers
316 views

Having issues locking down public server with iptables

I'm rather new to Ubuntu. I'm trying to lock it down to where I have complete access to it from my ip address and everyone else only has access to port 80 and 443. To better understand it, I put my ...
ErocM's user avatar
  • 521
3 votes
0 answers
5k views

How to check if ip forwarding is enabled

i have 2 vps services from 2 diffrent providers and i want to use iptables for prerouting . i can do it easily on one but cant do it on the other one , i almost read all articles and tried them but ...
Pouria Sh's user avatar
3 votes
2 answers
1k views

Can someone explain interactions between iptables, nftables and bpf?

I'm on Ubuntu 20.10 trying to do some routing config for my virtual network, and I'm confused about the interactions between the 3 main types of firewall technology used in modern Linux distros, ...
Avery Freeman's user avatar
3 votes
0 answers
185 views

Webpage can not get access from the world!

I have installed a fresh Apache with a fresh Ubuntu server. I did not make any changes to my server yet. The default Apache website is visible from other PCs inside the private network. The ports 80 ...
MJC's user avatar
  • 31
3 votes
0 answers
5k views

how to properly install and configure stubby on a ubuntu server

This is what I have done, according to this instructive: Protect Your DNS Privacy on Ubuntu 18.04/20.04 with DNS over TLS, but it does not work in my localnet. What am I missing? Install stubby on ...
acgbox's user avatar
  • 2,210
3 votes
0 answers
5k views

Getting Error trying to install install ufw on a freshly installes ubuntu 16.04

On a fresh Ubuntu 16.04 LTS install after installing nginx, php, mysql I was trying to install ufw. First, when I tried to allow Port 22/OpenSSH I came across an iptables error. ERROR: initcaps [...
Dom's user avatar
  • 131
3 votes
0 answers
6k views

OPENVPN: MULTI: bad source address from client

I struggled this problem for two days, but the problem is still here. Hope someone can provide suggestion or the way how to diagnose it. What i want is let all client visit Internet over the OpenVPN ...
shijie xu's user avatar
  • 291
3 votes
0 answers
924 views

Iptables Rules for Ubuntu 16.04 based Firewall

I am trying to set iptables rules in my server to use it as Ubuntu 16.04 based Firewall. I have fair knowledge in Ubuntu. I did some search in Ubuntu help site and in Askubuntu. I came up with the ...
HM3RAQ's user avatar
  • 31
3 votes
0 answers
1k views

Why are NAT&Kernel IP Forwarding not working?

I'm trying to forward all traffic from tun0 to eth0,below is my interfaces: eth0 Link encap:Ethernet HWaddr 12:57:6e:6a:74:85 inet addr:172.31.32.133 Bcast:172.31.47.255 Mask:255.255....
Raymond's user avatar
  • 31
3 votes
0 answers
434 views

What is UFW's approach towards rules order for overlapping rules?

I need to enable UFW in my Ubuntu 14.04 Server having these conditions: - I want to deny all incoming and outgoing on all ports (and protocols) but: - I want to allow all incoming and outgoing on a ...
YasharHND's user avatar
3 votes
0 answers
331 views

VirtualBox, Ubuntu clients, internal network proxy to supply internet

Probably this question was asked many times, but I seem to be unable to find proper solution. Here is my setup: Two virtual machines(Ubuntu 12.04) M1 and M2. M1 has 2 network adapters: eth0 set to ...
user1784828's user avatar
3 votes
2 answers
7k views

How do I whitelist some connections by ip from being dropped by connlimit?

I'm using these rules in /etc/ufw/before.rules # Limit to 20 concurrent connections on port 80 per IP -A ufw-before-input -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j DROP -A ufw-...
Bruce Kirkpatrick's user avatar
3 votes
1 answer
589 views

WAN access problem

I was desperately trying to set up my system as an externally accessible machine in the past 4 days without luck. Must say , it was a great journey so far, learned a lot about linux networking in ...
Peter G.'s user avatar
2 votes
1 answer
543 views

Fail2Ban bans, iptables lists the block but connection is still not blocked

I am using Ubuntu 22.04 LTS and I am trying to prevent repeated connection attempts to our mail server using fail2ban. Fail2ban creates a proper entry in the iptables configuration, but the related IP ...
Deckard's user avatar
  • 123
2 votes
1 answer
293 views

How to tunnel all the traffic for one interface through another interface

I have two working interfaces on my ubuntu machine: tun0 - OpenVPN server with the internal address of: 10.8.0.0/24 wg0 - WireGuard peer interface with the internal address of: 10.7.0.0/24 which is ...
Nojan A.'s user avatar
2 votes
0 answers
320 views

redirect cloudflare port to my custom port in Ubuntu server

I use port 32147 on my server for tls packet, but because this port is not supported in the domain that is connected to the Cloudflare proxy, so i use one of the ports supported by Cloudflare (for ...
kamal's user avatar
  • 121
2 votes
0 answers
198 views

iptabels firewall rules for INPUT while Tor traffic on lubuntu 22.04 LTS

i do have lubuntu 22.04 LTS and TOR daemon with the torrc config VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 DNSPort 9053 and iptables rules #exclude locals TOR_EXCLUDE=&...
mrs-g's user avatar
  • 21
2 votes
1 answer
3k views

iptables - Port forwarding with keeping source IP

I have a Ubuntu Server with two interfaces: enp1s0 and ham0 (private network). In interface ham0 my IP-address is 25.70.228.164. Another machine in this network has IP-address 25.11.1.253. I tried to ...
Semyon Bayandin's user avatar
2 votes
0 answers
2k views

Open server port 80 and redirect to container IP

I'm not an heavy user of unix based systems. And I have some trouble opening a server's port (80) to the public and redirect it to a running container. So basically, I have a running container on a ...
Cromm's user avatar
  • 71
2 votes
2 answers
6k views

How to open port to outside world?

I have a remote server with an IP - 111.222.333.444 I want to run an http server on that machine, that runs on localhost:8000 How can I make requests to 111.222.333.444:6000 from outside, from my hope ...
kertal's user avatar
  • 21
2 votes
0 answers
905 views

How to complete MASQUERADE with NetPlan?

I'm an Ubuntu newbie, I'm going to use Ubuntu to set up a KVM virtual machine, I only have a public IP, I know how to configure it in ifupdown, but I want to configure it in NetPlan. My configuration ...
user1558234's user avatar
2 votes
0 answers
6k views

How to upgrade iptables version with apt

My iptables version is v1.6.1. How can I upgrade it? I tried: root@ubuntu:~# apt update iptables E: The update command takes no arguments root@ubuntu:~#b apt upgrade iptables Reading package lists... ...
E235's user avatar
  • 153
2 votes
0 answers
1k views

ufw block error seen in journalctl -xe command

I'm newbie in networking and system security. I am trying to create openconnect server which tutorial is found in this link. I have also seen the similar issues like this one, but they don't make ...
Mostafa Ghadimi's user avatar
2 votes
0 answers
1k views

Port forwarding In Ubuntu 20.04 with minikube

I'm trying to use minikube in my server. I've finished setting about kubernetes and I can get access to 192.168.49.2 which I got from minikube ip in server ssh (curl). Let's say my server's public ip ...
buttercrab's user avatar
2 votes
1 answer
693 views

Show UFW comment in IPTABLES

I started to use ufw for easier maintaince. For my telegraf plugin the iptables entry needs to have a comment added with -m comment --comment "myComment". UFW does have a comment feature, ...
JonnyTischbein's user avatar
2 votes
0 answers
815 views

I can't access port externally. What can I do?

(Ubuntu 20.04) I have ufw disabled, and I can't seem to access my game server externally with the public IP and port (1848). I can however, connect locally, just not externally. When I run: netstat -...
user2616079's user avatar
2 votes
0 answers
2k views

Node.js server only accessible from localhost

I have an app that is supposed to obtain a string from a server that runs at the local address 192.168.10.10. The server is a simple nodejs script that looks like this: var http = require('http'); ...
Green's user avatar
  • 21
2 votes
0 answers
3k views

How to mirror traffic on one interface to another?

I'm basically trying to implement a tap-interface on wlan0 interface (Ubuntu 18.04), i.e., mirror every packet going through wlan0 (incoming and outgoing) to another interface (tap0). I've got tap0 up ...
Redford Dirk's user avatar
2 votes
0 answers
8k views

getting error problem running iptables when checking ufw status

when I check ufw status on ubuntu I get the following error. ufw status [sudo] password for rock: ERROR: problem running iptables: iptables v1.6.1: can't initialize iptables table `filter': Table ...
Ciasto piekarz's user avatar
2 votes
0 answers
131 views

block flow with iptables

To block packets containing some string we use the following iptables rule: iptables -I FORWARD 1 -p tcp --dport 80 -m string --string anypattern --algo bm -j DROP This will block the packet ...
Mohamed KALLEL's user avatar
2 votes
1 answer
3k views

systemd-resolved iptables rules

Before systemd-resolved my iptables rules for DNS were DNS_SERVER="8.8.8.8 8.8.4.4" echo "Set default INPUT policy to 'DROP'" $IPT -P INPUT DROP for ip in $DNS_SERVER do echo "Allowing DNS ...
Kickaha's user avatar
  • 159
2 votes
0 answers
5k views

How to load nf_conntrack and nf_nat_masquerade modules in kernel HWE?

I have some iptables rules that require the nf_conntrack and nf_nat_masquerade modules, however these are not available in the HWE kernel (Ubuntu 18.04.3 x64). Note: They are only available in ...
pcr's user avatar
  • 21
2 votes
0 answers
2k views

UFW rules allow traffic, but iptable blocks it

I've just learned that my default Ubuntu 18.04 VM comes with UFW. According to the Ubuntu Wiki, UFW: is a frontend for iptables and is particularly well-suited for host-based firewalls. Upon ...
mthmulders's user avatar
2 votes
1 answer
44 views

Printing out from a file

I have a file which contains the following details after doing an nmap scan: Host: 45.310.302.11 (li982-11.members.ionic.com) Ports: 21/closed/tcp//ftp///, 22/open/tcp//ssh//OpenSSH 5.3 (protocol ...
davidchigbo's user avatar
2 votes
0 answers
3k views

How to enable IPTABLES tracing on ubuntu 18.04 server

Ive found this simple straightforward way to trace what Iptables is doing on my kubernetes/calico cluster https://www.opsist.com/blog/2015/08/11/how-do-i-see-what-iptables-is-doing.html Nor ipt_LOG, ...
Alexandre Hadjinlian Guerra's user avatar
2 votes
0 answers
4k views

Are UFW IP groups possible?

I have a giant list of IP addresses I need to manage incoming access for. They are also constantly changing. Is there a way to create a group of IP addresses/ranges for a firewall rule? That way, ...
Chemdream's user avatar
  • 153
2 votes
0 answers
601 views

How do you make an Ethernet network interface silent on layer 2 and above?

I would like to be able to make a single Ethernet interface on Ubuntu 18.04 silent and receive only. No traffic out at layer 2 or above, no responses to traffic inbound. I have initially tried the ...
Cybergibbons's user avatar

1
2 3 4 5
12