Questions tagged [iptables]
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.
553
questions with no upvoted or accepted answers
9
votes
1
answer
4k
views
Using UFW with ipsets
I am running Ubuntu 14.04 on a VPS for business purposes. The firewall is setup using ufw; testing reveals that it's working well. I'd like to further secure my server using techniques described ...
- 191
5
votes
3
answers
5k
views
Restrict Deluge to tun0 only but allow Deluge Web UI over eth0
After many searches I have been able to restrict deluge network traffic to only the VPN interface tun0 using the following command:
sudo iptables -A OUTPUT -m owner --uid-owner deluge \! -o tun0 -j ...
- 51
5
votes
0
answers
1k
views
How do I share my wlan0 internet connection to eth0 using command line and config files?
I understand how it is done using the GUI (1, 2, 3), but I need to do MANUALLY using linux command (iptables, ebtables ...).
I have been struggling with this for days, and I can seem to get it right.
...
- 283
4
votes
0
answers
670
views
UFW status is getting problem running iptables
I want to use UFW (version 0.36) but I get this error when running ufw status:
ERROR: problem running iptables: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?...
- 41
4
votes
0
answers
535
views
IPv6 is disabled, but netfilter-persistent complains with `ip6tables-save v1.6.1: Cannot initialize: Address family not supported by protocol`
I've disabled IPv6 on a set of Docker nodes following the instructions from Disabling IPv6 in Ubuntu Server 18.04. However, netfilter-persistent is still complaining about IPv6:
root@docker10:~# ...
- 4,196
4
votes
0
answers
2k
views
Completely disable IPTables
I have been playing around with switching to nftables (purely as a learning exercise). I have it all working perfectly except for the fact I have to manually unload iptable_nat from the kernel after a ...
- 171
4
votes
0
answers
862
views
Enable packet routing from network interface eth0 to bridge interface
I have a Ubuntu server connect to LAN 10.1.200.21/24 (bond0), and an Macbook connect to LAN 10.1.200.50/24 (eno1)
There are another bridge create by brctl addbr br0 in Ubuntu 10.3.100.1/24, and there ...
- 41
4
votes
0
answers
1k
views
Help creating a Network Namespace to run a VPN
My intention is to setup a Network Namespace which will have a VPN running in it. I plan on having certain applications configured to start in that Namespace to be behind the VPN. Anything not ...
- 141
4
votes
0
answers
395
views
How to get Docker images to use my transparent/intercept squid on the host without touching Docker images?
I have a squid instance running on my server which is connected to 192.168.178.0/24 through eth0 with 192.168.178.26 and serves as gateway for the LAN 192.168.179.0/24 through p18p1 with 192.168.179.1....
- 6,260
4
votes
1
answer
3k
views
Docker Transparent Squid Proxy
I am trying to run a squid3 transparent proxy in a docker image, on my laptop. Then on the same laptop I want to use the transparent proxy. The reason for the proxy is to abstract a corporate proxy ...
- 41
4
votes
1
answer
61
views
Is there an iteractive firewall extension available for Ubuntu?
Every time something on my computer tries to contact an external host or an external host tries to contact my computer I would like to be asked if I authorize this and if I would like to create a rule ...
- 57.5k
4
votes
0
answers
364
views
How do I find which OS layer (iptables, rp_filter, etc) is dropping a packet?
Let's say that I'm running a ping towards a machine and I see from tcpdump that the icmp echo reply is being received at the ethernet port but the ping program is not getting it.
So I know that ...
- 741
4
votes
0
answers
5k
views
Webmin Port Forwarding
I have not been able to figure this out at all.
I have 1 Lan IP address and 5 external static IPs:
eth0: 10.0.0.1 - internal lan ip and router IP.
eth1: xx.xx.xx.217 - external
eth2: xx.xx.xx.218 - ...
3
votes
3
answers
316
views
Having issues locking down public server with iptables
I'm rather new to Ubuntu. I'm trying to lock it down to where I have complete access to it from my ip address and everyone else only has access to port 80 and 443.
To better understand it, I put my ...
- 521
3
votes
0
answers
5k
views
How to check if ip forwarding is enabled
i have 2 vps services from 2 diffrent providers and i want to use iptables for prerouting .
i can do it easily on one but cant do it on the other one , i almost read all articles and tried them but ...
- 31
3
votes
2
answers
1k
views
Can someone explain interactions between iptables, nftables and bpf?
I'm on Ubuntu 20.10 trying to do some routing config for my virtual network, and I'm confused about the interactions between the 3 main types of firewall technology used in modern Linux distros, ...
- 1,286
3
votes
0
answers
185
views
Webpage can not get access from the world!
I have installed a fresh Apache with a fresh Ubuntu server. I did not make any changes to my server yet. The default Apache website is visible from other PCs inside the private network.
The ports 80 ...
- 31
3
votes
0
answers
5k
views
how to properly install and configure stubby on a ubuntu server
This is what I have done, according to this instructive: Protect Your DNS Privacy on Ubuntu 18.04/20.04 with DNS over TLS, but it does not work in my localnet. What am I missing?
Install stubby on ...
- 2,210
3
votes
0
answers
5k
views
Getting Error trying to install install ufw on a freshly installes ubuntu 16.04
On a fresh Ubuntu 16.04 LTS install after installing nginx, php, mysql I was trying to install ufw.
First, when I tried to allow Port 22/OpenSSH I came across an iptables error.
ERROR: initcaps
[...
- 131
3
votes
0
answers
6k
views
OPENVPN: MULTI: bad source address from client
I struggled this problem for two days, but the problem is still here. Hope someone can provide suggestion or the way how to diagnose it.
What i want is let all client visit Internet over the OpenVPN ...
- 291
3
votes
0
answers
924
views
Iptables Rules for Ubuntu 16.04 based Firewall
I am trying to set iptables rules in my server to use it as Ubuntu 16.04 based Firewall. I have fair knowledge in Ubuntu. I did some search in Ubuntu help site and in Askubuntu. I came up with the ...
- 31
3
votes
0
answers
1k
views
Why are NAT&Kernel IP Forwarding not working?
I'm trying to forward all traffic from tun0 to eth0,below is my interfaces:
eth0 Link encap:Ethernet HWaddr 12:57:6e:6a:74:85
inet addr:172.31.32.133 Bcast:172.31.47.255 Mask:255.255....
- 31
3
votes
0
answers
434
views
What is UFW's approach towards rules order for overlapping rules?
I need to enable UFW in my Ubuntu 14.04 Server having these conditions:
- I want to deny all incoming and outgoing on all ports (and protocols) but:
- I want to allow all incoming and outgoing on a ...
- 41
3
votes
0
answers
331
views
VirtualBox, Ubuntu clients, internal network proxy to supply internet
Probably this question was asked many times, but I seem to be unable to find proper solution.
Here is my setup:
Two virtual machines(Ubuntu 12.04) M1 and M2.
M1 has 2 network adapters: eth0 set to ...
- 31
3
votes
2
answers
7k
views
How do I whitelist some connections by ip from being dropped by connlimit?
I'm using these rules in /etc/ufw/before.rules
# Limit to 20 concurrent connections on port 80 per IP
-A ufw-before-input -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j DROP
-A ufw-...
3
votes
1
answer
589
views
WAN access problem
I was desperately trying to set up my system as an externally accessible machine in the past 4 days without luck. Must say , it was a great journey so far, learned a lot about linux networking in ...
- 27
2
votes
1
answer
543
views
Fail2Ban bans, iptables lists the block but connection is still not blocked
I am using Ubuntu 22.04 LTS and I am trying to prevent repeated connection attempts to our mail server using fail2ban. Fail2ban creates a proper entry in the iptables configuration, but the related IP ...
- 123
2
votes
1
answer
293
views
How to tunnel all the traffic for one interface through another interface
I have two working interfaces on my ubuntu machine:
tun0 - OpenVPN server with the internal address of: 10.8.0.0/24
wg0 - WireGuard peer interface with the internal address of: 10.7.0.0/24 which is ...
- 21
2
votes
0
answers
320
views
redirect cloudflare port to my custom port in Ubuntu server
I use port 32147 on my server for tls packet, but because this port is not supported in the domain that is connected to the Cloudflare proxy, so i use one of the ports supported by Cloudflare (for ...
- 121
2
votes
0
answers
198
views
iptabels firewall rules for INPUT while Tor traffic on lubuntu 22.04 LTS
i do have lubuntu 22.04 LTS and TOR daemon with the torrc config
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 9053
and iptables rules
#exclude locals
TOR_EXCLUDE=&...
- 21
2
votes
1
answer
3k
views
iptables - Port forwarding with keeping source IP
I have a Ubuntu Server with two interfaces: enp1s0 and ham0 (private network). In interface ham0 my IP-address is 25.70.228.164. Another machine in this network has IP-address 25.11.1.253. I tried to ...
- 127
2
votes
0
answers
2k
views
Open server port 80 and redirect to container IP
I'm not an heavy user of unix based systems. And I have some trouble opening a server's port (80) to the public and redirect it to a running container.
So basically, I have a running container on a ...
- 71
2
votes
2
answers
6k
views
How to open port to outside world?
I have a remote server with an IP - 111.222.333.444
I want to run an http server on that machine, that runs on localhost:8000
How can I make requests to 111.222.333.444:6000 from outside, from my hope ...
- 21
2
votes
0
answers
905
views
How to complete MASQUERADE with NetPlan?
I'm an Ubuntu newbie, I'm going to use Ubuntu to set up a KVM virtual machine, I only have a public IP, I know how to configure it in ifupdown, but I want to configure it in NetPlan.
My configuration ...
- 21
2
votes
0
answers
6k
views
How to upgrade iptables version with apt
My iptables version is v1.6.1. How can I upgrade it?
I tried:
root@ubuntu:~# apt update iptables
E: The update command takes no arguments
root@ubuntu:~#b apt upgrade iptables
Reading package lists... ...
- 153
2
votes
0
answers
1k
views
ufw block error seen in journalctl -xe command
I'm newbie in networking and system security. I am trying to create openconnect server which tutorial is found in this link. I have also seen the similar issues like this one, but they don't make ...
- 241
2
votes
0
answers
1k
views
Port forwarding In Ubuntu 20.04 with minikube
I'm trying to use minikube in my server. I've finished setting about kubernetes and I can get access to 192.168.49.2 which I got from minikube ip in server ssh (curl).
Let's say my server's public ip ...
- 21
2
votes
1
answer
693
views
Show UFW comment in IPTABLES
I started to use ufw for easier maintaince.
For my telegraf plugin the iptables entry needs to have a comment added with -m comment --comment "myComment".
UFW does have a comment feature, ...
- 628
2
votes
0
answers
815
views
I can't access port externally. What can I do?
(Ubuntu 20.04)
I have ufw disabled, and I can't seem to access my game server externally with the public IP and port (1848). I can however, connect locally, just not externally.
When I run: netstat -...
- 103
2
votes
0
answers
2k
views
Node.js server only accessible from localhost
I have an app that is supposed to obtain a string from a server that runs at the local address 192.168.10.10.
The server is a simple nodejs script that looks like this:
var http = require('http');
...
- 21
2
votes
0
answers
3k
views
How to mirror traffic on one interface to another?
I'm basically trying to implement a tap-interface on wlan0 interface (Ubuntu 18.04), i.e., mirror every packet going through wlan0 (incoming and outgoing) to another interface (tap0).
I've got tap0 up ...
- 21
2
votes
0
answers
8k
views
getting error problem running iptables when checking ufw status
when I check ufw status on ubuntu I get the following error.
ufw status
[sudo] password for rock:
ERROR: problem running iptables: iptables v1.6.1: can't initialize iptables table `filter': Table ...
- 363
2
votes
0
answers
131
views
block flow with iptables
To block packets containing some string we use the following iptables rule:
iptables -I FORWARD 1 -p tcp --dport 80 -m string --string anypattern --algo bm -j DROP
This will block the packet ...
- 507
2
votes
1
answer
3k
views
systemd-resolved iptables rules
Before systemd-resolved my iptables rules for DNS were
DNS_SERVER="8.8.8.8 8.8.4.4"
echo "Set default INPUT policy to 'DROP'"
$IPT -P INPUT DROP
for ip in $DNS_SERVER
do
echo "Allowing DNS ...
- 159
2
votes
0
answers
5k
views
How to load nf_conntrack and nf_nat_masquerade modules in kernel HWE?
I have some iptables rules that require the nf_conntrack and nf_nat_masquerade modules, however these are not available in the HWE kernel (Ubuntu 18.04.3 x64).
Note: They are only available in ...
- 21
2
votes
0
answers
2k
views
UFW rules allow traffic, but iptable blocks it
I've just learned that my default Ubuntu 18.04 VM comes with UFW. According to the Ubuntu Wiki, UFW:
is a frontend for iptables and is particularly well-suited for host-based firewalls.
Upon ...
- 121
2
votes
1
answer
44
views
Printing out from a file
I have a file which contains the following details after doing an nmap scan:
Host: 45.310.302.11 (li982-11.members.ionic.com)
Ports: 21/closed/tcp//ftp///, 22/open/tcp//ssh//OpenSSH 5.3 (protocol ...
- 21
2
votes
0
answers
3k
views
How to enable IPTABLES tracing on ubuntu 18.04 server
Ive found this simple straightforward way to trace what Iptables is doing on my kubernetes/calico cluster
https://www.opsist.com/blog/2015/08/11/how-do-i-see-what-iptables-is-doing.html
Nor ipt_LOG, ...
2
votes
0
answers
4k
views
Are UFW IP groups possible?
I have a giant list of IP addresses I need to manage incoming access for. They are also constantly changing.
Is there a way to create a group of IP addresses/ranges for a firewall rule?
That way, ...
- 153
2
votes
0
answers
601
views
How do you make an Ethernet network interface silent on layer 2 and above?
I would like to be able to make a single Ethernet interface on Ubuntu 18.04 silent and receive only. No traffic out at layer 2 or above, no responses to traffic inbound.
I have initially tried the ...
- 121