天道酬勤,学无止境

iptables

Running docker container : iptables: No chain/target/match by that name

Question I'm trying to run a container but I get the following issue : Error response from daemon: Cannot start container b005715c40ea7d5821b15c44f5b7f902d4b39da7c83468f3e5d7c042e5fe3fbd: iptables failed: iptables --wait -t filter -A DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.43 --dport 80 -j ACCEPT: iptables: No chain/target/match by that name. (exit status 1) Here is the command I use : docker run -d -p 10080:80 -v /srv/http/website/data:/srv/http/www/data -v /srv/http/website/logs:/srv/http/www/logs myimage Isn't opening port 80 on my server enough? Is there something I missed with

2021-06-22 09:14:27    分类:技术分享    docker   port   iptables

Converting subnet mask “/” notation to Cisco 0.0.0.0 standard

Question I've searched SO for help but could'nt find a answer to my question. Situation: I need to convert a "/NN" subnet mask notation (think IPTABLES) to a 0.0.0.0 cisco notation. NN are the number of "1" in the submask, from the lowest octet to the higher. Each octet are 8 bit integers. Possible solution: Make a array of 32 "0" and filling the last NN digits with "1", then group in 4 octets and converting to int... a /23 mask should be like 0.0.1.255. My question is how to do it in .NET... i never used binary manipulation and conversion. Can you guys help me with this solution? UPDATE -

2021-06-22 08:03:16    分类:技术分享    .net   mask   iptables   cisco   subnet

Docker ignores iptable rules when using “-p <port>:<port>”

Question Just realized a few days ago that Docker seems to bypass my iptable rules. I am not incredible experienced with Docker nor iptables. Tried a lot of different things the last days. Also saw that there was big change in recent docker versions with a special DOCKER-chain that should allow me to do that. However not sure what I am doing wrong but it never does what I expect it to do. So what I want is quite simple. I want that it behaves like expected. That if I have an ACCEPT-Rule to go through and if not it gets blocked. My iptable looked originally like that (so before my many

2021-06-22 02:44:43    分类:技术分享    docker   iptables

Packet mangling utilities besides iptables? [closed]

Question Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago. Improve this question I'm looking for a linux utility that can alter the payloads of network packets based on a set of rules. Ideally, I'd use iptables and the netfilter kernel module, but they don't support generic payload mangling: iptables will alter various header fields (addresses, ports, TOS, etc), and it can match arbitrary bytes within a packet, but it apparently is

2021-06-12 14:52:59    分类:技术分享    linux   networking   iptables   packet-mangling

Adding a rule in iptables in debian to open a new port

Question I am trying to open port 3306 in iptables in my Debian System to allow access to MySQL server. For which I entered this command: root@debian:/# sudo iptables -A INPUT -p tcp --dport 3306 ACCEPT root@debian:/# iptables-save I entered the new connection and it has been saved in iptables as I can see the new rule in iptables list genereted by iptables-save command. However, this debian system is running on a VM over Windows7 and I'm not able to telnet from Windows to this port. Not sure where I am supposed to check for the solution to this problem. Answer1 About your command line: root

2021-06-11 15:08:38    分类:技术分享    debian   iptables

Python port forwarding/multiplexing server

Question I would like to make server that listen on UDP port 162 (SNMP trap) and then forwards this traffic to multiple clients. Also important is that the source port & address stays same (address spoofing). I guess that best tool for this would be Twisted or Scapy or maybe vanilla sockets, only I can't find anything in the documentation for Twisted about source address spoofing/forging. Any solution for this? Edit:added bounty, mybe any solution with iptables? Answer1 I am not comfortable with twisted or scapy, but it's quite straightforward to do this with vanilla python sockets. An extra

2021-06-10 18:28:43    分类:技术分享    python   networking   iptables   packet-mangling

Gitlab with non-standard SSH port (on VM with Iptable forwarding)

Question My gitlab is on a virtual machine on a host server. I reach the VM with a non-standard SSH port (i.e. 766) which an iptable rule then forward from host:766 to vm:22. So when I create a new repo, the instruction to add a remote provide a mal-formed URL (as it doesn't use the 766 port. For instance, the web interface give me this: Malformed git remote add origin git@git.domain.com:group/project.git Instead of an URL containing :766/ before the group. Wellformed git remote add origin git@git.domain.com:766/group/project.git So it time I create a repo, I have to do the modification

2021-06-10 17:15:20    分类:技术分享    configuration   ssh   virtual-machine   iptables   gitlab

How can I check the hit count for each rule in iptables?

Question I want to know how can I find out which rule was accessed and how many times, from the access list I have created using iptables. My firewall has over 1000 input and output rules in iptbales; I want to find how many times each of them were accessed. For example, suppose I have the following rules: iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp

2021-06-10 11:20:45    分类:技术分享    linux   firewall   iptables

How does nfq_get_payload structure its return data?

Question Primarily, I'm trying to get the source address and dest port from the payload of a Netfilter queue payload (The payload is retrieved using the nfq_get_payload function). The following question asks the same thing and gets a correct answer: How to extract source and destination port number from packet in queue of iptables Unfortunately, there's no explanation as to why adding 20 and 22 to the address puts you in the right spot to read the info. I assume this is because of the structure of the data (obviously), but if there's a defined structure, what is it? The documentation doesn't

2021-06-10 01:17:18    分类:技术分享    c++   linux   network-programming   iptables   netfilter

Iptables: forward request on different interfaces and port

Question I have a machine with 2 interfaces: eth0 inet addr:1.1.1.1 eth1 inet addr:2.2.2.2 eth0 is a server, eth1 is the network on virtual machine. I have ssh on server, so 1.1.1.1:22 is busy. I need a rule for redirecting incoming connections on eth0 port 6000 to eth1, ip 2.2.2.100 on port 22 (virtual machine ip). In this mode if I did, on an external machine, ssh -p 6000 root@1.1.1.1 I would login on the virtual machine. I tried this rule but it didn't work: sudo iptables -P FORWARD ACCEPT sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 6000 -j DNAT --to 2.2.2.100:22 Answer1 Well

2021-06-09 12:59:38    分类:技术分享    iptables   portforwarding