天道酬勤,学无止境

iptables

iptables:在不同的接口和端口上转发请求(Iptables: forward request on different interfaces and port)

问题 我有一台有 2 个接口的机器: eth0 inet addr:1.1.1.1 eth1 inet addr:2.2.2.2 eth0 是服务器,eth1 是虚拟机上的网络。 我在服务器上有 ssh,所以 1.1.1.1:22 很忙。 我需要一个规则来将 eth0 端口 6000 上的传入连接重定向到端口 22(虚拟机 ip)上的 eth1、ip 2.2.2.100。 在这种模式下,如果我这样做,在外部机器上, ssh -p 6000 root@1.1.1.1 我会在虚拟机上登录。 我试过这个规则,但没有用: sudo iptables -P FORWARD ACCEPT sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 6000 -j DNAT --to 2.2.2.100:22 回答1 好吧,这种情况下有大约 100 万个脚本/教程/东西,但是如果有人从 google 登陆这里,则是这样的: iptables -I FORWARD -d 2.2.2.2 -m comment --comment "Accept to forward ssh traffic" -m tcp -p tcp --dport 22 -j ACCEPT iptables -I FORWARD -m comment --comment

2021-06-09 12:59:38    分类:技术分享    iptables   portforwarding

How to write specific iptables rules using python-iptables

I am trying to use python-iptables to write a script to set certain rules. I figured out how to set rules to allow all and deny all, but I need to figure out how to write a rule to allow established connections. For example I need to write the following rules using python-iptables: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT If anyone has firsthand knowledge or knows a good resource for writing the above or similar rules I would greatly appreciate it. Thanks in advance! Here's the finished product. I

2021-06-05 03:49:44    分类:问答    python   iptables

iptables FORWARD 和 INPUT(iptables FORWARD and INPUT)

问题 我有一个带有 Linux pc 的家庭网络,所有这些网络都在运行 iptables。 我认为将我的 LAN 放在 Linux 网关/防火墙后面更容易,所以我在我的路由器和 LAN 之间放置了一台电脑(带 Fedora,没有 gui)并配置了 iptables。 这里没问题,INPUT 只允许 dns 和 http(和一些本地的东西),转发工作正常:局域网连接到互联网。 但我的问题是:FORWARD 是否允许所有来自外部的端口,或者仅允许我配置为 INPUT 的端口? FORWARD 和 INPUT 是一起工作还是分开? 这是我的 iptables: *nat :PREROUTING ACCEPT [16:1336] :INPUT ACCEPT [14:840] :OUTPUT ACCEPT [30:2116] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o p1p1 -j MASQUERADE COMMIT # Completed on Tue Oct 16 09:55:31 2012 # Generated by iptables-save v1.4.14 on Tue Oct 16 09:55:31 2012 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT

2021-06-04 15:49:03    分类:技术分享    linux   input   iptables   forwarding

Remote debugging - how to create a port proxy?

I'm trying to access remote debugging port running on box A (Debian) from box B (Windows). On box A I'm running Chrome with --remote-debugging-port=9222 flag and I can see that it works correctly (I can access localhost:9222 from another browser on A). Also, I'm sure that boxes A and B are connected because I can access :80 (apache) running on box A from box B just fine. Thing I need to do now is to allow box B access :9222 on box A. I've done research on port forwarding and iptables rules but I failed to make it work. EDIT Machine B is Windows so I'm not sure how to use ssh there, I found an

2021-06-03 03:29:44    分类:问答    google-chrome   remote-debugging   google-chrome-devtools   iptables   portforwarding

How to log all incoming packets

I tried a prerouting rule to redirect incoming packets to a internal virtual IP address. How can I log an incoming packet before it gets redirected? iptables -t nat -A PREROUTING -d 46.X.XX.XX -s 78.XX.XX.XX -p tcp --dport 80 --sport 1024: -j DNAT --to-destination 192.168.122.10:8080 The following rules didn't work. iptables -t nat -A PREROUTING -d 0/0 -s 0/0 -p tcp -j LOG --log-level 4 iptables -t nat -I PREROUTING -d 0/0 -s 0/0 -p tcp -j LOG --log-level 4

2021-06-02 16:42:08    分类:问答    iptables   packets

Forwarding traffic from 80 to 8080 [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago. Improve this question I have tomcat installed with puppet. It runs on standard 8080 port. The tomcat process is started as tomcat user. I'd like to redirect all traffic from port 80 to 8080. My iptables settings look as follows: Nat: # iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere multiport dports http /* 099

2021-06-02 15:27:26    分类:问答    tomcat   iptables

如何在 linux 中使用 iptables 将 http 和 https 流量转发到透明代理 [关闭](How to use iptables in linux to forward http and https traffic to a transparent proxy [closed])

问题 关闭。 此问题不符合 Stack Overflow 准则。 它目前不接受答案。 想改善这个问题吗? 更新问题,使其成为 Stack Overflow 的主题。 5年前关闭。 改进这个问题 我有一个 Ubuntu linux 系统作为网关系统,上面有两个接口。 一个接口用于本地网络,一个接口用于互联网。 我可以毫无问题地通过它路由流量。 我使用两个iptables规则来转发来自内部接口的出站流量: iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT 我现在需要创建一个iptables规则来过滤和重定向所有通过eth1接口离开我的网络的 tcp 端口 80 和 443 流量,并将其发送到驻留在 tcp 端口 9090 上的环回接口上的代理服务器。 我一直在搜索,但我一直无法找到一个有效的例子。 有没有一种有效的方法来做到这一点? 回答1 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 9090 HTTPS 不能与透明代理一起使用。 有一些黑客,但它没有任何意义,是无用的。 回答2

2021-06-02 11:12:36    分类:技术分享    linux   firewall   iptables   Gateway   transparentproxy

Restricting MySQL 3306 port with IPTABLES

How to block mysql port 3306 for everybody, but allow it for a specific IP? This is what I currently do: iptables -I INPUT 1 -p tcp --dport 3306 -j ACCEPT

2021-06-02 10:56:10    分类:问答    mysql   security   centos   firewall   iptables

Dynamic listening ports inside Docker container

I have an application which after making some connections using its default ports starts opening(listening) new RANDOM ports to handle just the existing connection and then drops them (Video calls). It also exchanges its IP address and ports inside the communication protocol, I was able to solve the IP address issue, but still not able to find a way to dynamically tell IPTABLES of the host machine to open same ports when they are being opened inside Docker container, anybody has any ideas?

2021-06-02 10:26:44    分类:问答    linux   docker   iptables

Linux Bash:设置iptables规则以允许主动和被动FTP(Linux Bash: Setting iptables rules to allow both active and passive FTP)

问题 我有一台安装了FTP服务器的PC。 我想设置iptables规则以允许主动和被动FTP。 我尝试了下面的代码,人们报告该代码正常运行,但似乎对我来说阻止了所有访问(不再加载页面等) #!/bin/bash IPT=/sbin/iptables $IPT -F $IPT -X $IPT -t nat -F $IPT -t nat -X $IPT -t mangle -F $IPT -t mangle -X /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp # Setting default filter policy $IPT -P INPUT DROP $IPT -P OUTPUT ACCEPT # Allow FTP connections @ port 21 $IPT -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT $IPT -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT # Allow Active FTP Connections $IPT -A INPUT -p tcp --sport 20 -m state --state

2021-06-02 06:33:44    分类:技术分享    linux   bash   ftp   iptables