09-10-2010
IPtable rule help need
Hi,
I need to configure iptable such that whatever request comes to 192.168.0.4 needs to forwarded to 192.168.0.50 and only port 80 and 443 needs to be forwarded others need to be blocked....
Thanks gr8 forum
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
Is het possible to block everyone (all IP addresses) except a given (white)list? How can I do this?
Regards,
Kevin (2 Replies)
Discussion started by: kever
2 Replies
2. IP Networking
Hi Am trying to check the service of iptables using
/etc/init.d/iptables status
but I am not even getting this file.
# /etc/init.d/iptables status
-bash: /etc/init.d/iptables: No such file or directory
#
I tried to check whether iptables rpm is installed or not, and it is... (2 Replies)
Discussion started by: mangeshpardhi
2 Replies
3. UNIX for Advanced & Expert Users
Hello,
I have implimented a dansguardian system using dansguardian and privoxy. I borrowed a script from Ubuntu CE that makes it where a firewall program like firehol is not needed and it doesn't need a reconfigure of the proxy settings in browsers to be changed. I really like it that way. All... (7 Replies)
Discussion started by: Narnie
7 Replies
4. Red Hat
Hi,
We have a router and devices for testing. We route devices with below command
iptables -t nat -A PREROUTING -p tcp -d 0/0 --dport 80 -s 10.111.111.22 -j DNAT --to-destination 10.13.0.16:3128
where 10.111.111.22 is device IP. and 10.13.0.16 is our Linux box machine.
Likewise we... (4 Replies)
Discussion started by: Dhruvak
4 Replies
5. Ubuntu
Hi,
I have the doubt which involved following configuration.
comp1<--->main<--->comp2
Comp1 sends icmp packet to main. Main takes that packet and changes destination address to comp2 and source address to it own.
I can capture the packet send from comp1 to main using netfilter. I can see the... (0 Replies)
Discussion started by: arsipk
0 Replies
6. Red Hat
Hi Gurus,
I am facing an issue with firewalls on one of my Linux Box.
Issue : Port 8001 looks open to me and there is a weblogic process running on it
netstat -alnp | grep 8001
tcp 0 0 ::ffff:3.20.247.165:8001 :::* LISTEN 28768/java
lsof -ni... (5 Replies)
Discussion started by: rama krishna
5 Replies
7. Ubuntu
hello,
first of all i am new to unix so maybe my problem is very easy for many of you but is very important to me.
So the idea is that i want to use a ubuntu 10.4 machine as a router from eth0 to eth1.
but the traffic routing is nor working properly
i configured the 2 interfaces to be... (2 Replies)
Discussion started by: florin.bv
2 Replies
8. Red Hat
Hi,
How can I config iptables to allow port forwarding from one WAN interface to second lan interface .
In my system I have one wan interface 61.93.204.56 (eth0),and lan interface 10.2.1.52(eth1)
I want to make port forward port no 22 from 61.93.204.56 to
port 22 , 10.2.1.52 , tcp and udp... (1 Reply)
Discussion started by: chuikingman
1 Replies
9. UNIX for Advanced & Expert Users
Hello,
I have a routeur linksys (192.168.1.1 ) a firewall (192.168.1.55 IN ----> 192.168.2.254 OUT) which using iptable
I want to acces to an equipment (lorex video camera serveur 192.168.2.44) which using an ddns service on the port 9000
So i don t know which redirection a will do on the... (2 Replies)
Discussion started by: tapharule
2 Replies
10. Proxy Server
Hi there,
I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)
NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)
NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)