My server is behind a firewall that does a PAT & NAT to the LAN address.
I want to allow a set of IPs are to be able to SSH & DROP all other traffic. The question where I got confused is my destination address
Packet from computer on Internet:
Packet seen by server behind firewall:
Q1) Now, how do I write my IPtables ruleset, if the host is not able to see the actual source of the traffic?
Q2) I also want to block any SSH from within 10.0.0.0/subnet as it will be a colo facility & other servers share LAN addresses.
Greetings to all.
My new firewall is giving me one hell of a problem.
I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.
I've come to the conclusion that NAT is... (2 Replies)
Hello Guys,
I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface:
cat/etc/network/interfaces
auto... (0 Replies)
Hi Experts;
I want to find the right iptables commands combination to address the following need:
- NEs are NATed thru the linux box (using iptables) towards the WAN cloud, where the NTP servers are situated.
- In order to achieve redundancy, the NTP Servers are in a load balancing cluster... (0 Replies)
Hello, the Nat and the forward worked on my debian server up to the reboot of machines.
The following rules*:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Good morning,
I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to... (0 Replies)
Hello, please can you help and explain me.
I have two servers. Both are RHEL6.
I use the first one like router and the second one for apache.
Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Hi all,
I have a following situation:
- I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it:
/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12
--dport 1500 -j DNAT --to-destination 192.168.10.20:2000
... (3 Replies)
Hello,
Recently I discovered an issue with packet routing in the latest Android releases (4.4+ KitKat & Lollipop).
It seems that the problem Android specific, but essentially it comes from the Linux kernel.
I already filed a bug report to Google. You can see the details by searching for... (0 Replies)
Hi guys
I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it).
I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies
LEARN ABOUT SUSE
irsend
IRSEND(1) FSF IRSEND(1)NAME
irsend - basic LIRC program to send infra-red commands
SYNOPSIS
irsend [options] DIRECTIVE REMOTE CODE [CODE...]
DESCRIPTION
Asks the lircd daemon to send one or more CIR (Consumer Infra-Red) commands. This is intended for remote control of electronic devices such
as TV boxes, HiFi sets, etc.
DIRECTIVE can be:
SEND_ONCE - send CODE [CODE ...] once
SEND_START - start repeating CODE
SEND_STOP - stop repeating CODE
LIST - list configured remote items
SET_TRANSMITTERS - set transmitters NUM [NUM ...]
SIMULATE - simulate IR event
REMOTE is the name of a remote, as described in the lircd configuration file.
CODE is the name of a remote control key of REMOTE, as it appears in the lircd configuration file.
NUM is the transmitter number of the hardware device.
For the LIST DIRECTIVE, REMOTE and/or CODE can be empty:
LIST "" "" - list all configured remote names
LIST REMOTE "" - list all codes of REMOTE
LIST REMOTE CODE - list only CODE of REMOTE
The SIMULATE command only works if it has been explicitly enabled in lircd.
-h --help
display usage summary
-v --version
display version
-d --device
use given lircd socket [/var/run/lirc/lircd]
-a --address=host[:port]
connect to lircd at this address
-# --count=n
send command n times
EXAMPLES
irsend LIST DenonTuner ""
irsend SEND_ONCE DenonTuner PROG-SCAN
irsend SEND_ONCE OnkyoAmpli VOL-UP VOL-UP VOL-UP VOL-UP
irsend SEND_START OnkyoAmpli VOL-DOWN ; sleep 3
irsend SEND_STOP OnkyoAmpli VOL-DOWN
irsend SET_TRANSMITTERS 1
irsend SET_TRANSMITTERS 1 3 4
irsend SIMULATE "0000000000000476 00 OK TECHNISAT_ST3004S"
FILES
/etc/lirc/lircd.conf
Default lircd configuration file. It should contain all the remotes, their infra-red codes and the corresponding timing and wave-
form details.
DIAGNOSTICS
If lircd is not running (or /var/run/lirc/lircd lacks write permissions) irsend aborts with the following diagnostics:
"irsend: could not connect to socket"
"irsend: Connection refused" (or "Permission denied").
SEE ALSO
The documentation for lirc is maintained as html pages. They are located under html/ in the documentation directory.
lircd(8), mode2(1), smode2(1), xmode2(1), irrecord(1), irw(1), http://www.lirc.org.
irsend 0.8.7pre1 May 2010 IRSEND(1)