Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables in a NAT scenario
Special Forums Cybersecurity iptables in a NAT scenario Post 302808751 by capri_guy84 on Friday 17th of May 2013 12:16:31 PM
Old 05-17-2013
iptables in a NAT scenario
Hi, I am learning IPTables have this question.

My server is behind a firewall that does a PAT & NAT to the LAN address.
Code:
Internet IP: 68.1.1.23
Port: 10022

Server LAN IP: 10.1.1.23
port: 22

Allowed Internet IPs:  131.1.1.23, 132.1.1.23

I want to allow a set of IPs are to be able to SSH & DROP all other traffic. The question where I got confused is my destination address

Packet from computer on Internet:
Code:
Source IP: 131.1.1.23            sourceport:<random>
Destination IP: 68.1.1.23        destinationport: 10022

Packet seen by server behind firewall:
Code:
source IP: 68.1.1.23   sourceport: 2522
destinatation IP: 10.1.1.23   destinationport: 22

Q1) Now, how do I write my IPtables ruleset, if the host is not able to see the actual source of the traffic?

Q2) I also want to block any SSH from within 10.0.0.0/subnet as it will be a colo facility & other servers share LAN addresses.
 

10 More Discussions You Might Find Interesting

1. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

2. UNIX for Advanced & Expert Users

iptables internal NAT with two public IP

Hello Guys, I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface: cat/etc/network/interfaces auto... (0 Replies)
Discussion started by: sincity2006
0 Replies

3. IP Networking

How to configure Full Cone NAT using iptables ?

Hi Experts; I want to find the right iptables commands combination to address the following need: - NEs are NATed thru the linux box (using iptables) towards the WAN cloud, where the NTP servers are situated. - In order to achieve redundancy, the NTP Servers are in a load balancing cluster... (0 Replies)
Discussion started by: lvl1s7a
0 Replies

4. Debian

Iptables Nat forward port 29070

Hello, the Nat and the forward worked on my debian server up to the reboot of machines. The following rules*: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070 /sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Discussion started by: titoms
0 Replies

5. IP Networking

iptables NAT prerouting & postrouting

Good morning, I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to... (0 Replies)
Discussion started by: giac85
0 Replies

6. Red Hat

NAT Loopback and iptables

Hello, please can you help and explain me. I have two servers. Both are RHEL6. I use the first one like router and the second one for apache. Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies

7. IP Networking

Nat and packet limits with iptables

Hi all, I have a following situation: - I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it: /usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12 --dport 1500 -j DNAT --to-destination 192.168.10.20:2000 ... (3 Replies)
Discussion started by: ahmerin
3 Replies

8. IP Networking

Debugging NAT / prerouting issues (iptables)

Hello, Recently I discovered an issue with packet routing in the latest Android releases (4.4+ KitKat & Lollipop). It seems that the problem Android specific, but essentially it comes from the Linux kernel. I already filed a bug report to Google. You can see the details by searching for... (0 Replies)
Discussion started by: Vladislav
0 Replies

9. IP Networking

NAT via iptables - Won't work!!

Hi guys I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it). I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
Discussion started by: alirezan1
1 Replies

10. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

LEARN ABOUT CENTOS

locale::codes::langext

Locale::Codes::LangExt(3)				User Contributed Perl Documentation				 Locale::Codes::LangExt(3)

NAME

       Locale::Codes::LangExt - standard codes for language extension identification

SYNOPSIS

	  use Locale::Codes::LangExt;

	  $lext = code2langext('acm');		       # $lext gets 'Mesopotamian Arabic'
	  $code = langext2code('Mesopotamian Arabic'); # $code gets 'acm'

	  @codes   = all_langext_codes();
	  @names   = all_langext_names();

DESCRIPTION

       The "Locale::Codes::LangExt" module provides access to standard codes used for identifying language extensions, such as those as defined in
       the IANA language registry.

       Most of the routines take an optional additional argument which specifies the code set to use. If not specified, the default IANA language
       registry codes will be used.

SUPPORTED CODE SETS

       There are several different code sets you can use for identifying language extensions. A code set may be specified using either a name, or
       a constant that is automatically exported by this module.

       For example, the two are equivalent:

	  $lext = code2langext('acm','alpha');
	  $lext = code2langext('acm',LOCALE_LANGEXT_ALPHA);

       The codesets currently supported are:

       alpha
	   This is the set of three-letter (lowercase) codes from the IANA language registry, such as 'acm' for Mesopotamian Arabic.

	   This is the default code set.

ROUTINES

       code2langext ( CODE [,CODESET] )
       langext2code ( NAME [,CODESET] )
       langext_code2code ( CODE ,CODESET ,CODESET2 )
       all_langext_codes ( [CODESET] )
       all_langext_names ( [CODESET] )
       Locale::Codes::LangExt::rename_langext  ( CODE ,NEW_NAME [,CODESET] )
       Locale::Codes::LangExt::add_langext  ( CODE ,NAME [,CODESET] )
       Locale::Codes::LangExt::delete_langext  ( CODE [,CODESET] )
       Locale::Codes::LangExt::add_langext_alias  ( NAME ,NEW_NAME )
       Locale::Codes::LangExt::delete_langext_alias  ( NAME )
       Locale::Codes::LangExt::rename_langext_code  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangExt::add_langext_code_alias  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangExt::delete_langext_code_alias  ( CODE [,CODESET] )
	   These routines are all documented in the Locale::Codes::API man page.

SEE ALSO

       Locale::Codes
	   The Locale-Codes distribution.

       Locale::Codes::API
	   The list of functions supported by this module.

       http://www.iana.org/assignments/language-subtag-registry
	   The IANA language subtag registry.

AUTHOR

       See Locale::Codes for full author history.

       Currently maintained by Sullivan Beck (sbeck@cpan.org).

COPYRIGHT

	  Copyright (c) 2011-2013 Sullivan Beck

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.16.3							    2013-02-27						 Locale::Codes::LangExt(3)
All times are GMT -4. The time now is 01:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy