Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables in a NAT scenario
Special Forums Cybersecurity iptables in a NAT scenario Post 302808751 by capri_guy84 on Friday 17th of May 2013 12:16:31 PM
Old 05-17-2013
iptables in a NAT scenario
Hi, I am learning IPTables have this question.

My server is behind a firewall that does a PAT & NAT to the LAN address.
Code:
Internet IP: 68.1.1.23
Port: 10022

Server LAN IP: 10.1.1.23
port: 22

Allowed Internet IPs:  131.1.1.23, 132.1.1.23

I want to allow a set of IPs are to be able to SSH & DROP all other traffic. The question where I got confused is my destination address

Packet from computer on Internet:
Code:
Source IP: 131.1.1.23            sourceport:<random>
Destination IP: 68.1.1.23        destinationport: 10022

Packet seen by server behind firewall:
Code:
source IP: 68.1.1.23   sourceport: 2522
destinatation IP: 10.1.1.23   destinationport: 22

Q1) Now, how do I write my IPtables ruleset, if the host is not able to see the actual source of the traffic?

Q2) I also want to block any SSH from within 10.0.0.0/subnet as it will be a colo facility & other servers share LAN addresses.
 

10 More Discussions You Might Find Interesting

1. IP Networking

Ftp'ing thru a Iptables NAT Masquerade

Greetings to all. My new firewall is giving me one hell of a problem. I'm running iptables and masquerading my intranet thru NAT. But here is the problem. Whenever I try to FTP to a server outside of my lan I get a 500 illegal port error. I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies

2. UNIX for Advanced & Expert Users

iptables internal NAT with two public IP

Hello Guys, I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface: cat/etc/network/interfaces auto... (0 Replies)
Discussion started by: sincity2006
0 Replies

3. IP Networking

How to configure Full Cone NAT using iptables ?

Hi Experts; I want to find the right iptables commands combination to address the following need: - NEs are NATed thru the linux box (using iptables) towards the WAN cloud, where the NTP servers are situated. - In order to achieve redundancy, the NTP Servers are in a load balancing cluster... (0 Replies)
Discussion started by: lvl1s7a
0 Replies

4. Debian

Iptables Nat forward port 29070

Hello, the Nat and the forward worked on my debian server up to the reboot of machines. The following rules*: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070 /sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Discussion started by: titoms
0 Replies

5. IP Networking

iptables NAT prerouting & postrouting

Good morning, I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to... (0 Replies)
Discussion started by: giac85
0 Replies

6. Red Hat

NAT Loopback and iptables

Hello, please can you help and explain me. I have two servers. Both are RHEL6. I use the first one like router and the second one for apache. Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies

7. IP Networking

Nat and packet limits with iptables

Hi all, I have a following situation: - I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it: /usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12 --dport 1500 -j DNAT --to-destination 192.168.10.20:2000 ... (3 Replies)
Discussion started by: ahmerin
3 Replies

8. IP Networking

Debugging NAT / prerouting issues (iptables)

Hello, Recently I discovered an issue with packet routing in the latest Android releases (4.4+ KitKat & Lollipop). It seems that the problem Android specific, but essentially it comes from the Linux kernel. I already filed a bug report to Google. You can see the details by searching for... (0 Replies)
Discussion started by: Vladislav
0 Replies

9. IP Networking

NAT via iptables - Won't work!!

Hi guys I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it). I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
Discussion started by: alirezan1
1 Replies

10. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

LEARN ABOUT OSX

locale::codes::langfam

Locale::Codes::LangFam(3pm)				 Perl Programmers Reference Guide			       Locale::Codes::LangFam(3pm)

NAME

       Locale::Codes::LangFam - standard codes for language extension identification

SYNOPSIS

	  use Locale::Codes::LangFam;

	  $lext = code2langfam('apa');		       # $lext gets 'Apache languages'
	  $code = langfam2code('Apache languages');    # $code gets 'apa'

	  @codes   = all_langfam_codes();
	  @names   = all_langfam_names();

DESCRIPTION

       The "Locale::Codes::LangFam" module provides access to standard codes used for identifying language families, such as those as defined in
       ISO 639-5.

       Most of the routines take an optional additional argument which specifies the code set to use. If not specified, the default ISO 639-5
       language family codes will be used.

SUPPORTED CODE SETS

       There are several different code sets you can use for identifying language families. A code set may be specified using either a name, or a
       constant that is automatically exported by this module.

       For example, the two are equivalent:

	  $lext = code2langfam('apa','alpha');
	  $lext = code2langfam('apa',LOCALE_LANGFAM_ALPHA);

       The codesets currently supported are:

       alpha
	   This is the set of three-letter (lowercase) codes from ISO 639-5 such as 'apa' for Apache languages.

	   This is the default code set.

ROUTINES

       code2langfam ( CODE [,CODESET] )
       langfam2code ( NAME [,CODESET] )
       langfam_code2code ( CODE ,CODESET ,CODESET2 )
       all_langfam_codes ( [CODESET] )
       all_langfam_names ( [CODESET] )
       Locale::Codes::LangFam::rename_langfam  ( CODE ,NEW_NAME [,CODESET] )
       Locale::Codes::LangFam::add_langfam  ( CODE ,NAME [,CODESET] )
       Locale::Codes::LangFam::delete_langfam  ( CODE [,CODESET] )
       Locale::Codes::LangFam::add_langfam_alias  ( NAME ,NEW_NAME )
       Locale::Codes::LangFam::delete_langfam_alias  ( NAME )
       Locale::Codes::LangFam::rename_langfam_code  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangFam::add_langfam_code_alias  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangFam::delete_langfam_code_alias  ( CODE [,CODESET] )
	   These routines are all documented in the Locale::Codes::API man page.

SEE ALSO

       Locale::Codes
	   The Locale-Codes distribution.

       Locale::Codes::API
	   The list of functions supported by this module.

       http://www.loc.gov/standards/iso639-5/id.php
	   ISO 639-5 .

AUTHOR

       See Locale::Codes for full author history.

       Currently maintained by Sullivan Beck (sbeck@cpan.org).

COPYRIGHT

	  Copyright (c) 2011-2012 Sullivan Beck

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.16.2							    2012-10-11					       Locale::Codes::LangFam(3pm)
All times are GMT -4. The time now is 11:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy