I configured access point with hostapd and dnsmasq with this tutorial:
access point on linux tutorial
It works for me. NAT works but I would also like to have communication between clients. Client hosts don't see each other.
How can I enable communication between clients?
Solved. I had to add iptables rule:
iptables -A FORWARD -s network_address/mask -j ACCEPT
Related
I'am making a CloudFlare Zero Trust connection as cloudflared in Debian 11 linux server.
Everything is working, where firewall is disabled.
When user go to xx.yyy.com is redirecting to log in with CloudFlare Access, then (when access is granted) user can see log in option of Portainer.
Portainer is in the docker container, and Portainer ports are on loopback interface.
"127.0.0.2:8000->8000/tcp"
"127.0.0.2:9443->9443/tcp"
I have a problem when I'm turning on the iptables firewall with INPUT, FORWARD and OUTPUT rules for DROP, even if I have:
iptables -A INPUT -i lo -j ACCEPT
The error is:
"error="Unable to reach the origin service."
Of course, common iptables rules are used and CloudFlare IP addresses (and zero trust addresses) are white-listed.
Could anybody help me, please? :D
Have a wonderful day!
I'm trying to redirect my port 80 to 8080 because the user need not type the url as webapp:8080 to access the web site.
Here's the command that I came across to redirect from port 80 to 8080 :
sudo iptables -A PREROUTING -t nat -i enp0s25 -p tcp --dport 80 -j REDIRECT --to-port 8080
I'm now able to access the page as webapp/. But the problem now I'm facing is that I'm not able to access the page if I give webapp/ after I restart the system.
How do I fix this?
You can try this :
iptables-save > /etc/sysconfig/iptables
"/etc/sysconfig/iptables " is for centos, you need to find the same file on your linux OS :)
An other solution is to create a conf' file and use this file when the system boot :
Create a file like "Conf_iptables".
Add your rules to this file.
Add execute privilege to root
chkconfig Conf_iptables on
Moreover you have to create 2 iptables rules (for IPv4 and IPv6) if you want to use IPv6 :)
If you need help use this site (sorry but it's in french) : http://blog.sephirots.fr/?p=123
The only thing you need is to save iptables rules permanently. It can be various depend on linux distribution.
For Debian/Ubuntu see for instance here:
https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently
Ubuntu:
Install iptables-persistent. This will create 2 files in /etc/iptables/rules.v4 and rules.v6
Run netfilter-persistent save.
Try rebooting the machine.
I use linux router for accessing internet via PPPoE. This box has two interfaces: eth0 for internal LAN and eth1 for establish a ppp0-interface on a PPPoE-Modem. For firewalling and port forwarding I use iptables with nat.
This works as expecting: I can go in the internet from the LAN, I can access certain service in the LAN from outside by port forwarding:
iptables -t nat -A PREROUTING -p tcp --dport 9999 -DNAT --to 192.168.2.10:22
(as an example for accessing the ssh-port of a certain machine inside my LAN from outside)
But I want to access a single machine (192.168.8.2) on the WAN-Port eth1 from inside of the LAN:
for this reason, the eth1 is configured as:
ip addr add 192.168.8.1 dev eth1
So I can ssh 192.168.8.2 from the console on the router. This works as expected. but I want to access this also from machines from the LAN.
iptables -t nat -A PREROUTING -p tcp --dport 9997 -DNAT --to 192.168.8.2:22
but this isnt going to work. I see packets coming from my LAN-side-machine going in on eth0 and addressing 192.168.8.2, but I dont get an answer.
can someone point me to, where my error is?
thanks in advance
Marco
Unless the server (192.168.8.2) knows how to get back to the computers on the LAN (would have to check routing for traffic coming back from that server), you would have to add a -t nat POSTROUTING rule on the router to make it look like it's traffic that's going out from the router (which I would guess is already accessible from 192.168.8.2). The the traffic would be able to get back to the router when the server is responding and the router would take care of unNATing it.
Is it possible to redirect outgoing connection back to localhost using iptables?
For example, if php script requests someonlinesite.com/bla.php then it would redirect to 127.0.0.1/bla.php
OS: Debian 7
The question does not really make much sense the way it currently is asked.
Most likely you are trying to redirect a http request? Then you should take a closer look at your systems name resolution, since that is the step that translates the host name someonlinesite.com to an ip address. So that is where you want to manipulate.
You might also want to consider using a proxy as an alternative. But a pure iptables based solution is questionable, since in typical setups the local http server will not react to incoming requests to a remote ip address...
try with:
iptables -t nat -A OUTPUT -d 0/0 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:80
Thank you for replies, i managed to do it with hosts file.
/etc/hosts
127.0.0.1 domain.com
Now it redirects always to localhost when script tryes to reach domain.com
I have created a debian wheezy virtual machine in google compute engine but I am unable to connect to it with vnc.
Here is what I have done
Installed gnome and the rebooted the VM
install tightvncserver and started it
I have tried to connect using the static ip that I've attached to the VM but I'm getting the error: "the connection was refused by the host computer".
I thought it was the firewall that was the issue so I disabled iptable using the following commands
$ sudo iptables-save > /root/firewall.rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
and I have created rules in google firewall to allow ports 0-65535 for tcp and udp but it still does not work.
Anyone knows how to do it?
Thanks in advance
By default, all incoming traffic from outside a network is blocked and no packet is allowed into an instance without an appropriate firewall rule. To allow incoming network traffic, you need to set up firewall rules to permit these connections:
start the VNC service
look at VNC server settings or netstat -nap to find out the listening port of vnc server
under Google Developer console -> Compute Engine -> Networks -> default -> Firewall rules
create a new rule and open appropriate ports for incoming vnc connections.
VNC uses by default port 5901. In the 'VNC server' field, specify the ip address and the port 5901.
Example: VNC ***Server: 123.123.123.123:5901
Encryption: let VNC Server choose***
Be aware that the free edition of VNC doesn't support encryption, it only encrypts your user name and password. One thing also to configure is /etc/sysconfig/vncservers file where you have to specify the user and the port that VNC server should listen to, and make sure it's not commented
Example:
VNCSERVERS="1:USERNAME"
VNCSERVERAR0GS[1]="-geometry 800x600 -listen tcp -5901"