Develop Reference

Apply restrictions on iptables [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 days ago.
Improve this question
By the following commands, I forward the incoming traffic to the server to another IP
sudo sysctl net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination <ip1>
sudo iptables -t nat -A PREROUTING -j DNAT --to-destination <ip2>
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
I want to create a limit on the ports, that is, only 2 connections can be connected on each port.
How can I do this?

IPTables 1:1 NAT on a single port [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am trying to figure out how to add a 1:1 NAT with IPTables but only on a single port, I know how to forward all traffic, but can't seem to find anything on a single port such as
192.168.1.1:21 -> 172.16.1.1:21
192.168.1.2:21 -> 172.16.1.2:21
192.168.1.3:21 -> 172.16.1.3:21
192.168.1.4:21 -> 172.16.1.4:21
I cant do this by say allowing only one port because there are other applications also doing traffic redirections on other ports.
All I have so far is something like this, but it doesn't specify the IP it originally landed on as a parameter.
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port
iptables -t nat -A POSTROUTING -j MASQUERADE

Use the -d flag to specify original destination.
iptables -t nat -A PREROUTING -d <external-ip> -p tcp --dport port -j DNAT --to-destination <internal-ip>:port

iptables to drop input connections to postgres [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
For testing, I need to drop all input connections to postgres db running on port 5432 on localhost. I set an iptables rule :
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 5432 -j DROP
But I am able to do read/write operations to the db. I used dbvisualizer as well as the product to test. What am I missing?
Thanks in advance.

The target DROP will just drop the packet, no further processing or forwarding.
try this:
iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-ports 5432

I am not sure if this is the right method but rule
iptables -A OUTPUT -p tcp --dport 5432 -j REJECT
worked as expected.

Did your server listen on localhost or ethernet nic network ip address?

iptables to forward port to another network [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a VDS running CentOS with two interfaces: eth0 and ham0. eth0 is my WAN interface and has external IP accessible from the Internet, and ham0 is an interface to a small VPN network (Logmein Hamachi).
There are three machines in the VPN network, one of them is a linux box at my home which runs Apache on port 80. This machine is behind ISP's NAT and cannot be seen from outside.
I want to create a rule on my VDS to forward connections to port 8081 coming from the Internet (eth0 interface) to this linux box inside my VPN network. Something like this:
[Internet] ---> [VDS server with public IP] ---> [Apache server inside VPN]
I used the following rules:
iptables -t nat -A PREROUTING -p tcp -d *external_ip* --dport 8081 -j DNAT --to *internal_ip*:80
iptables -A FORWARD -p tcp -d *internal_ip* --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp --dst *internal_ip* -j LOG --log-level warning --log-prefix "[REQUEST_FORWARDED]"
But it does not work. I can see a "REQUEST_FORWARDED" message in /var/log/messages, but when I go to the http://my_eternal_ip:8081/ in my browser, it tries to connect to the host for a very long time, and then shows a message that server did not respond.
What can cause this problem?

I guess you need to make sure "/proc/sys/net/ipv4/ip_forward" has been enabled, if not
echo 1 > /proc/sys/net/ipv4/ip_forward
Above command can help you allow IP forwarding.
Hope this helpful to you.

Redirect all outgoing traffic on port 80 to a different IP on the same server [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have multiple IP addresses on the same server and I would like to redirect all outgoing traffic on port 80 to a different IP on the same server just no to use always main IP.
Currently I'm using this:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source IP;
and it works well, but it redirects everything and when I make backups over SSH backup it's failing.
System: CentOS 5.8 64-bit

This worked:
iptables -t nat -A POSTROUTING -p tcp --dport 80 -o eth0 -j SNAT --to-source IP