iptables

Tracing iptables Rules

Tracing iptables Rules I’m just beginning to dig into iptables for the first time today, so apologies for any naivete. For reference, I’m using Ubuntu 22.04.4 LTS (Jammy Jellyfish) iptables v1.8.7 (nf_tables) ufw 0.36.1 Now, I know (or, rather, recently learned) that ufw is just a wrapper for iptables. I decided I wanted to understand …

Total answers: 1

iptables::drop INVALID before or after ESTABLISHED,RELATED?

iptables::drop INVALID before or after ESTABLISHED,RELATED? It’s not clear to me if the check for INVALID vs ESTABLISHED,RELATED is equally fast for both cases (and if the states are completely orthogonal) Do I have to drop INVALID before accepting ESTABLISHED or can I safely accept ESTABLISHED and then drop INVALID? Asked By: Adrian Sevcenco || …

Total answers: 1

Where does ss command gather its data for ports etc

Where does ss command gather its data for ports etc When trying to see port clashes within my system, many websites online recommend using /etc/services or ss -tunl to see port info I am noticing /etc/services is providing different information to -ss on most occasions. Output comparison examples sudo cat /etc/services ftp 21/udp ftp 21/sctp …

Total answers: 2

Trying to understand iptables log messages

Trying to understand iptables log messages I have set up iptables to log outgoing traffic from all but a limited set of users, and I’m trying to understand the log messages that this produces. Looking at /var/log/syslog, I see requests from 127.0.0.1 to 127.0.0.53 (DNS lookups?) and quite a few to 224.0.0.22 that look like …

Total answers: 1

Route all TCP traffic from port to another host:port

Route all TCP traffic from port to another host:port I have a wireguard config, creating a VPN between a remote server (10.0.1.1) and my local machine (10.0.1.2), so that the server can reach the local machine and vice versa. I’d like the server to route all incoming TCP connections on port 8000 to my local …

Total answers: 1

Should 'dpkg -i iptables' be installing the required kernel modules?

Should 'dpkg -i iptables' be installing the required kernel modules? I’m in the process of installing iptables onto an embedded Debian 8.7 armhf machine that does not have access to the internet. My method has been to manually find the .deb package files from the Debian archives, and then FTP those over to the Debian …

Total answers: 1

ufw won't put custom rule in the correct place at reboot

ufw won't put custom rule in the correct place at reboot My general issue is that I lose contact with my Ubuntu 23.10 on ssh once I close my ports using knockd. I would like for it to maintain existing connections. I have a custom rule > iptables -I INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j …

Total answers: 1

Launching docker daemon in Ubuntu 22.04 LTS on WSL-2 fails because of iptables

Launching docker daemon in Ubuntu 22.04 LTS on WSL-2 fails because of iptables I’m trying to run docker inside of Ubuntu 22.04.3 LTS running in WSL-2 on my Windows 10 machine. I have followed the instructions here. But it’s still not working, I am getting the following error when I run sudo dockerd : failed …

Total answers: 2

iptables: Reroute incoming TCP traffic on port to IP inside VPN network

iptables: Reroute incoming TCP traffic on port to IP inside VPN network I have a remote server with an open port. This server is connected to a VPN network. My local computer is also connected to this VPN network. So, the two computers can communicate. What I’d like to do is: I’d like to host …

Total answers: 1

Two different wireguard tunnels wg0 and wg1 via wlan0 and eth0 to the same wan ip

Two different wireguard tunnels wg0 and wg1 via wlan0 and eth0 to the same wan ip I have following config: two interfaces eth0 connected via ISP1 and wlan0 connected via ISP2 to the internet. Both connections have different IP addresses and allow internet connectivity. I setup two wireguard interfaces wg0 and wg1. wg0 should always …

Total answers: 1

Port Forward for LAN

Port Forward for LAN I bought a server and have Ubuntu 22.04 installed. When I run various Github projects like Text Generation Webui, Automatic1111 Stable Diffusion, etc., how do I forward the port to access it from my network as 192.10.1.10:7680 or whatever the port for that project is? Is ssh tunnel the most secure …

Total answers: 1

redirect traffic of wlan0 through v2ray http proxy

redirect traffic of wlan0 through v2ray http proxy I have a Raspberry Pi with two interfaces. eth0 is connected to router to internet. wlan0 is acting as access point using hostapd and there is udhcpd service for wlan0. I installed v2raya which connects to v2ray and creates socks proxy on port 20170 and http proxy …

Total answers: 1

MAC address rewriting using tc

MAC address rewriting using tc I am using tc to change the MAC address of incoming packets on a TAP interface (tap0) as follows where mac_org is the MAC address of a guest in a QEMU virtual machine and mac_new is a different MAC address that mac_org should be replaced with. tc qdisc add dev …

Total answers: 1

Iptables TCP NEW state vs TCP flags in Ubuntu 22.04

Iptables TCP NEW state vs TCP flags in Ubuntu 22.04 I would like to double check what is the behaviour of NEW state in TCP connections in iptables (Ubuntu 22.04). Does it only accept SYN=1 and ACK=0/FIN=0/RST=0 in tcp flags? More detailed example – let’s say I have below rule on my server: iptables -A …

Total answers: 1

How to define port forwarding

How to define port forwarding I run a server with a web server running as a rootless podman container. This exposes ports 10080 and 10443 because, as a rootless container, it is not allowed to expose ports 80 and 443. So that my website can be accessed from outside, I use ufw as a firewall …

Total answers: 1

iptables allow host for isolated VLAN

iptables allow host for isolated VLAN I’m having a real trouble trying to do a "simple" tweak in my network. So: there are two sites, A and B and are connected via IPsec and there’s no problem in communication between them. each site has two VLANs, main and guest: main is 192.168.55.0/24 for A and …

Total answers: 1

Iptables, subnet rule overwriting ip rule

Iptables, subnet rule overwriting ip rule I want to DROP all packet that come from the subnet 192.168.112.0/24 with destination 192.168.112.0/24 but I want to allow only a specific destination to be accessible (192.168.112.253). I am using the following rules, the first (DROP) rule is working as expected dropping all packets but the second (ACCEPT) …

Total answers: 2

UFW Couldn't determine iptables version

UFW Couldn't determine iptables version I am building a custom embedded Linux platform based on the NXP i.MX8 with Yocto. I want to use UFW to setup the firewall. When I boot the system and try to use UFW it returns an error Couldn’t determine iptables version. I have the iptables and nftables packages installed. …

Total answers: 1

Route traffic from one IP address through a different interface

Route traffic from one IP address through a different interface I have a local and a remote network. My local network has a router, ubuntu box and TV. The remote network has a router and a raspberry pi. The local ubuntu box and remote raspberry pi are connected through a wireguard tunnel. The goal is …

Total answers: 1