I am trying to set slingbox connection to class 1:20 using the following commands: iptables -t mangle -A to-cable -p tcp --dport 5001 -j CLASSIFY --set-class 1:20 iptables -t mangle -A to-cable -p tcp --sport 5001 -j CLASSIFY --set-class 1:20 i have other class related commands for ssh, http and news. i use the command 'tc -s class ...
i want to set a specific class to any packets that come from a specific computer in my network using --set-class, how can i achieve that ? ...
hi, how do I drop all traffic to smtp, except originating from my IP? This example I found drops traffic for particular IP, I need to deny by default, but allow 1 IP in. Thanks # iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP ...
I would like to make server that listen on UDP port 162 (SNMP trap) and then forwards this traffic to multiple clients. Also important is that the source port & address stays same (address spoofing). I guess that best tool for this would be Twisted or Scapy or maybe vanilla sockets, only I can't find anything in the documentation for T...
Hello I have following problem: CRM system running on Linux computer is sending emails via sendmail. I would like to change destination port from 25 to 587 using iptables but without modifing sendmail (not possible due to crm configuration). I tried to use iptables but mine tries of redirecting packet on output chain to port 587 we...
Is there any convenient way to show loaded iptables module list? I can show installed modules by listing /lib/iptables/ (or /lib64/iptables/) directory but I need active module list. ...
Hey all, I've see the following in my logs every so often: kernel: ip_conntrack: table full, dropping packet. Currently, I have ip_conntrack_max set to 65536 (default, RHEL5). Keeping memory usage in mind, how much can I safely increase this value? I've got 4GB ram on this box. One of the functions this machine serves is as a stati...
Hi, I've got a problem with iptables on openvz (ubuntu 8.04) I know that openvz is a for iptables and I know that some modules are not loaded by default (I can't move to another hosting provider right now). I've been googling since last week trying everything but I haven't fixed it yet. My iptables is this one (got from slicehost): ...
Hello all, How can we create a table of IP addresses for NetFilter? I would like to do so, just like table directive of PacketFilter. Thank you for any help. ...
I'm working on an application where two processes communicate over loopback interface. Its Linux based system. I'm encountering a very strange problem, when Firewall is enabled, send to internal socket is failing. If I add an iptables rule (in output chain) as shown below from command prompt everything works fine. iptables -I OUTPUT ...
We usually blacklist IPs address with iptables. But in Amazon EC2, if a connection goes through the Elastic Load Balancer, the remote address will be replaced by the load balancer's address, rendering iptables useless. In the case for HTTP, apparently the only way to find out the real remote address is to look at the HTTP header HTTP_X_F...
i m designing a simple c code to call the iptables command according to the need. i just want to drop the packets from a particular ipaddress using my c code. thats why i have to use the iptables command according to input given. is it possible to call the command using c code? if it is then how??? thanks in advance.. ...
i have a daemon program which listens on 127.0.0.1:8000. i need to access it when i connect to my box with vpn. so i want it to listen on the ppp0 interface too. i've tried the "ssh -L" method. it works, but i don't think it's the right way to do that, having an extra ssh process running in the background. i tried the "netcat" method....
I have a small network with two VLANs. One is our internal network for basic file sharing, etc and the other is a public wifi network for our customers. The internal network is configured as 192.168.1.x and the public wifi is 192.168.11.x. We have one printer at 192.168.1.50. I would like to be able to have that printer available to ...
I'm trying to test a fancy traffic analyzer app, which I have running on port 8890. My current plan is to let any HTTP request come into Squid, on port 3128, and let it process the request, and then just before it sends the response back, use iptables to redirect the response packets (leaving port 3128) to port 8890. I've researched th...
Hello, Basically started with Squid and iptables today (google is your friend). This stuff is going to be the death of me. I have Squid3 setup on Ubuntu 9.04 server as Transparent Proxy. It works sweetly when i use the proxy-box as my default gateway etc. The iptable rules for this setup was part of the tutorial. :P I can unfortunatel...
hello, I have setup a DNS server on a machine. I want to capture the DNS replies before the machine sends out, and change some fields in it and then send the packet. I am only able to change fields in the packet my pcap code(written in C) captures, which seems like a copy, as the original packet is also transmitted. I tried iptables t...
Hi, i have strange behaviour of git - push is working, but clone is not :( alec$ git clone git://host/repo.git Initialized empty Git repository in /Users/alec/Temp/repo/.git/ host[0: x.x.x.x]: errno=Connection refused fatal: unable to connect a socket (Connection refused) whats wrong? ...
Greeting all, "iptables -L" gives the following output [root@ibmd ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source d...
How can you set rate limit access to API using Iptables. Tried to set limit using port 80, but I don't want to set limit to the web access entirely. Is there a way to specified a subdomain rather than port. Example: set rate limit to api.example.com not example.com? If there is no way to set rate limit by subdomain, what is the suggeste...