Showing posts with label iptables. Show all posts
Showing posts with label iptables. Show all posts

Tuesday, December 21, 2021

How to do the port forwarding from one ip to another ip in same network?

 

Ref: https://serverfault.com/questions/586486/how-to-do-the-port-forwarding-from-one-ip-to-another-ip-in-same-network

These rules should work, assuming that iptables is running on server 192.168.12.87 :

#!/bin/sh

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t nat -F
iptables -X

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.12.77:80
iptables -t nat -A POSTROUTING -p tcp -d 192.168.12.77 --dport 80 -j SNAT --to-source 192.168.12.87

You have to DNAT incoming traffic on port 80, but you will also need to SNAT the traffic back.

Alternative (and best approach IMHO) :

Depending on what your Web Server is (Apache, NGinx) you should consider an HTTP Proxy on your front-end server (192.168.12.87) :

at No comments:
Labels: , ,

Thursday, December 9, 2021

How to Enable Logging in Iptables on Linux

Ref:  https://tecadmin.net/enable-logging-in-iptables-on-linux/

Enabling logging on iptables is helpful for monitoring traffic coming to our server. This we can also find the number of hits done from any IP. This article will help enable logging in iptables for all packets filtered by iptables.

Enable Iptables LOG

We can simply use following command to enable logging in iptables.

iptables -A INPUT -j LOG

We can also define the source ip or range for which log will be created.

iptables -A INPUT -s 192.168.10.0/24 -j LOG

To define level of LOG generated by iptables us –log-level followed by level number.

iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4

We can also add some prefix in generated Logs, So it will be easy to search for logs in a huge file.

iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix '** SUSPECT **'

View Iptables LOG

After enabling iptables logs. check following log files to view logs generated by iptables as per your operating system.

On Ubuntu and Debian

iptables logs are generated by the kernel. So check following kernel log file.

tail -f /var/log/kern.log

On CentOS/RHEL and Fedora

cat /var/log/messages
at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Install and use xorg-server on macOS via Homebrew

  The instructions to install and use xorg-server on macOS via Homebrew: Install Homebrew (if you haven't already): /bin/bash -c ...