Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1) I have proxy squid server centos 5.3 say A having 2 network interface eth0 conneted to local lan and eth1 to to isp line in this server ip-forwading is enable to transfer traffic from lan to wan i.e from
etho to eth1 in same server we have iptable i.e firewall configure , we have one static ip
2) we have another server having centos 5.3 Say B
having ip 192.168.1.3 which is in our Lan
my query is that i want to access server B having ip 192.168.1.3 from ouside i.e from internet
i think i have to do port forwading in server A but how should i write rule in iptable
What you need is NAT in addition to allowing ipforwarding in your kernel. The NAT function will translate addresses from the LAN domain (192.168.1.x) to the IP address of your ISP facing interface. This is easily done with Linux and Iptables using the MASQUERADE function in the NAT table (which is separate from the INPUT,OUTPUT,FORWARD) table. You will then need to configure your machine B to use machine A as the internet gateway.
Even if you open a port in your firewall, unless there is an application actively accepting connections on that port it will show as closed. In fact, if the port is blocked by your firewall it may show as filtered instead of closed (see: http://nmap.org/book/man.html)
Quote:
The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time.
Try the output of the following (may need to run as root)
Code:
netstat -pane | grep 5050
This will tell you if any application is listening on port 5050.
That would explain the state of the port. No application is listening on that port, hence it is closed but not blocked by your firewall. If you expected an application to be available at this port, you should look at the configuration file and see what interface and / or port it has bound to. You could also grep for the name of the application instead of 5050 in the above command to see if it is listening elsewhere.
i remove the iptable rule for port 5050 and add port 5050 in apache conf file i.e httpd.conf
for testing purpose ,when i check the apache web page with port with 5050 it is working and in nmapfe it shows port 5050 is open state but how it possible as i not open port 5050 in iptable .
so i add iptables -A INPUT -p tcp --dport 5050 -j REJECT
but still the apache page is open with 5050 how it is possible
There are two possibilities. The first one is the trivial case, are you scanning with the server from a different machine that is OUTSIDE of your firewall? The second possibility is that your Iptables rules aren't working as intended. If there is a rule above the blocking rule that causes traffic to be accepted, the lower rule won't even be analyzed. If you need help analyzing the firewall function, please output of iptables -L.
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -p udp -m udp --dport 6565 -j REJECT --reject-with icmp-port-unreachable
Same problem...
Think about how iptables works. It processes a packet by comparing it to the rules SEQUENTIALLY. If you have a catch all drop rule, any rules for allowed packets, need to go before it.
You need to remove the rules you have attempted, in the interests of neatness.
Then insert (-I) rather than append (-A) the rule in position above the drop all rule, with something to the effect of:
one thing want to discuss that iptable rule is process from top to bottom sequentially if
i have rule one to accept packet at eth0 and
other rule below is same as first rule but it deny packet at etho
then in this case my packet is accept
but not deny by following first rule it is correct?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
