Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
*pulling hair out* I have a setup of iptables from centos 5.8 Kernel Linux 2.6.18-308.11.1.el5 on i686. I recently moved from the inner city to a more rural area and because of that we had to get dsl, before that we had cable. I had setup all my tables and everything was working before we moved and now with the change to dsl i cant get any of my ports open to the outside, 80/443/5222/9091/25565. At the moment i was working on getting 5222 open first as it's a high priority port. I have changed my masq. and all the other int. to represent the changes and yet still my brain is racked. any help is much appreciated.
-A RH-Firewall-1-INPUT -p tcp -m tcp -m multiport -i ppp0 --ports 5222 -j DNAT --to-destination 10.0.1.17:5222
-A RH-Firewall-1-INPUT -p icmp -m icmp -i ppp0 --icmp-type any -j DROP
-A RH-Firewall-1-INPUT -m state -i ppp0 --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -i ppp0 -j DROP
-A RH-Firewall-1-INPUT-Local -p tcp -m tcp -m multiport -i eth1 --ports 53 -j ACCEPT
-A RH-Firewall-1-INPUT-Local -p udp -m udp -m multiport -i eth1 --ports 53 -j ACCEPT
...
[/code]
this looks to me like you have a VPN some kind of connection on your server, which may your ISP block or if you have a router, then your router doesn't forward (allow) vpn connection pass-through.
It's just what I understand your Iptables but I don't know how to solve it.
no vpn. the connection would be: client on wan side with port 5222 > dnat > local ip and port 5222 -- server answers then local ip > masq > wan conn on port 5222.
@SuperJediWombat! Thank you so much for your help! Besides the tables being a mess, what was the real problem? i'm trying to find it... again thank you soooooooooo much, you saved my life and business. ^_^
When i had the nat setup without the filtering, i had a massive dos and SYN/ACK attack, i know right how the hell where they getting through my nat O.o. After i had implemented the filtering i noticed that only real traffic was getting through and the hackerz/crackerz traffic had completely stopped.
Currently this is what i'm running under nat:
Code:
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p icmp -m icmp -i ppp0 --icmp-type any -j DROP
-A PREROUTING -m state -i ppp0 --state ESTABLISHED,RELATED -j ACCEPT
-A PREROUTING -p tcp -m tcp -m multiport -i ppp0 --ports 80 -j DNAT --to-destination 10.0.1.13:80
-A PREROUTING -p tcp -m tcp -m multiport -i ppp0 --ports 443 -j DNAT --to-destination 10.0.1.13:443
-A PREROUTING -p tcp -m tcp -m multiport -i ppp0 --ports 5222 -j DNAT --to-destination 10.0.1.11:5222
-A PREROUTING -p tcp -m tcp -m multiport -i ppp0 --ports 9091 -j DNAT --to-destination 10.0.1.11:9091
-A PREROUTING -p tcp -m tcp -m multiport -i ppp0 --ports 25565 -j DNAT --to-destination 10.0.1.14:25565
-A PREROUTING -i ppp0 -j DROP
-A POSTROUTING -p tcp -m tcp -o ppp0 -j MASQUERADE
-A POSTROUTING -p udp -m udp -o ppp0 -j MASQUERADE
COMMIT
i don't know why it's when i add the
Code:
-A POSTROUTING -m state -o ppp0 --state ESTABLISHED,RELATED -j ACCEPT and -A POSTROUTING -o ppp0 -j DROP
is when the attacks stopped and normal correct traffic was able to flow.
Last edited by Neosmith20; 07-25-2012 at 10:09 PM.
Reason: got codez, hacks, and cheatz... ^_^
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.