Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
since I set up a box where all traffic is being redirected to port 80 (yeah) I am unable to connect to it at this moment, and at least try to figure out this myself. So please, if possible give me an idea on the following scenario:
i am using prerouting to forward ALL tcp traffic to port 80, and it works good.
I need to set up just a couple of systems ( source IP's known ) which will pass the NAT without any limits, without the prerouting rules.
sanjay.linux, don't hijack other people's threads. Additionally, LQ isn't the right place for getting help on breaking into systems. If you keep asking questions of that nature, you will risk losing your LQ privileges. kirukan, please use the Report button for these types of things in the future. All that being said, both of you should contact me via email if you need to further discuss any of this. For now, lets try and get the thread back on topic by ignoring the previous two posts. BTW, this thread might be moved to Networking soon unless it becomes evident that it's a security issue.
now, if I have just 11.101 it works great all dest packets going trough 3128 and all other packets being forwarded. If I add the second 11.8 , all TCP is redirected to 80, incl ssh telnet etc.
my understanding is :
this should forward all traffic to 80 but from 11.101:
iptables -t nat -I PREROUTING -i eth0 -s ! 10.15.11.101 -p tcp -j REDIRECT --to-port 80
and this should redirect only dest 80 from 11.101 to port 3128:
iptables -t nat -I PREROUTING -i eth0 -s 10.15.11.101 -p tcp --dport 80 -j REDIRECT --to-port 3128
it is true and working great, if I have ONE source host, with multiples, i get all 80 dest redirected to 3128 ( which is great ) BUT all other traffic to port 80 ( which is NOT GOOD )
So what would be the way of specifying rules for multiple hosts, adding several ips to -s for source returns an error since the syntax is not correct,
I do not want to specify a range. just specific hosts,
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.