FAQ Database Discussion Community


I can't start the docker service with iptables error

centos,docker,iptables,nat
This is my linux version information CentOS Linux release 7.0.1406 (Core), and my iptables version is v1.4.21 After I installed docker using the command yum install docker, I am trying to start docker with the command service docker start, but I can't start docker. The error message received is [[email protected]

iptables put all forwarding rules in prerouting

linux,security,networking,firewall,iptables
I have a question about security in iptables. Is it safe to give ACCEPT policy to FORWARD chain? I mean, if packet gets there, it has come through PREROUTING table and in PREROUTING you only change destination ip of packet if you "like it". all packets that get in FORWARD...

how can firewall/iptables check incoming tcp traffic of already bound ports?

sockets,tcp,port,firewall,iptables
As far as i know only one process can be bound to a port of the same protocol, and in order to read incoming information to a port a socket must be bound to a that relevant port. is there a way of sharing a socket with another process or...

Reinjecting modified packets in netfilter module

c++,linux,udp,iptables,netfilter
I have used netfiler_queue to create a NFQUEUE module for iptables that handles all outgoing UDP packets. I want to modify all UDP packets that match a certain pattern, and reinject them into the network. Here is some example code: ... static int Callback( nfq_q_handle *myQueue, struct nfgenmsg *msg, nfq_data...

iptables / cherrypy redirection changes request mid-processing

redirect,iptables,cherrypy
Sorry for the vague title, but my issue is a bit complicated to explain. I have written a "captive portal" for a WLAN access point in cherrypy, which is just a server that blocks MAC addresses from accessing the internet before they have registered at at certain page. For this...

Is it possible to access ip fragments with libnetfilter_queue

c,linux,iptables,netfilter,ip-fragmentation
I am using libnetfilter_queue in C to capture packets. I am setting an iptable rule to queue the incoming packets that would later be processed by the userspace implementation like this: iptables -A INPUT -j NFQUEUE --queue-num 0. I used nfqnl_test example as a framework to implement the capture. Everything...

What is the best way to limit the IP addresses which can be access from within a docker container?

docker,iptables
I have an answer which will limit docker containers to only be able to access a single IP address outside the host. Using this iptables rule on the host: # iptables -I FORWARD -i docker0 ! -d 8.8.8.8 -j DROP means that from inside any docker containers it is only...

IPTABLES Allow teamspeak 3 to connect to Mariadb on the same machine

mysql,centos,iptables,teamspeak
Goodday, I have a centos 7 machine that is going to be a webserver and a teamspeak server at the same time. I have configured the iptables correctly for my webserver: Nginx and Mariadb are available to the designated ports. Now I have my teamspeak 3 server installed but it...

linux config gateway using iptables

linux,iptables,gateway
I'm build a local server cluster. server2 eth0 IP:168.168.1.2 Gateway: 168.168.1.1 NETMASK: 255.255.0.0 server3: eth0 IP: 168.168.1.3 Gateway: 168.168.1.1 NETMASK: 255.255.0.0 server1: eth0 IP: 168.168.1.1 eth0:1 IP x.x.x.x(provided by ISP) GATWWAY x.x.x.x(provided by ISP) I want to build the server1 as the gateway of subnet. And I can access the...

I/O with a Tun interface

linux,perl,shell,iptables,tunnel
The intent is to have a program intercept a collection of IP packets and read its raw content and then reinsert it to the network after tinkering with it. My approach is based around setting up a Tuntap interface (Tun, to be specific), and then have iptables and similar redirect...

Docker - modifying IPTABLES for host from container

docker,iptables,fail2ban
I want to run a docker container with central log and fail2ban service to prevent from dos/ddos attacks. I'm having a problem to run a container with such capabilities that it could also modify the hosts iptables. There is a project ianblenke/docker-fail2ban however it does not work... Giving the container...

Fetching external mail through the internet via IMAP in linux

linux,port,imap,firewall,iptables
I am working on a project that requires me to enable fetching of external mail through the IMAP protocol. I was wondering if there was any way to test this from for example imap.gmail.com without using telnet (as I have to enable the IMAP port and not telnet) ? I...

How to do local port forwarding with iptables

iptables
I have an application (server) listening on port 8080. I want to be able to forward port 80 to it, such that hitting http://localhost resolves my application (on localhost:8080). This should be generalized for any port mapping (e.g. 80:8080 => P_src:P_target), and use best practices for modern *nix machines (e.g....

Leverage iptables to drop packets between docker containers

docker,iptables
I have three containers C1, C2 and C3, forming a cluster, and a DNS instance running. The containers resolve their IPs using the DNS and already can communicate with each other as they expose the needed ports using vanilla docker configuration. How can I leverage iptables from the host to...

Docker ignores iptable rules when using “-p :

docker,iptables
Just realized a few days ago that Docker seems to bypass my iptable rules. I am not incredible experienced with Docker nor iptables. Tried a lot of different things the last days. Also saw that there was big change in recent docker versions with a special DOCKER-chain that should allow...

How to add multiple ips to a iptables shell script?

shell,unix,iptables
I am trying to creating shell script to block some ips whether the below one is the right way to do it #!/bin/bash iptables -A OUTPUT -d xx.xx.xx.xx/29 -j DROP -A OUTPUT -d xx.xx.xx.xx/32 -j DROP I am trying to save this and execute it as a1.sh but it's not...

Iptables from udp to tcp [closed]

tcp,udp,port,iptables
Is it possible to convert all outgoing udp traffic from a gateway router to tcp on the same port with iptables. Have looked at mangle but unsure how I can use that.

Iptables remove specific rules by comment

linux,firewall,iptables,coreos
I need to delete some rules with same comment. For example I have rules with comment = "test it", so i can get list of them like this: sudo iptables -t nat -L | grep 'test it' But how can i delete all PREROUTING rules with comment 'test it'? UPD:...

Does INADDR_ANY interfaces include VMware Network Adapter?

c,sockets,udp,vmware,iptables
My code is currently making use of INADDR_ANY, I am testing to see if I am able to send packets from a VM client through a Ubuntu router, [using IPTables] to my host machine. I am able to ping the Host machine from the client behind the Linux router and...

Unable to connect to Postgres via PHP but can connect from command line and PgAdmin on different machine

apache,postgresql,redhat,iptables,postgresql-9.3
I've had a quick search around (about 30 minutes) and tried a few bits, but nothing seems to work. Also please note I'm no Linux expert (I can do most basic stuff, simple installs, configurations etc) so some of the config I have may be obviously wrong, but I just...

Ubuntu/UFW: How to tell Docker not to expose all ports?

ubuntu,nginx,docker,port,iptables
I'm really struggling here and googled a lot... no solution worked so far. I'm running several docker containers (nodejs, mongodb,...) on my Ubuntu machine. Unfortunately, Docker (v1.6) exposes all ports to public! Since I have an nginx reverse proxy (also in a docker container), I only want port 80 to...

How to check if iptables is empty from a script

bash,iptables
I am writing a script that needs to check if iptables is empty. The only idea I have is to do "iptables-save" and compare it with a "iptables-save" of an empty iptables. However, I'm not sure whether I can count on it that "iptables-save" produces the same result on every...

iptables --sport vs --dport. INPUT vs OUTPUT

linux,iptables
I am having some trouble understanding iptables. I know it acts as a filter but something isn't clicking because it isn't working the way I think it should. Let me start by saying that I'm creating a white list, so all policies (INPUT, FORWARD, OUTPUT) default to DROP. I have...

How to run Netfilter (iptables, nftables) with DPDK

linux,linux-kernel,iptables,netfilter,dpdk
I'm looking for a fast stateful firewall in Linux that may process lots of packets and send some of them to external programs. Is it possible to make netfilter (iptables, nftables) working with Intel DPDK in order to improve performance?...

Iptables not loading new rules after restart Centos

bash,centos,firewall,iptables
I've created a bash script that adds a rule to the iptables firewall Example iptables -A INPUT -p tcp --dport 8080 -j ACCEPT Problem After a restart this rule is not applied What is the best way to save and apply the rules in bash script ...

IPTables hex string match to mitigate dos attack

debian,dos,iptables,ddos
A server of mine has been under dos attacks for the past few weeks. They've just now starting randomizing the source so I can't simply drop the packets by source IP anymore. Here are a few of the packets from tcpdump: 23:58:32.229878 IP (tos 0x0, ttl 242, id 21915, offset...

How can I safely append data to a sk_buff for IPTables target

memory-management,linux-kernel,iptables
I am working on a Linux kernel module that needs to modify network packets and append an extra header. I already implemented the modification part, recomputed the check-sums and it worked nice. But I don't know how to safely append an extra header. If my input packet is something like:...

Docker hiding IP of calling container [closed]

amazon-ec2,go,docker,iptables,coreos
Disclaimer: I am a networking newbie. Forgive me if I don't use proper vocabulary to describe my problem. Context: So I have a couple of app containers (Docker) that are to run on CoreOS. Each container must have different IAM roles. Since there will be potentially be N containers with...