All Questions
411
questions
0
votes
0
answers
106
views
Docker renders server inaccessible when starting
Docker on Centos 7, using Portainer to manage containers. I created a sonarqube container from YML. When I deployed the "stack" I never had and answer.
Starting docker from console with: ...
- 1
0
votes
1
answer
52
views
I keep receiving login attempt to my server until it gets down
I have a Centos7 server and after years of correctly working, yesterday it started to being unreachable (The server apps I have there were not rechable, the SSH connection gave timeout, etc but the ...
- 103
0
votes
0
answers
73
views
Nat Local subnet to another gateway centos7
hi i have a centos 7 with ocserv and iptables installed
i wanted to route all OCserv teraffic to ip tunnel (which established and reachable)
my Server ip is 172.10.1.1
My OCSERV Users Subnet is : 192....
1
vote
1
answer
364
views
Failover load balancing by iptables is possible?
I'm playing around with iptables in my home lab. My first goal is to take my active directory communication into one load balancing virtual IP. I used prerouting chain to do that. For testing purposes,...
- 21
0
votes
0
answers
2k
views
High CPU usage by ksoftirqd
We use GCP for running Kubernetes and for communication with our services in different locations using VM masquerading by iptables. The first time we faced an issue with performance when we use only ...
google-compute-engine
0
votes
0
answers
233
views
DNS Port Forward Centos 7
how i can have this config?
Server A --> use Server B ip as nameserver in /etc/resolve.conf
Server B --> forward all req on port 53 to Server C:53 using iptables
Server C --> resolve ...
- 101
0
votes
3
answers
386
views
Allow only a list of IP's on iptables
I have an apache server with wordpress installed and I need to determine just a few IP's that will have access to the website (I have a list of IP's)... what would be the most effective way to do this?...
0
votes
1
answer
123
views
iptables wont let me connect to mysql from remote server [duplicate]
I have 2 servers, DB_server (1.1.1.1) and app_server (2.2.2.2)
created a user on DB_server for app_server (with 2.2.2.2 as hostname)
But I am not able to connect from app_server to db_server.
When I ...
- 103
1
vote
2
answers
4k
views
can't run iptables-legacy using cli - centos8
I have a Centos-8 machine which comes with nft-tables and with ip-tables libraries installed.
for example:
the files:
/lib64/xtables/*
/lib64/libiptc.so.0.0.0
/lib64/libiptc.so.0
are all exists and ...
- 83
0
votes
2
answers
708
views
Fedora | how to restore iptables from specific file on boot
I need to make ip-tables persistent on my machines.
I was able to do it on Debian based systems by creating the following file which runs when my network is up:
/etc/network/if-up.d/run-iptables
#!/...
- 83
0
votes
0
answers
608
views
How to mark and separate connections?
I have a issabel Linux (based on Centos 7) with 3 ethernet, and I want this scenario:
eth0 with IP 172.16.3.30/16 ----gw(172.16.0.1)----> (I want to use as Default Gateway)
eth1 with IP 10.1.5.102/...
1
vote
1
answer
356
views
Ratelimit IPs for UDP traffic in ipset list before being sent over GRE tunnel
I am using nat DNAT to forward traffic on a certain port to another Centos server over a GRE tunnel however I want to rate limit a bunch of datacenter IPs I have in a ipset list 'blacklist'. So that ...
- 21
0
votes
0
answers
393
views
CentOS 8: two external network adapters, two ISPs - routing problems
Given: a CentOS 8-powered computer with three network adapters.
eth0, eth2: external, connected to two different ISPs
eth1: faces home network (intranet)
The task: allow accessing certain internal ...
0
votes
0
answers
101
views
iptables on nested KVM appears to be dropping return traffic
I'm trying to get nested KVM working in Google Cloud, but I'm having trouble with Centos 7 dropping traffic that's returning through IP Tables.
Centos 7 forms a virtual router (VR), which sits at the ...
1
vote
0
answers
2k
views
Failed to start IPv4 firewall with iptables
I'm running CentOS 8 Webserver and recently I had some issues with the CSF Firewall, the CSF Service is running but the LFD is failed.
I did some research and I was able to fix it by doing iptables --...
- 119
2
votes
1
answer
417
views
Centos Docker iptables block all traffics except domain
I’m trying to block all outgoing traffic from iptables for docker’s interface docker0. But I would like to open the access for a few domains:
How can I do that?
I tried that:
iptables -I OUTPUT -o ...
1
vote
1
answer
4k
views
Failed to connect to 127.0.0.1:27017, connection refused
So I am currently trying to setup mongodb running and hosting locally for my centos machine.
But when I try to connect I get this:
#mongo
MongoDB shell version v3.4.24
connecting to: mongodb://127.0.0....
- 11
0
votes
1
answer
1k
views
Iptables block access docker container from host
I have iptables rules that blocking access to DOCKER Container from host (accessing from outside network is working fine), most of these rules is writen by my ex-coworking so basically i have no ...
- 11
0
votes
0
answers
485
views
iptables blocks iptables conflict
i have iptables running on my centos 7 server and i'm looking to block bots i use this command
iptables -A INPUT -s 70.42.131.0/24 -j DROP;
this normally should block this range 70.42.131.0/24 ...
- 205
0
votes
2
answers
3k
views
Is fail2ban working without firewalld?
do i need firewalld for fail2ban to work?
Can fail2ban block IP's with iptables only?
I've installed iptables-service on a CentOS 8 vps. I use nftables v0.9.3 (Topsy) to restrict/grant access. ...
- 21
3
votes
1
answer
1k
views
How to Loadbalance Outgoing Traffic with Iptables?
I have a centos 7 server with 5 IPS like 192.168.0.2/29 to 192.168.0.5/29.I want to change Outgoing traffic in roundrobin method because i need to use all ips to my project. so am trying to configure ...
- 31
0
votes
1
answer
319
views
Centos IP Tables port forwarding through multiple chains
Hey ServerFault friends;
AWS released one of their latest products to the public, the Gateway Load Balancer, which allows us to do all kinds of fun things with appliances.
Background:
I'm in the ...
- 344
-2
votes
1
answer
1k
views
iptables -I INPUT -p TCP -j ACCEPT
iptables -I INPUT -p TCP -j ACCEPT
Is executing the above command would increase security risks on the Centos 7 server?
And how to roll back that command?
Is below command okay for rolling back above ...
- 21
2
votes
1
answer
796
views
Switch from existing firewalld configuration to nftables
I'm running a low-RAM VPS with CentOS 8. I've noticed that firewalld service uses way too much RAM (up to 20%). So I guess it may be better to switch to use only built-in nftables.
I'm quite familiar ...
- 161
0
votes
0
answers
282
views
Route traffic from OpenVPN to LAN on CentOS 7
I have a VPN server up and running using TUN and landing remote networks on the local machine in an, otherwise unused, subnet. The local machine has a LAN in a separate subnet.
The remote network is ...
- 36
2
votes
0
answers
2k
views
Docker port forwarding bridge - "no route to host"
Basic Docker port forwarding is not working though bridge on Centos7. Changing network to "host" solves the issue, but I need to run multiple instances of the same container binding them to ...
0
votes
1
answer
237
views
iptables string match, some packets still getting through
I'm using fail2ban to police plain text http packets (SSL offload being used with load balancer) using a header added by the load balancer. fail2ban is complaining that it is seeing ip addresses in ...
- 191
0
votes
1
answer
1k
views
How can I work out what is filtering a port in CentOS 7?
I recently did a yum update and reboot, and now I can't SSH into my machine. I use a non-standard SSH port (let's say 444) and when I run nmap <MY-IP> -p444 --reason I get 444/tcp filtered ...
- 1,148
0
votes
2
answers
7k
views
trying to firewall-cmd --reload in Centos7 , why keep showing me iptables error?
[root@localhost ~]# firewall-cmd --reload
Error: COMMAND_FAILED: Direct: '/usr/sbin/iptables -w10 -t filter -I INPUT_direct 3 -p icmp -m icmp --icmp-type 8 -s X.X.X.X -j ACCEPT' failed: iptables v1.4....
- 31
1
vote
1
answer
1k
views
Change incoming packet source IP
How can I change the source IP of an incoming packet before it reaches the running service
I have two appliances, a Manager and a Server, connected via VPN and has NAT between them.
Manager Interface ...
- 147
1
vote
0
answers
163
views
Is iptables-save and iptables-restore works if I am using firewalld?
We are using docker-compose to run our services and firewalld as our firewall. Now we need to modify some firewall rules, but since firewalld has possible risk that remove DOCKER-USER iptables chain ...
- 111
0
votes
1
answer
334
views
How to block traffic to specific subdomain in OpenVPN?
I have an OpenVPN server with some vpn clients and I want to block access to this subdomain for all of the clients : teamspeak.site.com
Is there any way to achieve this with OpenVPN configuration? If ...
- 33
-1
votes
1
answer
176
views
Iptables is slowing down website
IPtables is slowing down my gitlab instances. Clicking on Project or refreshing the page is taking so long (almost 30 seconds to 60 seconds). If I flush the IPtables list then the page refreshes ...
- 535
1
vote
2
answers
6k
views
CentOS 7 Forward port to another IP:PORT
I have CentOS 7 that uses IPTABLES for Forwarding port 30120 to windows server
For example :
Windows games server IP: 192.168.1.3
Linux Centos 7 server IP : 192.168.1.5
iptables -t nat -A PREROUTING ...
- 11
0
votes
1
answer
3k
views
Routing(forwarding) all traffic based on source/destination (Linux/CentOS)
I have an active-active Linux router (running CentOS) with three interfaces (ens100, ens101, ens102). I use iptables to route traffic.
My problem is with connections between "Server A" and "Server B"...
- 13
0
votes
1
answer
289
views
Single VPS, multiple IPs - different iptables rules based on IP
I currently have a VPS with just 1 IP address and I want to buy another IP and do the following:
have one public IP with incoming requests allowed only on port 7777 (UDP)
have a Mysql server running ...
- 3
-1
votes
1
answer
37
views
restricting access to dev server
We have a development server for our website hosted on our public cloud. We want to block access to it from the outside and only allow access from our public IP. How would I set up the IP tables on ...
1
vote
0
answers
72
views
How to limit ICMP Echo requests to 5, then drop for at least 30s (if the pings stop) with iptables?
I tried it with following 2 lines
iptables -A INPUT -p icmp --icmp-type 8 -i $EXT -m recent --set -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -i $EXT -m recent --update --hitcount 5 --seconds ...
- 11
0
votes
0
answers
414
views
Firewalld/iptables rules not working as expected
I have the following setup:
-CentOS box, with KVM installed (libvirt), as gateway/VM host. Interface eno2 as uplink.
-Public routed network configured on interface virbr1 (virbr1 mode routed, ...
- 1
0
votes
3
answers
835
views
My IP is blocked from own Plesk server
I was experiencing slowness to a crawl issues with my server and hired a SysAdmin to fix it but he didn't and only made it worse. Now, I can't access anything on it unless via VPN. No Plesk, No SSH, ...
- 101
1
vote
0
answers
2k
views
Translating a firewall-cmd command to iptables command
I read here that iptables package is part of the Linux Kernel and that every GUI firewall tools are in the end translated in some kind of iptable rules.
Now I am setting up Centos 8 server folowing ...
- 403
11
votes
1
answer
11k
views
firewalld is not working in CentOS 8: no rule at all is created in iptables
I've recently upgraded a clean install CentOS 7 to CentOS 8 using this tutorial:
https://www.tecmint.com/upgrade-centos-7-to-centos-8/
I had no extra software installed, only the base install. After ...
- 137
0
votes
0
answers
368
views
iptables rules being added all on their own on Centos 7 (Azure)?
We are trying to run a PCI scan on our internal network. For some reason, the machines are blocking the scanner automatically when the scan is running by adding its IP to the iptables.
We don't have ...
- 133
0
votes
1
answer
694
views
Two firewalls in single server - how to remove one without "lock out"?
I am running CentOS 7 VPS which I purchsed preconfigured with iptables installed, but I didn't check this at first. I know CentOS 7 "should" be firewalled, so I installed firewalld and no error ...
- 113
0
votes
2
answers
133
views
Cant block specific ports for OpenVPN users
CentOS7.6 + iptables + OpenVPN2.4 (UDP proto) onboard.
Question is duplicated and seems simple: I just want to block some specific ports for my VPN users.
So I make
iptables -I FORWARD -p udp -m ...
- 103
0
votes
0
answers
346
views
Using iptables to limit httpd, ssh and icmp
I want to block ICMP and limit SSH and HTTPD traffic to eth0
My original iptables looks like this
filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ...
0
votes
1
answer
926
views
NGINX/Apache does not respond to requests behind NAT
Warning: I am a newbie to NGINX. I used apache2 but on CentOS I am not used to the way it is set up and also I want to try NGINX since its newer and more modern.
Edit: I have tested also with Apache(...
- 103
0
votes
1
answer
6k
views
CentOS 7 NAT routing & IPTABLES
I have the CentOS instance like NAT for my local net. There are some subnets in my local net. There is a PPTP VPN server inside one. I have to need to publish this server to Internet.
So. My problem ...
- 23
2
votes
2
answers
2k
views
Error messages in firewalld log file Set fail2ban-ssh doesn't exist
I have got the following error messages repeating in firewalld log file.
2019-07-19 14:18:20 ERROR: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Set ...
- 21
0
votes
1
answer
172
views
OpenVPN server running on a cloud VM cannot ping to a connected client; but client can ping the server
So I am trying to set up an OpenVPN server on a Cloud Virtual Machine running CentOS 7. The client (Windows) can connect to the OpenVPN server, I can ping the server from the client, but the server ...
- 103