Menu
▾
▴
webadmin-list
|
From: Muhammad B. Al-N. <mb...@gm...> - 2014-02-04 17:45:21
|
Howdy, I want to redirect all requests on port 3389 to specified IP and port 192.168.0.3:3389 for that I use the following in iptables (I tested it and I found it works fine): --- sysctl net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.3:3389 iptables -t nat -A POSTROUTING -j MASQUERADE --- I tried to apply the above using Webadmin as shown in the following screenshots but it didn't work! http://i.share.pho.to/3c738400_o.png http://i.share.pho.to/9f0c08ba_o.png http://i.share.pho.to/b02e4810_o.png How can I fix this issue? The content of /etc/iptables.up.rules is: --- # Generated by iptables-save v1.4.12 on Tue Feb 4 19:01:20 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Tue Feb 4 19:01:20 2014 # Generated by iptables-save v1.4.12 on Tue Feb 4 19:01:20 2014 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Tue Feb 4 19:01:20 2014 # Generated by iptables-save v1.4.12 on Tue Feb 4 19:01:20 2014 *nat :INPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # Test -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.3:3389 # Test3 -A POSTROUTING -j MASQUERADE COMMIT # Completed on Tue Feb 4 19:01:20 2014 --- -- Best Regards Muhammad Bashir Al-Noimi |
|
From: Muhammad B. Al-N. <mb...@gm...> - 2014-02-08 10:26:46
|
Howdy, I want to redirect all requests on port 3389 to specified IP and port 192.168.0.3:3389 for that I use the following in iptables (I tested it and I found it works fine): --- sysctl net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 192.168.0.3:3389 iptables -t nat -A POSTROUTING -j MASQUERADE --- I tried to apply the above using Webadmin as shown in the following screenshots but it didn't work! http://i.share.pho.to/3c738400_o.png http://i.share.pho.to/9f0c08ba_o.png http://i.share.pho.to/b02e4810_o.png How can I fix this issue? The content of /etc/iptables.up.rules is: --- # Generated by iptables-save v1.4.12 on Tue Feb 4 19:01:20 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Tue Feb 4 19:01:20 2014 # Generated by iptables-save v1.4.12 on Tue Feb 4 19:01:20 2014 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Tue Feb 4 19:01:20 2014 # Generated by iptables-save v1.4.12 on Tue Feb 4 19:01:20 2014 *nat :INPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # Test -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.3:3389 # Test3 -A POSTROUTING -j MASQUERADE COMMIT # Completed on Tue Feb 4 19:01:20 2014 --- -- Best Regards Muhammad Bashir Al-Noimi -- Best Regards, Muhammad Bashir Al-Noimi |
|
From: Andrey R. <anr...@fr...> - 2014-02-08 19:35:15
|
Greetings, Webmin users list! > I want to redirect all requests on port 3389 to specified IP and port > 192.168.0.3:3389 for that I use the following in iptables (I tested it > and I found it works fine): > --- > sysctl net.ipv4.ip_forward=1 > iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT > --to-destination 192.168.0.3:3389 > iptables -t nat -A POSTROUTING -j MASQUERADE I already said, don't do this. With this rule, you're creating a security hole in your system and in systems connected with yours, as it tricking connected systems to believe that all traffic passing through your system is originated from your system. -- WBR, Andrey Repin (anr...@fr...) 08.02.2014, <23:27> Sorry for my terrible english... |
|
From: Muhammad B. Al-N. <mb...@gm...> - 2014-02-12 16:22:20
|
I don't mind about the security because I'm doing it in local network. All what I'm asking why this work fine with standard iptables while it doesn't under Webmin!!! On Sat, Feb 8, 2014 at 8:29 PM, Andrey Repin <anr...@fr...> wrote: > Greetings, Webmin users list! > > > I want to redirect all requests on port 3389 to specified IP and port > > 192.168.0.3:3389 for that I use the following in iptables (I tested it > > and I found it works fine): > > --- > > sysctl net.ipv4.ip_forward=1 > > iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT > > --to-destination 192.168.0.3:3389 > > iptables -t nat -A POSTROUTING -j MASQUERADE > I already said, don't do this. > With this rule, you're creating a security hole in your system and in > systems > connected with yours, as it tricking connected systems to believe that all > traffic passing through your system is originated from your system. > > > -- > WBR, > Andrey Repin (anr...@fr...) 08.02.2014, <23:27> > > Sorry for my terrible english... > > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > - > Forwarded by the Webmin mailing list at > web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > -- Best Regards Muhammad Bashir Al-Noimi |
|
From: Muhammad B. Al-N. <mb...@gm...> - 2014-02-15 17:51:35
|
Come on guys, may some one help me here... please. On Wed, Feb 12, 2014 at 5:21 PM, Muhammad Bashir Al-Noimi <mb...@gm... > wrote: > I don't mind about the security because I'm doing it in local network. All > what I'm asking why this work fine with standard iptables while it doesn't > under Webmin!!! > > > On Sat, Feb 8, 2014 at 8:29 PM, Andrey Repin <anr...@fr...>wrote: > >> Greetings, Webmin users list! >> >> > I want to redirect all requests on port 3389 to specified IP and port >> > 192.168.0.3:3389 for that I use the following in iptables (I tested it >> > and I found it works fine): >> > --- >> > sysctl net.ipv4.ip_forward=1 >> > iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT >> > --to-destination 192.168.0.3:3389 >> > iptables -t nat -A POSTROUTING -j MASQUERADE >> I already said, don't do this. >> With this rule, you're creating a security hole in your system and in >> systems >> connected with yours, as it tricking connected systems to believe that all >> traffic passing through your system is originated from your system. >> >> >> -- >> WBR, >> Andrey Repin (anr...@fr...) 08.02.2014, <23:27> >> >> Sorry for my terrible english... >> >> >> >> ------------------------------------------------------------------------------ >> Managing the Performance of Cloud-Based Applications >> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >> Read the Whitepaper. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk >> - >> Forwarded by the Webmin mailing list at >> web...@li... >> To remove yourself from this list, go to >> http://lists.sourceforge.net/lists/listinfo/webadmin-list >> > > > > -- > Best Regards > Muhammad Bashir Al-Noimi > -- Best Regards Muhammad Bashir Al-Noimi |
|
From: Andrey R. <anr...@fr...> - 2014-02-15 19:35:23
|
Greetings, Webmin users list! > Come on guys, may some one help me here... please. 1. Without full dump of the rules this can't be solved. 2. Following 1, this is not a webmin question. This is generic netfilter/iptables question. 3. Your rules have an error that will cost you a headache at least. > On Wed, Feb 12, 2014 at 5:21 PM, Muhammad Bashir Al-Noimi <mb...@gm... >> wrote: >> I don't mind about the security because I'm doing it in local network. All >> what I'm asking why this work fine with standard iptables while it doesn't >> under Webmin!!! >> >> >> On Sat, Feb 8, 2014 at 8:29 PM, Andrey Repin <anr...@fr...>wrote: >> >>> Greetings, Webmin users list! >>> >>> > I want to redirect all requests on port 3389 to specified IP and port >>> > 192.168.0.3:3389 for that I use the following in iptables (I tested it >>> > and I found it works fine): >>> > --- >>> > sysctl net.ipv4.ip_forward=1 >>> > iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT >>> > --to-destination 192.168.0.3:3389 >>> > iptables -t nat -A POSTROUTING -j MASQUERADE >>> I already said, don't do this. >>> With this rule, you're creating a security hole in your system and in >>> systems >>> connected with yours, as it tricking connected systems to believe that all >>> traffic passing through your system is originated from your system. >>> >>> >>> -- >>> WBR, >>> Andrey Repin (anr...@fr...) 08.02.2014, <23:27> >>> >>> Sorry for my terrible english... >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Managing the Performance of Cloud-Based Applications >>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >>> Read the Whitepaper. >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk >>> - >>> Forwarded by the Webmin mailing list at >>> web...@li... >>> To remove yourself from this list, go to >>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>> >> >> >> >> -- >> Best Regards >> Muhammad Bashir Al-Noimi >> -- WBR, Andrey Repin (anr...@fr...) 15.02.2014, <23:28> Sorry for my terrible english... |
|
From: cj y. <cj...@yo...> - 2014-02-15 19:57:15
|
It actually is a Webmin question. Whether or not it's a great idea is not the question. He is able to do it manually but not in Webmin. That's the question he wants resolved. Not whether it's a smart thing to do or not. I would also ask some clarification of why it's not a smart thing to do. I am interested in iptable configurations and am curious as to what's the issue that creates a security hole. explanation please!! On 02/15/2014 11:30 AM, Andrey Repin wrote: > Greetings, Webmin users list! > >> Come on guys, may some one help me here... please. > 1. Without full dump of the rules this can't be solved. > 2. Following 1, this is not a webmin question. This is generic netfilter/iptables question. > 3. Your rules have an error that will cost you a headache at least. > >> On Wed, Feb 12, 2014 at 5:21 PM, Muhammad Bashir Al-Noimi <mb...@gm... >>> wrote: >>> I don't mind about the security because I'm doing it in local network. All >>> what I'm asking why this work fine with standard iptables while it doesn't >>> under Webmin!!! >>> >>> >>> On Sat, Feb 8, 2014 at 8:29 PM, Andrey Repin <anr...@fr...>wrote: >>> >>>> Greetings, Webmin users list! >>>> >>>>> I want to redirect all requests on port 3389 to specified IP and port >>>>> 192.168.0.3:3389 for that I use the following in iptables (I tested it >>>>> and I found it works fine): >>>>> --- >>>>> sysctl net.ipv4.ip_forward=1 >>>>> iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT >>>>> --to-destination 192.168.0.3:3389 >>>>> iptables -t nat -A POSTROUTING -j MASQUERADE >>>> I already said, don't do this. >>>> With this rule, you're creating a security hole in your system and in >>>> systems >>>> connected with yours, as it tricking connected systems to believe that all >>>> traffic passing through your system is originated from your system. >>>> >>>> >>>> -- >>>> WBR, >>>> Andrey Repin (anr...@fr...) 08.02.2014, <23:27> >>>> >>>> Sorry for my terrible english... >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Managing the Performance of Cloud-Based Applications >>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >>>> Read the Whitepaper. >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk >>>> - >>>> Forwarded by the Webmin mailing list at >>>> web...@li... >>>> To remove yourself from this list, go to >>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>>> >>> >>> >>> -- >>> Best Regards >>> Muhammad Bashir Al-Noimi >>> > > > > > -- > WBR, > Andrey Repin (anr...@fr...) 15.02.2014, <23:28> > > Sorry for my terrible english... > > > ------------------------------------------------------------------------------ > Android apps run on BlackBerry 10 > Introducing the new BlackBerry 10.2.1 Runtime for Android apps. > Now with support for Jelly Bean, Bluetooth, Mapview and more. > Get your Android app in front of a whole new audience. Start now. > http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list -- |
|
From: Andrey R. <anr...@fr...> - 2014-02-15 20:35:21
|
Greetings, Webmin users list! > It actually is a Webmin question. Whether or not it's a great idea is > not the question. He is able to do it manually but not in Webmin. > That's the question he wants resolved. Not whether it's a smart thing > to do or not. Again, without full dump of the rules this can't be solved, be it webmin problem or not. > I would also ask some clarification of why it's not a smart thing to > do. I am interested in iptable configurations and am curious as to > what's the issue that creates a security hole. explanation please!! This. >>>>>> iptables -t nat -A POSTROUTING -j MASQUERADE >>>>> I already said, don't do this. >>>>> With this rule, you're creating a security hole in your system and in >>>>> systems >>>>> connected with yours, as it tricking connected systems to believe that all >>>>> traffic passing through your system is originated from your system. -- WBR, Andrey Repin (anr...@fr...) 16.02.2014, <00:28> Sorry for my terrible english... |
|
From: Andrey R. <anr...@fr...> - 2014-02-05 20:50:14
|
Greetings, Webmin users list! > I want to redirect all requests on port 3389 to specified IP and port > 192.168.0.3:3389 for that I use the following in iptables (I tested it > and I found it works fine): > --- > sysctl net.ipv4.ip_forward=1 > iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT > --to-destination 192.168.0.3:3389 > iptables -t nat -A POSTROUTING -j MASQUERADE DO NOT DO THIS. -- WBR, Andrey Repin (anr...@fr...) 06.02.2014, <00:45> Sorry for my terrible english... |
|
From: Muhammad B. Al-N. <mb...@gm...> - 2014-02-06 12:28:54
|
are you some kind of the spammers? The isn't an answer for my question!!! Andrey Repin <anr...@fr...> wrote: >Greetings, Webmin users list! > >> I want to redirect all requests on port 3389 to specified IP and port >> 192.168.0.3:3389 for that I use the following in iptables (I tested >it >> and I found it works fine): >> --- >> sysctl net.ipv4.ip_forward=1 >> iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT >> --to-destination 192.168.0.3:3389 >> iptables -t nat -A POSTROUTING -j MASQUERADE >DO NOT DO THIS. > > >-- >WBR, >Andrey Repin (anr...@fr...) 06.02.2014, <00:45> > >Sorry for my terrible english... > > >------------------------------------------------------------------------------ >Managing the Performance of Cloud-Based Applications >Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >Read the Whitepaper. >http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk >- >Forwarded by the Webmin mailing list at >web...@li... >To remove yourself from this list, go to >http://lists.sourceforge.net/lists/listinfo/webadmin-list -- Best Regards, Muhammad Bashir Al-Noimi |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X