[ubuntu] Wildcard iptables delete

view full story

http://ubuntuforums.org – Hello. I'm brand new to Linux, but a long time Windows administrator, so I understand the concepts, not the syntax. I've stumbled through setting up Ubuntu Server as a NAT server. It's working great now. My goal is to map public IPs to private IPs. However, I want to change them often through an automated fashion (SSH remote call). So, I want to run commands that will remove the previous rule and add a new rule, or update the existing rule. For example, the original rule may be something like: iptables -t nat -I PREROUTING -d 206.72.119.76 -j DNAT --to-destination 10.240.5.5 iptables -t nat -I POSTROUTING -s 10.240.5.5 -j SNAT --to-source 206.72.119.76 The issue I'm running into is finding out how to delete the previous entry before adding a new one. For example, let's say that 206.72.119.76 should now map to 10.240.5.6 (instead of .5). Is there a wildcard option for the delete rule so that I don't need to know the original destination IP? i.e. iptables -t nat -D PREROUTING -d 206.72.119.76 -j DNAT --to-destination [+] Or, would it make sense to create a script that traverses all rules, gets the existing rule, and then deletes it? Of course my next issue would be that I don't know any Linux scripting so it's hard to know where to start. (HowTos)

Submitted by taskli on 01/24/2010 – Made popular on 01/24/2010

Login or register to post comments
Email this page

Stories similar to [ubuntu] Wildcard iptables delete

DNATing multiple ips not working 9 weeks 11 hours ago

i have centos box with public ip on eth0 and private ip on eth1,4 pub ips are aliased on eth0.

I have written DNAT rule to NAT request on 1.1.1.3 to 10.10.10.3 it worked fine,

but when i add more DNAT rule it is not working.

Server with 3 public IP and iptables 1 year 27 weeks ago

I have a linux box with two NIC cards: eth0 and eth1.

In one card i have 3 public IP:

eth0 = 10.10.10.1 eth0:1= 10.10.10.2 eth0:2= 10.10.10.3

In the other card I have one local IP

eth1 = 192.9.200.1

I want to redirect all the wan traffic for 10.10.10.2 to the LAN 192.9.200.2 and the same for 10.10.10.3 to 192.9.200.3

I have tried with this rule but doesn't work

iptables -t nat -A PRE

iptables: How to combine DNAT and SNAT to use a secondary IP address? 31 weeks 4 days ago

There are lots of questions on here about iptables DNAT/SNAT setups but I haven't found one that solves my current problem. I have services bound to the IP address of eth0 (e.g. 192.168.0.20) and I also have a IP address on eth0:0 (192.168.0.40) which is shared with another server. Only one server is active, so this alias interface comes and goes depending on which server is active.

iptables virtual interfaces transparent proxy 19 weeks 2 days ago

Running into an issue with my iptable rule to redirect outbound traffic on port 80 to a squid proxy transparently.

Here is my interface information

eth0 = internet eth1 = physical interface eth1:0 = 192.168.0.1/24 eth1:1 = 172.16.0.0/24

My iptables rule:

iptables -t nat -A PREROUTING -s 192.168.0.0/24 !

How to NAT and route with source and destination in packet 33 weeks 2 days ago

we currently have 2 old Linux servers running iptables that we're switching to a Cisco 2901 router. Since iptables and NAT on a Cisco device work differently, I'm not sure how to set up NAT on the Cisco device.

We have a rule in iptables that translates and forwards a packet based on its source and destination address.

How to dynamically generate iptables rule? 11 weeks 4 days ago

Good day. I have a following issue - i have plenty of the computers in my local network(probably, about 40, and this amount could increase), and i want to give remote access to all of them from the internet. All those machines are connected to internal network through one gateway/firewall/whateverelse with debian 6.0.7 on board.

Iptables rule that accept any kind of packet 1 year 22 weeks ago

I have these drop rules:

iptables -t mangle -P FORWARD DROP iptables -P FORWARD DROP

iptables -t mangle -P INPUT DROP iptables -P INPUT DROP

iptables -t mangle -P OUTPUT DROP iptables -t nat -P OUTPUT DROP iptables -P OUTPUT DROP

iptables -t nat -P PREROUTING DROP iptables -t mangle -P PREROUTING DROP

iptables -t nat -P POSTROUTING DROP iptables -t mangl

iptables: Internal port forwarding with fwmark and routing tables 16 weeks 4 days ago

I have 2 servers and I need to forwart to internal port.

To explain I use the server with 2 interfaces (internal/external) as server A and the internal server as server B.

In server A i use

iptables -A PREROUTING -t nat -i $extif -p tcp --dport $extif_port -j DNAT --to-destination $dst_ip:$dst_port" iptables -A FORWARD -t filter -d $dst_ip -j ACCEPT" iptables -A POSTROUTING -t nat -p tcp -s $ds

Setting iptables rule for all protcols for specific source and destination ports 41 weeks 3 days ago

Is it possible to add a IPTABLES rule which allows all the protocols for specific source and destination ports? I tried the following but it didn't work.

iptables -I FORWARD 1 -s 172.27.0.254/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 0 --sport 0:65535 --dport 1191:1191 -j ACCEPT

iptables error: unknown option `--sport`

Any comments are greatly appreciated.

[ubuntu] Wildcard iptables delete

Search

Best published stories

Beautiful linux wallpapers

Tags