I have redirected all ipv4 dns request to my local dns server on port 60053 use iptables -J redirect.
But when I trying to do the same things for ipv6 dns request I failed, cause there isn’t a nat table for ipv6 on my router.
I have googled but didn’t found a solution, any suggestions would be appropriate. Thanks.
The nat table isn't there because the kernel module isn't loaded. You'll need to load it (and probably install it first). If you're on OpenWRT, the package you need is ip6tables-mod-nat.
Related
I ran into a problem I'm not able to fix. I have a server with some applications (a ghost blog and gogs for example) that are listening on specific ports. I want apache to handle them via proxypass. So far so good, I can specify a subdomain and let the requests through to the applications. But all my applications are still reachable via the specific port they run on. I can't let apache listen to this ports because, well, the ports are in use by the applications.
I'm just wondering is there a way to let any apllications just listen on a port and be reachable from locahost (so that only apache can reach them with that port) or is there any other way to limit the access to my applications so that they are only reachable through apache? Is there a solution I can use for all applications or do I have to tweak every single app myself?
Googling it just didn't get me the rights answers (lots of port 80 to https and so on)
Thank you for every answer / tipp / nudge in the right direction you can give me.
Best regards.
Allright, the biggest problem is always in front of the computer :)
I never thought about iptables, I don't know why, because I'm quite familiar with it. For anyone else having the same stupidity problem I had:
Make a rule that allows localhost to access this port:
iptables -A INPUT -p tcp -s localhost --dport 25 -j ACCEPT
Then just block every connection on that port with iptables
iptables -A INPUT -p tcp --dport 25 -j DROP
Don't forget to change 25 to your specific port.
Best regards.
In android, i have a proxy daemon which listens on a dedicated port and would like to relay the visit of some specific domains,but not for others, for example: this proxy will relay the request for www.yahoo.com, but does not affect www.google.com.
Is it possible to use iptables to implement this?
Normally it can't do that. Iptables routes/blocks traffic from/to IP's/Ports. Maybe a plugin can do that, but I am not firm with iptables plugins, and I don't know anything about iptables on android.
Apache can forward connections to, maybe that's the right choice for you.
I have a VPS server with a domain example.com, with apache2 listening port 80
Then, I have a web app in jetty server (running with mvn jetty:run), listening in port 8080
When I type example.com in a browser, I get a apache example page "it works!"
If I write example.com:8080 I get my webapp
Question is simple, how can I redirect for when I write example.com so that I get to my webapp?
I cant change port jetty to 80, its error.
command "sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080" does not anything effect
So, how can i make apache redirect 80 to 8080? in sites-enabled/default-000?
Please explain carefully, I'm a newbie with systems ;(
Thank you
EDIT
I solved it with this:
http://czetsuya-tech.blogspot.com.es/2012/07/how-to-port-forward-apaches-80-to.html#.VImt1XvyOPU
But last line:
RewriteRule ^/(.*) ......:8080/0,81 € [P,L]
Makes error at restart apache
I deleted it and works fine. Any problem with this? What is RewriteRule?
Using IPTABLES is one possible solution. I don't know much about IPTABLES - but there are a lot of tutorials out there, like this one: http://proghowto.com/iptables-redirect-port-80-to-port-8080
I don't know if that works if you have a running daemon (apache) on the destination port.
The other solution is to use a proxy module in apache to pass requests through to your webapp. On Linux only root users are allowed to use ports below 1000. On Windows you should be able to simply change the port in the jetty configuration.
There are two tutorials I often use, they apply to apache and tomcat but that makes no difference for the apache side:
https://confluence.atlassian.com/display/DOC/Using+Apache+with+virtual+hosts+and+mod_proxy
https://confluence.atlassian.com/display/STASH/Integrating+Stash+with+Apache+HTTP+Server
This is quite a common setup. Also there is almost no performance impact due to the proxying. Not that a user would notice anything.
I just set up a server in my house using private IP.
I can access my server using my domain from outside network/ outside from my house.
But I cannot access it from local network using my domain or my private IP address.
What can be the problem for this? is it the Apache settings?
(I can access it if I edit the /etc/hosts file)
Did you use the internal or external IP in your hosts file to get it working? If it was external IP it's probably the DNS issue. If it was the internal IP, the issue could be in the routers NAT.
Some routers/setups will only apply their NAT rules on packets traversing the external internet facing interface.
____________
| |
Server ---IntIf-|IntIP--ExtIP|-ExtIf--- Internet
|____________|
This is a bit simplified but basically when you access the external IP from the internal network the packet, following the dotted line, reaches the routers external IP before a NAT rule can be applied on ExtIf and then the router can't find anything listening so rejects/drops the connection.
To confirm if it is the DNS problem. Run an nslookup $domain from both your local and external boxes and see if they return the same IP address. If the IP's are the same and it's still not working you will need to take a closer look at the router, hopefully that's possible. If not you may need an internal DNS server that can respond with the internal IP addresses for any domains it knows about then forward any other requests externally.
The NAT issue is called NAT Loopback, Hairpinning or Reflection. See here for a linux solution.
If you can access it when you put in an entry in /etc/hosts, then likely it is DNS related. I am assuming you are putting in the public (external IP) and not an internal IP for testing.
If you have recently updated your DNS, then likely your local router (or ISP's DNS server) will still have the old IP cached or the fact that there is no DNS record setup cached. You could reboot your router to try and clear the cached entry, but it could well be cached at the ISP and you can only wait until it updates there (usually somewhere under 24 hours, often just a few hours). However, you could configure your computer to use a different DNS server for a while - eg. 8.8.8.8 or 4.4.4.4 which are both run by Google.
I have recently created a Rackspace cloud server instance using CentOS 5.5. I have used yum to install the "Web Server" group (it includes Apache, etc.), added www.booztrakr.com as the ServerName in httpd.conf, made sure iptables allows on port 80. I had registered this domain with Go-Daddy and changed their name servers to the Rackspace name servers on their site. I added "A" and CNAME records to the Rackspace name servers. httpd has been started. When I use curl on the server I can get the Apache landing page. When I dig www.booztrakr.com from a remote machine(over the internet) the answer section returns:
www.booztrakr.com. 300 IN CNAME booztrakr.com.
booztrakr.com. 300 IN A 184.106.216.156
When I try a browser or curl, it can't connect:
curl -G www.booztrakr.com
curl: (7) couldn't connect to host
I know this has got to be pretty basic and config related but I'll be dammed if I can see it. Any help would be appreciated. Thanks.
If dig resolves, this just means the DNS server returns the right values. It will even work if the IP doesn't exists.
If a HTTP connecting to the server fails, this is a configuration problem.
The server responds to ICMP requests, so it's not a routing problem.
When I use curl on the server I can get the Apache landing page
Your webserver is running, but you just can't reach it from outside. This is the problem. What does iptables --list outputs?