Iptables
Configuring iptables for Network Traffic Management
[redigera | redigera wikitext]To manage the network traffic so that HTTP and HTTPS requests go to `192.168.1.43`, while DNS requests go through `192.168.1.1` and then to `192.168.1.48`, you can configure your iptables rules accordingly.
Allow HTTP and HTTPS Traffic to `192.168.1.43`
[redigera | redigera wikitext]sudo iptables -A FORWARD -p tcp --dport 80 -d 192.168.1.43 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 443 -d 192.168.1.43 -j ACCEPT
Allow DNS Traffic to `192.168.1.1` and then to `192.168.1.48`
[redigera | redigera wikitext]# Allow DNS requests to 192.168.1.1
sudo iptables -A FORWARD -p udp --dport 53 -d 192.168.1.1 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 53 -d 192.168.1.1 -j ACCEPT
# Allow DNS requests to be forwarded from 192.168.1.1 to 192.168.1.48
sudo iptables -A FORWARD -s 192.168.1.1 -d 192.168.1.48 -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -s 192.168.1.1 -d 192.168.1.48 -p tcp --dport 53 -j ACCEPT
Ensure Local Traffic is Allowed
[redigera | redigera wikitext]# Allow all local traffic on the loopback interface
sudo iptables -A INPUT -i lo -j ACCEPT
# Allow all traffic on the eth0 interface
sudo iptables -A INPUT -i eth0 -j ACCEPT
# Allow all traffic on the wg0 interface
sudo iptables -A INPUT -i wg0 -j ACCEPT
# Allow traffic from 192.168.1.43
sudo iptables -A INPUT -s 192.168.1.43 -j ACCEPT
Allow Outbound Traffic to `192.168.1.43`
[redigera | redigera wikitext]sudo iptables -A OUTPUT -d 192.168.1.43 -j ACCEPT
Save iptables Rules
[redigera | redigera wikitext]sudo sh -c "iptables-save > /etc/iptables/rules.v4"
Complete Commands
[redigera | redigera wikitext]Putting this all together, here are the complete commands to manage traffic as described:
# Allow all local traffic on the loopback interface
sudo iptables -A INPUT -i lo -j ACCEPT
# Allow all traffic on the eth0 interface
sudo iptables -A INPUT -i eth0 -j ACCEPT
# Allow all traffic on the wg0 interface
sudo iptables -A INPUT -i wg0 -j ACCEPT
# Allow traffic from 192.168.1.43
sudo iptables -A INPUT -s 192.168.1.43 -j ACCEPT
# Allow HTTP and HTTPS traffic to 192.168.1.43
sudo iptables -A FORWARD -p tcp --dport 80 -d 192.168.1.43 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 443 -d 192.168.1.43 -j ACCEPT
# Allow DNS requests to 192.168.1.1
sudo iptables -A FORWARD -p udp --dport 53 -d 192.168.1.1 -j ACCEPT
sudo iptables -A FORWARD -p tcp --dport 53 -d 192.168.1.1 -j ACCEPT
# Allow DNS requests to be forwarded from 192.168.1.1 to 192.168.1.48
sudo iptables -A FORWARD -s 192.168.1.1 -d 192.168.1.48 -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -s 192.168.1.1 -d 192.168.1.48 -p tcp --dport 53 -j ACCEPT
# Allow outbound traffic to 192.168.1.43
sudo iptables -A OUTPUT -d 192.168.1.43 -j ACCEPT
# Save iptables rules
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
How to add host and ip from local connection
[redigera | redigera wikitext]To allow any local IP to access a specific IP address and port using `iptables`, you can use the following command:
iptables -A INPUT -p tcp -d 192.168.1.48 --dport 8989 -j ACCEPT
To make the iptables rules persistent across reboots, use the following command:
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
Here's what each part of the command does:
- -A INPUT: Append this rule to the INPUT chain.
- -p tcp: Specifies the protocol (TCP in this case).
- -d 192.168.1.48: Specifies the destination IP address.
- --dport 8989: Specifies the destination port.
- -j ACCEPT: Accept the packets that match the rule.
This command will allow any local IP to access the IP `192.168.1.48` on port `8989` for TCP connections.