top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Can IPtable check for a valid IP address?

+2 votes
341 views

We suffer from DNS lookups with a response IP address which is not existing. Can Iptables check on this?

posted Sep 18, 2014 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

What is it you actually want iptables to do? Do you want it to check if the IP address that the DNS server responds with exists and is in use?

Iptables (well, Netfilter) is a packet filter. You can filter packets that match a rule that you define. It can't validate your DNS server's output.

answer Sep 18, 2014 by Seema Siddique
Similar Questions
+2 votes

I am trying to do the following -
1. script_1 which can be executed to at the start to enable all IPs.
2. Whenever we want to block an IP we should call script_2 to block the IP.
3. Whenever we want to unblock an IP we should call script_3 to unblock.
4. script_4 to take the snapshot of the IPtable.

+1 vote

I am trying to use byte counters to know how much total data is transferred from an IP. However, simple test with ping shows that it counts 14 bytes less, probably ignoring later 2 header.

Is my understanding correct or am I missing something in this?

+1 vote

After testing and looking at the kernel source, I realize that this mapping:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to [local_ip]:10000-2000

Doesn't do a one-to-one port mapping
e.g.:

100.0.0.1:30000 > 192.168.0.5:10000
100.0.0.1.30001 > 192.168.0.5:10001
100.0.0.1.30002 > 192.168.0.5:10002

I was wondering if it was possible to do the 1:1 port range forwarding to different port ranges or if you have to use individual rules.

+5 votes

I want to forward all http traffic coming in from a perticular IP at local port 8080, to 2 particular IP Addresses (port 80). Is it enough to prepend the following in my IPtable

-A PREROUTING -s xx.xx.xx.xx/24 -p tcp --dport 8080 -j DNAT --to-destination xxx.xxx.xxx.xxx:80
-A PREROUTING -s xx.xx.xx.xx/24 -p tcp --dport 8080 -j DNAT --to-destination yyy.yyy.yyy.yyy:80

+2 votes

I have some issue with module (owner) in iptables v1.4.14

Current rule fails:
iptables -t nat -A OUTPUT -o eth0 -p tcp -s x.x.x.x -m owner --gid-owner usergroup -j DNAT --to-destination x.x.x.x:80;
I tried to use numeric gid, it failed too..

But this rule works fine:
iptables -t nat -A OUTPUT -o eth0 -p tcp -s x.x.x.x -m owner --uid-owner user -j DNAT --to-destination x.x.x.x:80;

Is it a BUG or I am missing something?

...