Join Log in
Score:0
pawikoski avatar Server

I can't add any rule to iptables / iptables not saving

ci flag
pawikoski

I want to forward tcp and udp traffic from wireguard ip address (10.66.66.2) to 0.0.0.0, but iptables doesn't want to cooperate.

OS is Oracle Linux 8, I use yum as package manager. Firewall.d is disabled.

iptables -S gives completely different output than cat /etc/iptables/rules

I want to apply few rules like this sudo iptables -t nat -A PREROUTING -p tcp -d 10.66.66.2 --dport 27015 -j DNAT --to-destination 0.0.0.0:27015 but it doesn't seem to register any changes in iptables - traffic is not routed to 0.0.0.0.

I reinstalled iptables and iptables-service, added rules directly to /etc/iptables/rules. that didn't help

My temporary solution is socat TCP-LISTEN:27015,fork,reuseaddr TCP:0.0.0.0:27015 - it works but it's not as convenient as iptables.

104
0 + 8
user1686 avatar
fr flag
user1686
Is there a specific reason for using `0.0.0.0` instead of the regular `127.0.0.1`?
0
Reply
pawikoski avatar
ci flag
pawikoski
Yes, when I host something on 127.0.0.1 it doesn't work under public ip address. But it doesn't matter for my problem with iptables - rule with 127.0.0.1 also won't be saved
0
Reply
user1686 avatar
fr flag
user1686
I mean as part of the NAT rule. Sure you would normally configure the service to _listen on_ 0.0.0.0, but that does not mean your clients would _connect to_ 0.0.0.0 – it only means "all addresses" in the context of establishing listeners, not in the context of routing actual packets (where you'd use one of the host's actual addresses instead).
0
Reply
pawikoski avatar
ci flag
pawikoski
ok, I think i get it now. So I want to listen on 10.0.0.114
0
Reply
user1686 avatar
fr flag
user1686
No, your app can listen on 0.0.0.0 as before, but the firewall rule would need to specify 10.0.0.114 (is this a different machine? if it's a different machine, how did you expect "0.0.0.0" to lead to it?)
0
Reply
pawikoski avatar
ci flag
pawikoski
10.0.0.114 is the same machine. But I still have problem with saving iptables. I can add any rules and they do not exist
0
Reply
user1686 avatar
fr flag
user1686
Are you looking for them in the `-t nat` table?
0
Reply
pawikoski avatar
ci flag
pawikoski
Yes. I reinstalled iptables and iptables-service once again and now it is saving the changes. I successfully opened the port 27015, checked it by nc -l 27015. But I still can't forward traffic from wireguard client 10.66.66.2 to 10.0.0.114
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.