Fundamentals of iptables

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello friends welcome back I am Rajesh and today we are going to understand how to handle the packets using IP tables IP tables is a packet filtering and packet altering application which is available on all the Linux distros so the question comes why do we want to filter the packet it simply means if you are talking about your server you want to restrict access from a specific IP address or to a specific service by a specific set of networks packet filtering means a simple firewall that blocks and allows different set of networks or access to different ports and IP addresses the second part is mangle or packet alteration you could modify the packet also why do we want to modify the packet the reason could be you want to modify the TCP headers associated with it it could be time to live type of service you could mark a packet and implement different quality of service to it you can implement a traffic shaping based on this mark so let's talk about these chains if you are talking about this rectangle it says your firewall and network is outside your firewall so finally what is happening is this is your internet or any external network as soon as the traffic comes to your firewall first of all it enters the pre routing chain as the name suggests it's pre routing it simply means before the destination or before the routing decision is made for a packet the packet goes through the P routing chain here you can modify the TCP headers by using Mangal or you can modify or do network address translation why do we want to do network address translation you may have a server inside your land that may work as a webserver for public and that doesn't have direct access to the public IP address so in that case you can modify the address associated with this packet so that any packet coming for the web server goes to the internal web server we'll see an example of it after the routing decision is made it goes to the forward chain and then to post routing forward chain simply means any packet which is coming from the external network and going to the external network coming from one network or IP address and going to another network or IP address in this chain you can do you can pass it through the table which is Mangal which says you are modifying TCP headers the other could be related to filtering vir you can block a specific network from passing the traffic through this forwarding chain there and finally if you are talking about the okay let's talk about the input chain input chain simply means any traffic that is coming from any network but the final destination of the packet is local machine or your firewall in that case it goes through the input chain it's present in the tables mangle and filter filter means you are filtering blocking or allowing exes mangle means TCP header modification now any traffic that is originated from your firewall and goes out to a different network goes through the output chain output chain is present in the following tables which is mango network address translation and filter filter used for blocking or allowing a particular network or IP or port network address translation for as the name suggests network address translation and mangle for TCP header modification so output says any traffic originated from the firewall and going out to any IP or network and finally we come to post routing which simply means the routing decision is already made and finally you can modify the source address from which this packet was coming to a different IP address why do we need it one scenario is you have an internal network in which you have a single IP address single public IP address and multiple local IP addresses you want to share internet among all these land machines you may have to use post routing where you change the source address for any traffic going from the going through the firewall which is coming from the LAN and that will be masqueraded to the public IP address of your firewall and second is if you want any traffic going from your webserver SSH or any other server to make use of a different public IP address you can make use of it so to recall input chain means any traffic coming from anywhere to the firewall output chain any traffic originating from the firewall and going out pre routing any packet coming from the Internet as soon as it enters the NIC and before the routing decision is made it goes through the pre routing Chane and here we generally do destination network address translation or dnad because the routing decision is not yet made till the packet reaches this P routing chain post routing because the routing decision has already made the destination of the packet has already been defined now our objective could be to change the source address or source network address translation or as net forwarding any traffic coming from a network and going out to a different network so simply means which is passing through this firewall now coming on to the tables the default tables that we generally make use of our filter NAT and mangle filter means you are filtering the traffic allowing or blocking access to a port or from an IP address or from a specific port or through a specific port by default in the filter table we have three chains one is input there is output and third one is forward as we have already discussed input any traffic coming to the firewall output going out of the firewall and forward passing through the firewall NAT network address translation it can be implemented in pre routing and in pre routing as we already discussed because the routing decision is not made we can change the destination address of the packet and route it to a different network or different network inside our LAN so this is actually destination network address translation and post routing because the routing decision is already made the destination is already specified you can change the source address which goes to s net so post routing is s net and it can be implemented in output also mangle means TCP header modification and it's present in all of your chains basically the target which are different for the mangle are you can market and implement a traffic shaping on it you can modify the time to live and type of service now if we try to understand the IP tables structure as we discussed first of all there are multiple tables defaults are filter NAT and mangle corresponding to every table we have multiple chains by default for filter input output and forward so input output and forward could be there I just messed it so in every table we have multiple chains input output corresponding to every chain we have a set of rules so these rules are considered or evaluated on the basis of their number so it starts from rule number 1 2 3 if rule number 1 is matched and the traffic is accepted it will not be evaluating rule 2 then so we have to be very cautious when implementing these rules and the location of the rules that we have to define so in every table we have multiple chains and corresponding to every chain we have multiple rules now coming on to the targets we have a packet we have now checked out for certain rules what happens if a rule matches we can accept it means that packet is now allowed and no further processing is required for this packet drop drop that packet which matches a particular rule and no further processing will happen for that because the packet is already dropped log is a different rule which says log a particular packet that is matching certain criteria to the syslog or where log messages and continue processing the next rule why do we want to continue processing because what it did is simply logging simply logging no action was taken whether it's to be accepted or dropped now other action could be reject with sorry okay other action could be to reject now the difference between reject and drop is that in drop the packet is simply dropped and the machine that is responsible for sending this packet is not notified if you are talking about reject it notifies the sender of the message you that you are rejected for this packet specifying the reason it could be any error message that you specify D net you are modifying destination destination network address translation so you are rewriting the destination address you make use of the syntax - - - destination source address translation you modify the source of the packet to a different IP address so you make use of syntax - - to source masquerade masquerade means that is going to actually mask itself and going to make use of a default IP address or the default IP address of your firewall when going out so it does source network address translation by default the source IP address is the same used by the firewall interface it specifies a source port to which the original source port can be mapped so if you talk about the scenario it's simple you have a LAN you have a set of 10 or more pcs you have single router with a single IP a public IP address and you want to use our access internet from all these 10 machines you will make use of masquerading general IP tables command switch so - T says which table for which a rule is to be added or deleted - it could be your filter table NAT or mangle - J what is the action to be taken whether it's to be dropped rejected or accepted or methods - a happened at the end of the chain - f is to flush that chain means flushing means cleaning up all the rules or deleting all the rules from the chain - P you can specify the protocol type TCP UDP icmp - s the source IP address - be the destination to which the traffic has to go - i is the input interface from which traffic is coming or the packet is coming - oh the output interface through which this packet is going now - - s port is the source port from which the traffic is coming - - d port is the destination port to which the traffic is going - - sin for sin packets you can specify multiple ports in the same rule by using M - M multi-port + - - s ports or destination ports depending on the source ports or destination port you want to specify and finally it could be based on the state of a packet the state of a packet could be established means the connection is already established and the traffic is flowing through it and you get a packet corresponding to the same established connection that it comes under the state established new when a new connection comes from a new IP address which is created trying to create a new connection related its the packet is related to the traffic which is actually which is already coming to the server invalid the packet couldn't be identified the reasons could be different it could be due to insufficient system resources or ICMP errors that don't match an existing data flow now the kernel modules associated with it if you want to implement IP tables nabbed this modules should be loaded if you are talking about connection tracking or you want to rate limit your traffic you need to have contract loaded and if you are talking about FTP as I suppose you might be knowing that FTP instead of making use of single connection makes use of two connections one is for command and other is for the flow of data for command it makes use of TCP 21 for the flow of data it make use of port UDP 20 so the second connection may be established by your client machine or by the server itself depending upon whether the server is active in passive or active mode if the FTP server is acting in active mode the server will initiate a connection from itself to the client for data if the server is acting in passive mode it will tell the client connect to me using this port so if you are if you have implemented iptables and you are implementing ftp server on your server you need to implement IP contract FTP or you need to load this module if your FTP server is behind NAT you need to make use of all you need to load the module net FTP now this is the scenario that we have in our lab this is the internet which is network 192 168 1.0 in my scenario and the land is using 1000 dot 0 / 24 network behind which these machines are there the lab scenarios that we are going to implement is first is these pcs they should be able to access the internet which simply says I am going to implement a rule which is corresponding to the post routing and which is going to masquerade any traffic from this network so that it passes or makes use of this IP address of the firewall or the public IP address of the firewall the second rule is we are going to implement a web server in one of the PCs and for that any client that tries to access the browser is going to make use of some public IP address it could be the IP address of the firewall and then it tries to hit port 80 on this firewall it will actually be forwarded to the PC one and this time we are going to make use of pre routing chain because before the routing decision is made we need to modify the destination address so that it reaches PC one as net okay the third scenario is going to be s net where I am going to modify the source IP address of this PC one whenever it tries to reach the Internet so basically in other words I could say whenever I am trying to reach the Internet I am going to make use of a public IP address dashed with it so assigning a public IP address to a server inside LAN so here we finish up with the lab not finish up with the presentation coming on to the lab now so okay let's understand the scenario we have one machine infra which is any of your machines which is present on the internet because I am simulating 192 168 1 dot X as a network which is acting as an Internet we have installed sent to s6 on FW 2 - in which is going to work as a firewall on which we are going to implement some rules and test out the scenarios this firewall has two interfaces one is 192 168 1 or 240 and other is to 1000 dot 240 this is your public IP address and this is your internal IP address to which your India office is connected now there is one office in India or any under any country or any city that has the IP address this 1/10 of 0.02 now let's start with the scenarios here if you want to understand them this is my firewall in India office this is one of the stations in your India office and rest all is internet specifically this infrared my desktop is an Internet and 192 168 1 dot X is considered as an Internet for our lab scenarios because I don't have multiple public IP addresses at my home so let's create sessions with these machines this is my firewall this is my station clear it and this acts as any machine in the internet okay so first thing is station 1 dot in any machine desktop or server which is inside your LAN which that wants to reach to the Internet okay first of all let me see the configuration routing configuration if config it says I have a single IP address which is 10 dot 0 dot 0 dot my default route is 10.0.0.0 wall if config eth 1 so this is the IP address of your firewall fine so any traffic that is going through this india station is going to go through this firewall okay let me first start with the filter table so let me install Apache web server on it on the firewall itself okay I created a file index dot HTML which has nothing else but the host name of this machine which is going to be FW 1 dot n the reason being whenever I try to access the web server I can assure myself that I am hitting the web server of firewall now elinks is not there healings is actually your console or incasa's based browser elinks HTTP 10.0.0.0 T and it says no route to host okay can we ping it yes I can ping it can I hit port 80 for the browser I cannot hit because IP tables - L - N and here okay let's have a generous look into the IP tables so what I did is I P tables - L is to list all the T all the chains by default for the table filter and - n do not try to resolve the IP address by name so here if I see it's displaying me the filter table and there is input chain forward chain and output chain in the input chain it says it's actually not complete - V is for verbosity here we see the number of packets the number of bytes that have been received in this chain in this input chain corresponding to this rule okay there was one more thing line numbers to display the line number so actually the rules are implemented in the same numeric way rule number one is evaluated first then two then three then four if two succeeds and it says accept or drop rule three will not be checked okay so number of packets coming for rule number one number of bytes come except in case the state is related or established okay so it says allow ICMP X's from any IP address allow any traffic which is coming from local host accept TCP traffic coming to port 22 and then reject all so if you see to the look if you see to the rules you are not allowing port 80 so what I'm going to do is just before reject I can create my custom input chain so here you can see rule number five so what I'm going to do is first of all let's create a new chain and name it as my input chain so now if you type this command here you can see there is one more new chain which is my input but now the traffic is not going to get into this chain because it doesn't know when the traffic has to go to it now you need to specify at some location by default you have three chains which are evaluated in put forward and output so I'll tell it whenever it traffic comes to an input before getting rejected send it to my input so how do I do it IP tables - I input 5 - J means send it to my input chain it will say at rule number 5 in input chain add a rule which says send the packet to my input now if I again see the rule it says here it sends the packets to my input chain and now whatever rules in my input are there they'll be evaluated and after that it will come back to the sixth rule and it will reject so my objective is to allow traffic from any network or from this specific network or IP address to access the web server so what I am going to do I pee tables - I or - eh doesn't matter - I is rule number is going to add as rule number one and - a is going to append as the last rule in there chain because this is a new chain so does not matter - s 10.0.0.0 / 24 - p tcp - - deport eighty - Jai accept so this says any traffic coming from the source network 10.0.0.0 / 24 hitting port 80 on this server which is firewall so it's to be accepted and here it comes the rule is added now after you are done you have to type the command service IP tables safe now what happens is you have a file / it assesses config IP tables that will be updated for the new rules that you have added so here you can see happen this rule to my input previously before you didn't save it it was not there so after every modification to the fire will make sure that you have saved the IP tables rules fine now as I have allowed the traffic from this India officer India Lane to hit port 80 let me see if I can successfully do telnet on port 80 yes healings and I can see that this is the firewall that I can access this is the web server on the firewall or it will just display what we have in this file so now this is how the input chain works or let's talk about another scenario or let's have an example about output chain okay I have forward about one thing if you talk about input chain here you can see policy which is accept which says by default an input chain except the traffic in case your traffic doesn't matches any of the criteria except the traffic but as we have the last rule which says reject so everything else is rejected if you talk about policy forward it says accept everything by default but you have a rule which is present in rule number one which says any traffic going from which is forwarding through this firewall block that traffic here okay if you talk about output the policy sees accept and there is no such rule which simply means any traffic going out anywhere whether to internet or internal land that will be allowed without any restriction so and generally as a rule of thumb you allow outgoing access or you allow the traffic from any PC to outside only the internal traffic is blocked okay if you want to see an example I think I have the web server on station two also yeah I have it so if I try to access it let me install a links on the firewall also okay okay the reason is because if you talk about make sure that whenever you are listing make use of capital L minus n here we are blocking the incoming put it t so that's the reason it's not able to open okay he links HTTP google.com you can access any website or because it's allowed output chain is allowed by default so okay this is my machine in Internet any machine in Internet so telnet 192 168 1 dot 2:05 389 ok telnet is not there why I am running this is I just wanted to show you TL okay so 22 so here I can see that I can connect to port 22 on infracells because this is allowed by the input chain of infra and it's allowed by the output chain of firewall if I want to block this traffic what I'm going to do is I P tables - a output - e TCP - - D port 22 - D 192 168 1 - 2 0 5 - j drop so what this rule is going to do is any traffic going through the output chain to port 22 in this infra so this is how we add rules in output chain okay here you can see one rule in it so okay there is one option which is minus F which says flush a particular chain so if I type the command minus F output it is going to flush or clean up the chain now here you can see the output chain is now cleaned up so this is minus capital F that it does okay now let us talk about configuring this firewall as a router the first part that we need to do to configure it okay as a router is to enable IP forwarding one option is you can just try to grab forwarding or in /e DCCCD l.com you can see that by default tcp forwarding is disabled means the traffic coming in from one interface and going out of the order other interface will always be blocked so first thing you need to do is you need to enable IP forwarding if you don't have this option in your CTL conf you can try to grab the same IP underscore forward incest CTL and here it says it's zero so first of all let's make it permanent ccTLD and enable I P forwarding since CTL - P to reload the CTL and now if you tried to grab IP forwarding this is enabled now any traffic going through one interface of this router can come out of the other interface if you talk about this firewall we have multiple interfaces ETA 0 ETH 1 ETH 2 eth0 : 1 down I don't need it I'll add it later on and we'll show you why it was added ok so TCP forwarding is enabled but till now you can see that in the forwarding chain it rejects any traffic so we need to allow the traffic from our internal network if you trust it and of course if it is our internal network we trust it so iptables - i forwards - s1000 dot 0/24 - j accept this rule says add rule number one in forward chain which says any traffic coming from station to Earth from India network which is 10.0.0.0 / 24 allow it and any traffic that is going back to India office let's allow it or you can just allow restricted traffic which goes inside or into your India LAN now you cannot still ping it but we have implemented two things using sis CTL IPV forwarding is enabled - tea filter which was by default - l forward you can specify a particular chain - n and here you say that it's allowing the traffic which is coming from internal network and going anywhere the traffic coming from anywhere and going to internal LAN which is allowed now the first thing or any public IP address for example 1.20 v we cannot even ping it right the reason being I don't have a public IP address or an IP address in the network 192 168 1 dot X in case I want to reach the public IP address or say any actual public IP address I need to have some IP address to which I can masquerade myself as we had a talk in the presentation about masquerading so first scenario is implementing internet access in India Office which is 10.0.0.0 / 24 so first thing is in the forward chain we allow the traffic from India Lane and to India and we have implemented sis CDL so I P forwarding is enabled the final thing is if we want to have internet access inside all the stations in India we need to do source netting which says iptables - t net let me have a look into the rules that are already there if I talk about mine at table there is no such rule as of now so I am going to add a rule in post routing chain which is coming from the network my internal land and going out through the interface eth0 which is my 192 168 1 . 240 interface I'll show you - J masquerade okay let's try to understand this rule it says add a rule in the post routing chain of the NAT table which says any traffic coming from India office going out through eth0 interface that should be masqueraded to the public IP address of eth0 if config eth0 and here we can confirm that this is an IP address which is corresponding to the public interface of my firewall but still we cannot ping for door-to-door to the - or I think we cannot bring any IP address okay so right now here I can see that we are able to reach to 192 168 1 dot X network which we previously were not able to let's try it to reach to the Internet if we can and here you see we are now able to reach to the Internet or if I just try to ping yahoo.com it succeeds now so what actually was done just to recall okay after the rule has been implemented it will be a good practice to do service IP tables okay before that I'll show you /e DC says config and IP tables and here you cannot see any rule corresponding to post routing that we just added here here we have the rule corresponding to post routing that's not present so service IP table save and now you can see okay here my input forward forward and here you can see the route corresponding to post routing and if we just move to the previous before just before we saved it okay let me just increase the size of it so here was the status of iptables input forward output nothing like nat after that we did iptables saved and we can see corresponding to post routing there is a rule corresponding to this masquerade which were not there previously okay so finally just to recall what we did is we have added a rule in the post routing Y post routing because the decision regarding the destination is already taken when the traffic is coming from here I am trying to ping yahoo.com the traffic definitely has to go to yahoo.com but the only thing that is to be modified is the source address why the source address because if we are talking about the source address 10.0.0.0 the Internet so what happens when yahoo.com tries to respond to my request over this IP address standard 0.022 that's an internal network and the traffic will not be able to reach back to your station - so what actually is happening by the addition of this post routing rule you see any traffic coming from the India station masquerade it to the public IP address of firewall which is 1.2 40 okay so this is how it works just as one more example I'm trying to hit telnet 192 168 1 . 2:05 on - I - next at - P&T grep 22 so what I wanted to show after using this telnet command is from where the connection is coming from station 2 if we are talking about infrasound public IP address so my objective is which is the IP address with which the traffic is coming from station 2 and here if you see okay let me create one more session for station two next at minus P a and T rep 22 some mistake sorry it was actually three so here you can see that there is a connection from the port five seven zero nine three two one or two zero five on both 22 fine if we talk about the intra so where we are hitting this on port 22 we can see that the requests are coming from 192 168 1.2 1.2 and window 240 so if we are talking about 192 168 1 dot 240 this is the actual IP address that this is the actual connection that is established by station 2 instead of using 10.0.0.0 address of firewall to dot in okay so if next step - PA + T grep 22 so if we try to graph it over here you cannot see something like that IP tables take care of it so okay 192 168 1 . 240 we have one connection fine now if I try to do 192 168 1 dot 2 0 5 and okay so I can see that the connection is okay I actually grabbed only put 20 so here I can see there there is one more connection to put 80 from this IP address 192 168 1 dot 240 so whatever connection I am trying to make from my station to it or any station inside India network that actually takes the IP address of firewall 2 or the fire wall which is 192 168 1 dot 2 40 so this is how masquerading works No let's come on to the next scenario which says my web server is in my land and which doesn't have a public IP address so this is some machine in the Internet and this is station 2 in India land which is going to work as a web server from the internet also so what I am going to do is first thing what I need to do this is any machine in Internet what I'm going to do is I am going to hit whether it's the IP address of firewall or any other virtual public IP address associated with it I am going to hit the firewall on some port and that is going to forward the request to Station two so that's actually the destination network address translation so let's try to open it first it says no route to host fine because Apache service is right now stopped on it let me start in it dot d httpd start 1000 dot - okay fine the web service is now working fine on it and in the input chain just before you are rejecting the traffic I am going to add a rule - I input rule number 5 - p tcp - - deport eighty minus j except so it says I am going to work as a web server so any traffic coming for me on port 80 allow it fine so e links HTTP 1000 dot - it works fine it should work from what fine from this location also here you can see that I can open it fine now the objective is this web server is going to be accessed from the internet like from this infra so but right now I cannot access to make it accessible from the internet we have a firewall which is attached to the India Office so this firewall is going to take care of it it will say let's see the status of the NAD first so coming on to pre routing why prenup rerouting because I have to change the address or the destination address of the packet - PT c p- - deport eighty so whatever traffic is coming in the pre routing chain which is destined to put 80 and you can say that - d the destination IP address 192 168 1 the 242 port 80 - Jay Dean at change the destination address - - - tend of 0.02 this is the IP address of station 2 and now if I see I have added a dinette rule which says coming from any IP address TCP port 80 on 192 168 1 dot 240 send it to station 2 and now if I try to open this it's opening from the internet like from the infra server or from my web browser which is present on the Internet 192 168 1 . 2 4 0 so I am able to hit from the internet to station 2 dot n which is actually present inside the india lan and doesn't have any public IP attached to it let's see one more example of the same where if we want to assign a different port to it like example of port forwarding you may have okay i'll give you one more example if config eth0 colon 1 192 168 1 dot 2 3 9 so what actually i am doing i am assigning one more virtual IP address to it and whatever traffic is coming on the IP address 192 168 1 the 239 on port 8080 that is to be send to 1000 to port 80 so what it says any traffic coming from the internet coming to IP address 239 on port 8080 send it to 1000 280 which is web server so I just open new tab HTTP 192 168 1 dot 2 3 9 colon 8080 and here you see that I am able to reach to the station from the any public IP address so this is how port forwarding works this is an example of destination network address translation because we are changing the destination of the packet that is coming and where do we change the destination before taking any kind of routing decision if you are talking about post routing we change the source network address translation or we do s okay so let's talk about a scenario we want to assign a specific public IP address to any machine so let's talk about the station I want to assign it a public IP address okay third is public IP address to a machine in LAN so what we are going to do is till now what is happening if I try to reach telnet 192 168 1 the 205 netstat - PA + T grep 80 here I can see that the connection is getting established from eth0 interface of the firewall I want to assign it a different IP address so whenever a traffic is coming from station 2 it is rather going to make use of a different IP address and I am going to assign the IP address 192 168 1 dot 2 3 8 fine so what should I do let's come on to the firewall and say IP tables - I post routing post routing - s coming from 10.0.0.0 IP tables - I post routing - s - Jay change the address or in post routing sorry we change source address post routing - yes NAT - - - source 192 168 1 dot 2 3 8 so IP tables - tea NAT sorry F over it so we have added a rule for s NAT that says whenever the traffic is coming from 1000 to going anywhere mark it as a source from 192 168 1 . 2 3 8 the other thing that should happen is there should be a virtual IP address assigned to it with the same IP 192 168 1 . 2 3 8 up so now if I try to repeat the same thing there is no connection to port 80 I am going to open it so here you can see that the connection to the web service on infra is coming from 192 168 1 2 2 3 8 rather than 1.2 50 because I created an s NAT which says whenever the traffic is coming from station 2 and reaching to the Internet or any public IP address it should make use of 192 168 1 . 2 3 8 so this is how s networks ok so the other part is if you want to assign a static IP address when the traffic is coming from internet that is d net so I'm going to create a rule in free routing chain - I pre routing - D of any traffic coming to the post routing and the destination of which is 192 168 1 dot 2 3 8 do the destination netting and send it to destination destination 1000 - - so what is happening is I am also creating a pre routing rule which says any traffic coming to the destination 238 destination added to 1000 - so what it says you already created s NAT which says any time I am going to trap Internet I am going to make use of this IP address now this D net says whenever I am trying to access or whenever I am trying to reach to the IP address 238 the traffic will actually reach station 2 so let me try it 1.2 3 8 and Here I am able to reach station 2 dot n even I can do SSH to it and finally I'll reach Station two so what actually is happening using these s net and ear net rules we have specified that s net says whenever I am trying to reach to the internet I'll make use of IP address to 38d Nats is whenever anyone from the internet tries to access the IP address 2:38 it has to reach to the destination 1000 - which says a static IP address or a static public IP address is assigned to a station which is inside your LAN so okay we are done with a pre routing post routing dnad s NAT so okay so these are the fundamentals related to iptables please do let me know in case there is any concern okay final thing is after you are done with everything do service iptables save so yeah thanks for listening and viewing the video have a good day I would really appreciate if you could please let us know your queries and concerns so that we can make the videos better thanks for viewing the video have a great day
Info
Channel: Rajnesh Kumar Siwal
Views: 82,195
Rating: undefined out of 5
Keywords: linux, iptables, packet filter, NAT, DNAT, Redhat, CentOS
Id: fQF2vEvqHgU
Channel Id: undefined
Length: 64min 4sec (3844 seconds)
Published: Sat May 04 2013
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.