CentOS 5 Networking :: View The Packets Saved By Iptables?
Jun 26, 2009if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?
View 4 Replies
ADVERTISEMENT
Networking :: Iptables REDIRECTing - All Outgoing Packets ?
Dec 6, 2010I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
Networking :: Iptables Routing Packets On Same Sub-network
Feb 17, 2010I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies View RelatedNetworking :: Redirecting Packets To Virtual Machine With Iptables
Mar 16, 2011I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.
View 1 Replies View RelatedNetworking :: Interesting Distribution Of Packets Over Iptables Rules
Mar 13, 2011I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?
View 1 Replies View RelatedNetworking :: SIP Packets Mysteriously Disappearing / When Iptables-nat Activated
Sep 10, 2010I have a very weird case in my firewall.I have an asterisk server and some phones and between them there is a linux firewall based on iptables.With basic rules on iptables everything works ok, but when I put a single nat rule (no matter what rule I use) some packets from some phones misteriously disappear from interfase to interfase.
Clearer:The firewall has two interfases: eth0 (pointing to phones) and eth2 (pointing to asterisk).One problematic phone is 192.168.3.242, so I use tcpdump this way.
Networking :: IPTables / SSH Connection To .150 - The Packets Are Still Handled By .150 After Adding The Rules
Jul 2, 2010I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
Networking :: Promiscuous Interface And Iptables To Receive Packets Not Destined To Localhost
Mar 22, 2010I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
View 2 Replies View RelatedNetworking :: IPTABLES DNAT For Packets Originated Within The "firewall"?
Aug 26, 2010I'd like to (if it's possible, of course) to redirect the packets originated within a linux box, and I've been tryin' to do it through the OUTPUT chain in nat table:
Code:
iptables -t nat -A OUTPUT -p tcp -d 192.168.0.74 --dport 80 -j DNAT --to-destination 192.168.0.17:80
The policy for the rest is ACCEPT.This redirection didn't work this way. If I do lynx http://192.168.0.74:80 I reach 192.168.0.74 host, so there is no redirection.Could I achieve what I'm needing through with IPTABLES' OUTPUT chain (in nat table)?
Networking :: Route Eth2 TCP Packets To Tun0 With IPTABLES And IP RULE/ROUTE?
May 8, 2011I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
Networking :: Use Iptables In Order To Forward All The Incoming Packets For Port 5555 To Port 5556?
Apr 4, 2011I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
General :: Iptables Never Saved And Boot File
Feb 7, 2010The last few times I had to restart my server, my iptables file was never saved and I had to load it from the backup. I always issue /etc/init.d/iptables save after any changes but for some reason it loads the default iptables file that came with the server.Any ideas on what to change?I would also like to use a default boot file that starts or restarts services like squid, nscd, postfix, iptables, etc - where can I edit that?
View 3 Replies View RelatedProgramming :: Drop Packets (not Iptables) In C / C++
May 24, 2010I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
View 10 Replies View RelatedNetworking :: Firewall - Allow Packets Coming From Internet After Authenticating And To By Pass Packets Generated From Internal LAN?
Feb 8, 2010i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
General :: Iptables Drop Fake Ip Packets?
Jun 2, 2011I'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.
Do I need both lines or only the first ?
--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP
--append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP
Ubuntu Security :: Why These Packets Droped By Iptables
Apr 30, 2011i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:
Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle
[code]....
Security :: Iptables - Block Bad And Not Related Packets
Jun 8, 2011My VPS host a mail, blog and web site. So i want to block port i not use. The port that i use is 80,21,2022,443. The other port will be drop. I want to block bad packet and all packet that not related. Can anyone how to write in iptables?
View 2 Replies View RelatedCentOS 5 Networking :: NIC Drops Packets / But Reports No Errors
Jul 24, 2009I've got an odd one, running the CentOS 5.3 kernel, I'm experiencing lost packets on one of the two NICs when tested with ping. In this particular case, it's the internal NIC that causes the problem, pings from the CentOS machine to the public network over the external NIC never loses packets.(internet)<-->CentOS<--> (LAN) <--> desktop
- CentOS can ping the internet with no packet loss
- CentOS loses packets when pinging the desktop(s)
- Desktops lose packets when pinging the CentOS box
- Taking the LAN switch out of the equation still results in lost packets
- When the LAN NIC on the CentOS box "acts up", all desktops start losing packets
I've swapped out the NIC a few times for different makes/models, and I'm still getting lost packets to/from the internal network. So, I'm thinking that there's something squirrely going on higher up in the network stack. But evidently, not enough to log anything to the console or into the log files.At the moment, I'm leaning towards it being an issue with the nForce 750a SLI chipset. But it's odd that it only affects the LAN card and not the WAN card. I've even swapped the positions of the two NICs, and the problem persists on the LAN card.The other possibility is that iptables is eating packets silently, but in a random fashion.
Programming :: Write A Program In C That Can Sniff Packets From Ethernet And Distinguish RTP Packets From Non-RTP Packets?
Aug 30, 2010i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedUbuntu Security :: Drop Igmp Port 0 Packets With Iptables Rule?
Jan 3, 2011how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies View RelatedSecurity :: Iptables State Module - Configuration Error / Not Enable Incoming Packets From Connections Initiated From Inside?
Mar 30, 2011I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
CentOS 5 Networking :: Iptables U32 Does Not Work
Apr 7, 2010When I try something like, I get:
iptables -A FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
iptables: No chain/target/match by that name.
So I re-compiled the kernel enabling WAN Router, and all the subsections. Downloaded latest iptables, removed the RPM one, installed the iptables from source.. Guess what, same error!
PS: iptables -m u32 -h works, it displays a page of info.
CentOS 5 Networking :: Iptables Empty After Reboot?
Aug 5, 2009I have a strange problem with IpTables.after a server reboot, the complete rule-list of iptables is empty. After a manually start, all my old rules are there again.I checked chkconfig if autostart of iptables is enabled:chkconfig --list iptablesiptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
View 2 Replies View RelatedCentOS 5 Networking :: Firewall Insanity Iptables And Apf Don't Seem To Like Each Other?
Aug 13, 2009I'm at my wits end at this point.
CentOS 5
iptables 1.4.1.1
APF 9.7
Webmin 1.4.80 (yes i can be a gui noob at times)
I'm currently running a dedicated server that hosts a couple of sites and runs a game server or two. I was using iptables on its own for a while, but recently I'm a target of all sorts of attacks (typically aimed directly at the gameserver on port 7777. UDP flood attacks, etc). I'm also seeing an spike in foreign spam, SSH brutes, and a few people in Turkey thought it would be cute to download files over and over and over I have decided to start banning entire countries, using the subnets listed here [URL]... I'm trying to block Central and South america (189,190,200,201.x.x.x), China, Ukraine, Turkey, Iran, Spain and Italy. I do this because a majority of the traffic from those areas are usually up to no good.
I installed APF so I could easily add these ranges in deny_hosts.rules and be done with it. I added the ranges, which turned out to be too many, and the system tanked. I decreased the amount of ranges to just 4:
189.0.0.0/8
190.0.0.0/8
200.0.0.0/8
201.0.0.0/8
Restarted APF and it loaded fine. Do an apf --list and iptables --list and it shows those 4 ranges as blocked. The only issue...I have people from 190.x and 200.x connecting to the gameserver and PLAYING. Its as if the firewall isnt there. Also, adding those ranges to /etc/hosts.deny (or whatever) doesn't block them either.
I add one of my own ips and I get blocked instantly. WTF?? I look in the iptables for webmin, and it shows an empty firewall. I do iptables --list and it shows the ranges I added in APF. I'm looking at building (or whatever its called) an fresh iptables with the geoip module added in. [URL]...
I've never done anything like this, and I don't want to kill the box. I also don't want to spend the effort if 1) something is wrong with my system to begin with and 2) the geoip module doesn't work. geoip module aside....how exactly should i configure the firewall? Empty iptables completely and then rely on APF for everything? Oh and heres another tidbit: I tried this before 2 years ago and it used to be that anything I put in APF would show when i looked at iptables using the webmin module. Thats no longer the case now. That was also on CentOS 4 when it did that. I don't know if moving to 5 is whats preventing it now.
In a nutshell, I'm new at this and I'm being inundated with terrible people trying to do terrible things and I'm ready to just give up. Can someone just give me a quick rundown on:
1) how to test that my firewall is actually firewalling
2) how I should configure the/a firewall on this CentOS5. Not too specific, I just want to know if I should empty iptables then load apf, should i not bother with APF (i like it when it works), is there a specific order of doing things?
CentOS 5 Networking :: Iptables Not Loading Some Modules?
Jan 23, 2010The problem I am having is that iptables won't load the required modules for my firewall rules.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[code]....
CentOS 5 Networking :: Iptables For Transparent Proxy?
Mar 11, 2010I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
CentOS 5 Networking :: Error When Redirect Through Iptables?
Mar 30, 2010I'm trying to redirect the requests from port 80 to ports 8080 and 8081 through iptables because I've got two services which need accept requests from the same port(80):
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080-8081
The problem is that the second port (8081) never gets a request, just the first one.
CentOS 5 Networking :: Adding Iptables -F To Boot?
Sep 5, 2010How I add this " iptables -F " to my Servers boot I already asked this from my Provider, but it seams he forget each time I ask.
View 3 Replies View RelatedCentOS 5 Networking :: Large Iptables Rule Set?
Jan 10, 2011Loaded up Centos 5.5 final. Configured iptables to block regions of the world based on networks. An example would be:
-A INPUT -s 139.82.0.0/16 -j DROP
My /etc/sysconfig/iptables file contains about 10k entries like this. If I use this, the machine lags hardcore network wise.
CentOS 5 Networking :: Iptables DOS Temporarily Block IP?
May 5, 2011I have the requirement that if our website receives 20 or more requests within 60 seconds, to block the offending IP address for 5 minutes, then allow them access again. My only certain mechanism to do this is iptables. I wrote the following series of commands:
iptables -N RATE_CHECK
iptables -N DOSAttack
iptables -N RemoveBlock
[code]...
I am limited in my testing, but the little I have been able to test seems to be having no effect. will the above commands have the desired effect.