I am trying to list all traffic from 1 IP address but filter out port 1057.I keep getting syntax errors. I've tried:
Code:
ngrep -e host xx.xx.xxx.170 not port 1057
ngrep -e port 1057 -x host xx.xx.xxx.170
ngrep -e not port 1057 -x host xx.xx.xxx.170
etc.
I have a need to make a rather odd filter in tcpdump- I would like to capture only all those packages on interface eth0, that are outgoing(in other words from IP 192.168.1.1, which is IP for eth0 in this computer) and doesn't have src MAC address 11:22:33:44:55:66. However, fallowing command says, that syntax is wrong:
Code:
tcpdump -n -p -i eth0 src host 192.168.1.1 ether src not 11:22:33:44:55:66
Is this possible? If yes, then what is the correct command?
Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
I'm using ubuntu server 10.04 with openvpn installed on it. My vpn is working fine, all the users can connect without any issue.My problem is that I'm unable to filter the VPN traffic using openvpn. I can't allow all users to be able to interact with other vpn users. I need to avoid this kind of traffic.I was trying to build an iptables firewall, but I just noticed that my openvpn traffic isn't being filtered by iptables.In FORWARD chain, no matter what rule I use openvpn would continue to allow traffic between my clients. It does appear that openvpn is skipping FORWARD chain?For example:
Code:
# iptables -L FORWARD -nv
Chain FORWARD (policy DROP 0 packets, 0 bytes)
[code]....
Is there a graphic tool that can monitor the traffic over a USB port?
ie like system monitor for network traffic but over a specific port?
Im running a web server on port80, but i want traffic coming from ip 212.333.111.222 on port 80 to be fowarded to port 9020 on the same server that my web server is rinning at that is my sshd port
View 1 Replies View RelatedI have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
Currently my OS is Ubuntu 9.04 Jaunty Jackalope Desktop OS and my web server is Apache2. I have a public address 60.x.y.z and my pc local address is 10.x.y.z. I have a web app in my Apache2 which currently run in localhost(10.x.y.z).
I would like to enable the web app so that it could be browse from outside. I know there maybe some port forwarding process and some commands involved in order to do that. But I have no idea on the steps to do that.
I want to pass ip address,port address and some parameters from command line using python script.The ip address and port address for establishing socket connection and remaining parameters to execute different connection.
View 1 Replies View RelatedI'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
I make an application on GNU/Linux which listening on a MULTICAST stream, so I open my unconnected socket, bind it on a MULTICAST address and a port, join the multicast group with the "setsockopt (IP_ADD_MEMBERSHIP)", then I receive datagram on my socket.
Now I've two different instances of the same application that run with their own MULTICAST address and port. And what I found strange is that, after a misconfiguration, I switch the ports, for example:
Emitting on 225.0.0.1/23451 and 225.0.0.2/23452
Receiving on 225.0.0.1/23452 and 225.0.0.2/23451
And my receiving part doesn't care about the MULTICAST address, it looks like the socket is listening on the port number only! I mean that the receiver [225.0.0.1/23452] take its datagrams from emitter [225.0.0.2/23452] and vice-versa!
Are there Unix/Linux commands to find out the IP address of running computers on LAN?
View 4 Replies View Related- I setup port forwarding of openssh :
connect 1: ssh -g -f -p 11111 -i /<path-to-private-key> user1@ip-server1 -L 22222:ip-server1:161
- Then I setup second connection
connect 2: ssh -g -f -p 11111 -i /<path-to-private-key> user1@ip-server1 -L 22223:ip-server1:3306
- Openssh waring to me "bind: address already in use"
- So I think port 22223 have had another program use,I use command:
ps aux | grep ssh /* find process id of second connection */
kill -9 <process-id-second-connection>
netstat -an | grep 22223 /*find which program use port 22223> */
- but I can't find anywhat
- Then I run again command :
connect 2: ssh -g -f -p 11111 -i /<path-to-private-key> user1@ip-server1 -L 22223:ip-server1:3306
- And I receive a error from OpenSSH :" bind: address already in use"
I've got a Slackware 12.2 system that I'm trying to get to accept traffic on a given port, let's say 34521. When I use canyouseeme.org, to see if that port is responding, it is not.
I've put in an iptables entry to accept traffic on that port, is there anything else I need to do?
I have "Server A" with real internet ip 1.2.3.4 (eth0) and lan ip 192.168.1.1 (eth1) There's also "Server B" with lan ip 192.168.1.2 (eth0), I'm running an Apache Web server on "Server B", so I want to redirect all traffic from IP 1.2.3.4 port 80 (Server A) to 192.168.1.2 port 80 (Server B), using the following rule:
[Code]....
iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to 192.168.1.2:80 This actually works pretty good, from internet I can browse ttp://1.2.3.4 But the problem is that if I check the Apache logs, all incoming connections seems to come from 192.168.1.1 instead of showing the real source ip addresses (internet ip's) so this is screwing up all my web stats, I've been looking for hours and hours on how to make a transparent redirect, but can't find any info, I know there must be a way because my old WRT54G router which uses iptables could do it.
My ISP has given me 3 IP addresses to use for the internet (76.148.200.3, 76.148.200.4 and 76.148.200.5).
If I do a "wget whatismyip.com" or netcat into another server, I am appearing as 76.148.200.3.How do I change my route (command line) in linux to route internet traffic through 76.148.200.5?
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
code....
I'm new to iptable configuration. I've set up a VPN using DD-WRT on my router and it works fine. However the VPN company does not allow port 25 traffic (in case of spammers) so now I can't get my emails sent out.
I'm guessing I can add some rules to my iptable so that all traffic except port 25 traffic can go out through the VPN tunnel. And hopefully, all port 25 traffic will go out through the normal Internet connection.code...
made software which we can get network traffic Report of of Switches for Daily,monthly and yearly base , in MRTG we can configure as a switch so we can get particular switch Traffic but how can we get each port of traffic of a switch in MRTG
View 1 Replies View RelatedI've a server, and I want to drop all the traffic going out with other source port than 80 (apache) and 22(ssh). The reason is I want to prevent my machine sending packets I don't know (i.e. my server scanning networks or making DDOS attacks without my knowledge). The problem are the updates. If I do what I've said, the updates will not work. I want to allow updates, so I need to let DNS traffic (port 53) and the traffic of the updates to go out.
The problem is the source port. This traffic uses a dynamic port (I think like HTTP). Is there any way to specify a source port to do this? If a have a static port to do this, I would drop all the traffic going out with other port than 22,53,80 and this port.
I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.
View 4 Replies View RelatedI have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies View Relatedhow to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
View 2 Replies View RelatedRecently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
I am running Debian Squeeze with the following basic services running:DNS
DHCP
Samba
Squid
The server is setup with three NICs: eth0 (WAN1), eth1 (WAN2), and eth2 (LAN).The server addresses clients with an IP range of 10.0.30.1 - 10.0.30.254. Some clients will be set with reservations so they fall into the 10.0.40.1 - 254 range.
What I want to do is have any outgoing external traffic coming from the first range (10.0.30.0) to use WAN link 1, and any outgoing external traffic coming from the second range (10.0.40.0) to use WAN link 2.
I have sort of got something working. I have created a bare minimum transparent squid3 setup on port 3128, and set the iptables as follows:
Code:
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
I can get internet access, however obviously it only goes through one WAN link. It also seems slower than it should be. I experimented with tcp_outgoing_address, but seemed to not be my friend.
This is probably the wrong forum to star and I am clutching at straws here hoping someone can point me in the right direction.I own a cheap IP Network WebCam, bought from eBay (like this one:it doesn't list it's manufacturer anywhere and just says it is the F-Series IP Camera.It works well, both on Firefox and IE. However, you can only get a live video stream with audio out of it using IE and an ActiveX plugin or the supplied Windoze only IP Camera Super-Client software which doesn't like Wine.
As I am mainly an Ubuntu user, I was wondering if anyone knew of any tricks to get hold of the two streams, maybe using VLC to view?I've tried IE4Linux and Play-On-Linux to install IE in ubuntu, but the ActiveX unsurprisingly doesn't work. I was hoping that:someone can point me to a forum that might have someone who knowssomeone can tell me how to analyse the network traffic that IE is getting to get an IP address for the video and audio feedssomeone has some experience with these cameras and knows the answer to all my questions I've tried using wireshark, but the output makes no sense to me - I've figured out various addresses to the video stream:[URL]But I can't get the audio stream. I was hoping to use it as a baby monitor, it has excellent night viewing capabilities with its IR LEDS, but having no audio in Ubuntu with it is a pain.
I'm running ASSP on Ubuntu 10.04.1 it's mostly working fine. I have one problem which has been bugging me for some time. I don't want to filter outbound mail, but if I can relay (proxy) my outbound mail through ASSP, then it can automatically add to the whitelist.
As ASSP is a proxy, I need a server to send it to once ASSP receives it. I've tried my ISP, but this failed and they weren't willing to confirm if a connection attempt was received at their end.
Current setup
Inbound
mx -> router -> ASSP -> Exchange 2003
Outbound
Exchange 2003 -> mx
I'd like to setup outbound as either
Exchange 2003 -> ASSP -> <ISP> SMTP relay
Exchange 2003 -> ASSP -> <relay running on Ubuntu eg postfix>
Can anyone help me with troubleshooting steps or a better suggestion for how I can set this up. I'd love to know why my ISP setup didn't work, but I don't know a tool for monitoring IP traffic in Ubuntu SE, in windows I use Wireshark is there any equivalent I can setup for Ubuntu or a tool I can use in windows which will show all traffic, Ubuntu and windows server are on the same netgear switch, not sure it's smart enough to copy all traffic to another port for monitoring.
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedI'm simply trying to make a little restriction on www packets under two rules:
1. Allow inbound/outbound www packets (works!)
2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)
Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)
And this is my iptables rules in shell-script so far:
#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"
[Code].....
In my sources.list all I can see is online addresses but there is another directory in my pc which has all the sofwares but I don't know how to add its address to sources.list. I need to know the format of how to add it.
local directory is: /var/www/debian/pool/main
My Postfix email server is hosted with a company called ViUX and their IP address is not listed in any Spamhaus list what so ever from what I can tell. But the residential ISP my mail clients send mail from to the remote Postfix server appear to be on the Spamhaus PBL.
View 3 Replies View Related
