Networking :: Relay Raw ICMP Packet To Local Destination
Feb 21, 2011
On my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
View 1 Replies
ADVERTISEMENT
Dec 1, 2010
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
View 1 Replies
View Related
Jan 13, 2010
I am an 'experienced perpetual newbie' using Ubuntu 9.04. I know a little about quite a few things but nothing past intermediate knowledge so:I am trying to set up a simple LAN between 'rhino' (192.168.1.102) and 'polly-laptop' (192.168.1.101). My router address is 192.168.1.1
From polly-laptop:
sudo mount rhino:/home /media/rhinohome
polly-laptop can access rhino:/home fine.
[code]....
View 8 Replies
View Related
Aug 19, 2010
icmp request from an ip that is in the same network as one of the local interfaces is not responded to, if the ping request is received via an interface in a different network. Is this some security feature?
Consider the below network
x.1|RTR1|-y.1---------y.2-|RTR2|-z.2------z.3-|LNX|-x.3
RTR - Router
x.1 -> 192.168.x.1
LNX - Linux machine
[Code]....
View 1 Replies
View Related
Oct 26, 2009
I'm using a single raw socket to read UDP packets from local test network with 1024 ports. Each UDP src and dest port is unique and I need access to IP and UDP header fields. I can stream and process data (in and out) at 100 mbps in linux-rt kernel with very low jitter < 250 usec, 10 usec nominal.
I'd like to prevent kernel from issuing ICMP port unreachable errors back to the sending host, however, I don't want to create 1024 vanilla UDP sockets and bind to each one because of resource constraints. Currently, I'm using iptables to drop the outbound port unreachable messages. Does anyone know of a way (programmatic using C code) to prevent the ICMP unreachable traffic? Perhaps an IOCTL or socket option? I also tried changing /proc/sys/net/ipv4/icmp_ratelimit but that seemed to have no effect. By default the ratemask is set for dest unreachables and a variety of ratelimit values did not change any behavior that I could see.
View 5 Replies
View Related
Oct 7, 2010
I want to receive an icmp packet using net filter hook function. A string will be printed if an icmp packet is received.I am able to print the string. but the packet loss in the log message shows 100%packet loss.So i changer hooknum = NF_IP_FORWARD.but still its not working.I want to get log message as received 100%
View 1 Replies
View Related
Jan 6, 2010
I'm using kubuntu 9.10 desktop edition as a server and I set the IP statically, what happens is that when I ping it from another machine on the same network, I get intermittent packet loss (up to 80% and sometimes even higher). When I ping any other machine on the local network everything's fine with 0% packet loss. Packets go directly through switch, no router or anything in between.
I suspected wiring issues, but that doesn't seem to be the problem after I changed the wiring. I was connected to wireless and suspected that but no go either. Same thing when I turn wired. I just changed the ethernet card suspecting drivers but that's no good either. Iptables is a cleanslate installation, it's totally empty.
View 9 Replies
View Related
Jun 16, 2010
My issue is with linux routing tables using iproute2, coupled with the iptables MARK target. When I create a rule to lookup a table with iproute2, and the routing table routes an address as type unreachable (or blackhole, or prohibit), if a higher priority rule does a lookup to another table that routes the address as type unicast but that higher priority rule also matches on a fwmark, the packet to that address is never generated locally to even go through iptables packet filtering/mangling in order to mark it, because the lower priority rule that doesn't match on a fwmark says it's unreachable. For example, I have 2 rules installed with ip:
Code:
10: from all fwmark 0x1000 lookup routeit
20: from all lookup unreach
ip route list table routeit
[code]....
Now, in the packet filter, I have an iptables rule to mark packets to destination 10.0.0.5 with 0x1000 in the mangle table and OUTPUT chain. When I generate a packet locally to 10.0.0.5, all programs get ENETUNREACH (tested with strace). However, if I take out the route entry that 10.0.0.0/8 is unreachable, it all works fine and the routes in the routeit table get applied to marked packets (I know because my default gateway would not be 1.2.3.4, but wireshark shows packets being sent to the MAC address of 1.2.3.4).
The best I can surmise is that when generating a packet locally, the kernel tests the routing tables in priority order but without any mark to see if it is unreachable/blackhole/prohibit, and doesn't even bother generating the packet and traversing iptables rules to see if it would eventually be marked and thus routed somewhere. Then I assume after that step, it traverses iptables rules, then traverses the routing tables again to find a route. So is there any way around this behavior besides adding fake routes to the routing table (e.g. routing 10.0.0.5 to dev lo in the unreach table in this example)?
View 2 Replies
View Related
May 25, 2010
Some mail coming to my postfix server will need to be delivered local and the rest to an internal mail server.
The internal mail server is mail.example.com where there is no bob@example.com but there is a sam@example.com.
Is it possible to configure postfix to do this?
View 1 Replies
View Related
Oct 28, 2010
In my network I only have one machine that is configured to send email outside the network. How do I instruct my local copy of sendmail to use that server as a relay?
View 3 Replies
View Related
Jul 12, 2010
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies
View Related
Mar 1, 2011
I have a mail server running Postfix and the problem I'm running into is that when trying to send mail, I get a "relay access denied" error.Inside my main.cf, I did not specify 'smtpd_recipient_restrictions' so by default, the variable is:
Code:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
The 'mynetworks' variable looks like this:
[code]....
View 3 Replies
View Related
May 21, 2011
I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies
View Related
Mar 16, 2010
I run a linux box as a gateway behind a satellite modem. The internet link over the satellite modem is only 1mbit so the usage often reaches 100% when someone is downloading/uploading something. I am seeing my ping return time jump from 700ms to 6000ms if someone tries to upload a file (by sending a attachment in a email etc). The satellite operator is saying this is normal, but I have my doubts.
Has ICMP got a lower priority? Should I really be seeing this behaviour? I understand that if it was a TCP packet then it would just be queued until the previous acknowledgement has been received. And if it was a UDP packet then it would have been dropped, but how does ICMP deal with these situations during heavy traffic?
View 2 Replies
View Related
Feb 20, 2011
Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
View 2 Replies
View Related
Jan 12, 2010
I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
View 1 Replies
View Related
Jun 22, 2010
Why linux traceroute uses UDP protocol, we have basic ICMP protocol which is used in MS-windows tracert.Any specific use of traceroute using with UDP,TCP than ICMP?Windows is displaying all HOPs address but linux printing *.*.*
View 8 Replies
View Related
Jul 9, 2009
I have a C program which does.
1. Creates a UDP socket
2. Send the UDP Request packet to the TFTP server.
3. If the TFTP server is not listening in the 69 port, the remote machine send an ICMP ("Port Unreachable") message.
Is there a way to receive a notification from the Linux kernel on receipt of an ICMP packet to the created UDP socket.
View 1 Replies
View Related
Jul 23, 2011
So im trying to get an icmp tunnel setup using ptunnel. When I run it under the same network and use to connect to RDP, it works fine, however when go outside my network and connect in, it does not get anywhere. I can confirm that I have forwarded ICMP packets to the server (if I ping the external ip it will show the status of the server if I unplug it) and that the server is showing signs of registering it.
On the client it just tries to resend the packet "Resending packet with seq-no 0" Over and over Firewall is off for testing so thats not the issue.
View 2 Replies
View Related
Apr 29, 2011
My issue is that i'm trying to send emails with postfix and gmail as the mail relay,i'm trying to send emails to my self by sendmail -bv user@gmail.com
In the logs, i can understand that it been delivered to the destination,
taken from: /var/log/mail.log:
Apr 30 00:05:23 moni postfix/pickup[10490]: 9C7552170C: uid=0 from=<root>
Apr 30 00:05:23 moni postfix/cleanup[10495]: 9C7552170C: message-id=<20110429210523.9C7552170C@moni.localdomain>
Apr 30 00:05:23 moni postfix/qmgr[10491]: 9C7552170C: from=<root@moni.localdomain>, size=283, nrcpt=1 (queue active)
code....
When login in my gmail account i can't see nothing under the sent / inbox / spam folder.
it's seems like the mail are been sent.. but nothing is happening.
View 1 Replies
View Related
Sep 10, 2009
From what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
View 6 Replies
View Related
Nov 13, 2010
I tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
View 3 Replies
View Related
Jan 8, 2011
Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
View 1 Replies
View Related
Feb 8, 2011
Why firewalls does not allow ICMP echo request packets. Why are pings not allowed to certain systems?
View 1 Replies
View Related
Apr 21, 2010
Can any one tell me a network monitoring tool which can monitor remote connectivity and generate a comprehensive report about the link state like up/down, error timings, increase in latency and packet loss rate.
View 3 Replies
View Related
Jan 14, 2010
I set up a static IPv6 address and a gateway in /etc/network/interfaces. However, a bad router in my network environment alway send wrong ICMP router discovery messages to me. So I have got extra (wrong) IPv6 address and gateway, and the routing is confused. On Windows Servers, I can use "netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disable" to disable ICMP router discovery. But I don't know how to disable it on Ubuntu 9.10. How could I disable ICMP router discovery for IPv6?
View 4 Replies
View Related
Sep 28, 2010
When I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
View 2 Replies
View Related
Mar 9, 2011
Struggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies
View Related
Apr 20, 2011
I have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
View 5 Replies
View Related
Sep 17, 2009
I got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
View 5 Replies
View Related