Networking :: SIP Packets Mysteriously Disappearing / When Iptables-nat Activated
Sep 10, 2010
I have a very weird case in my firewall.I have an asterisk server and some phones and between them there is a linux firewall based on iptables.With basic rules on iptables everything works ok, but when I put a single nat rule (no matter what rule I use) some packets from some phones misteriously disappear from interfase to interfase.
Clearer:The firewall has two interfases: eth0 (pointing to phones) and eth2 (pointing to asterisk).One problematic phone is 192.168.3.242, so I use tcpdump this way.
View 14 Replies
ADVERTISEMENT
Oct 19, 2010
I'm not sure if I can even explain this properly! I'm attaching a hopefully self-explanatory screenshot of
(1) system monitor saying that 23.3 out of 24.6 GB of my root is used (!!!)
(2) diskanalyzer showing root should be 5.9+4+3.3+some small stuff = about 15 GB.
At startup I get a warning saying something along the lines of "you only have 50MB available on root file system.. you should delete unnecessary files.. " and that opens Disk Usage Analyzer.
Possible suspect - I had been trying out VirtualBox. On root. My virtual machine did have an 8gig hard drive, expandable I believe. But it never got past 1.7, and I've removed it, uninstalled VB and removed it from trash. (Is this weird: my trash is at /home/me/.local/share/Trash/files - took me a hell of a while to find it!)
With 100MB available on root I can barely do anything! My whole compiz/config setup even disappeared after a reboot!
View 4 Replies
View Related
Dec 6, 2010
I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
View 1 Replies
View Related
Feb 17, 2010
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies
View Related
Mar 16, 2011
I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.
View 1 Replies
View Related
Mar 13, 2011
I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?
View 1 Replies
View Related
Jun 26, 2009
if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?
View 4 Replies
View Related
Jul 2, 2010
I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
View 5 Replies
View Related
Mar 22, 2010
I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
View 2 Replies
View Related
Aug 26, 2010
I'd like to (if it's possible, of course) to redirect the packets originated within a linux box, and I've been tryin' to do it through the OUTPUT chain in nat table:
Code:
iptables -t nat -A OUTPUT -p tcp -d 192.168.0.74 --dport 80 -j DNAT --to-destination 192.168.0.17:80
The policy for the rest is ACCEPT.This redirection didn't work this way. If I do lynx http://192.168.0.74:80 I reach 192.168.0.74 host, so there is no redirection.Could I achieve what I'm needing through with IPTABLES' OUTPUT chain (in nat table)?
View 1 Replies
View Related
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
May 24, 2010
I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
View 10 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Jun 2, 2011
I'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.
Do I need both lines or only the first ?
--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP
--append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP
View 1 Replies
View Related
Apr 30, 2011
i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:
Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle
[code]....
View 9 Replies
View Related
Jun 8, 2011
My VPS host a mail, blog and web site. So i want to block port i not use. The port that i use is 80,21,2022,443. The other port will be drop. I want to block bad packet and all packet that not related. Can anyone how to write in iptables?
View 2 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
Jan 3, 2011
how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies
View Related
Mar 30, 2011
I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
View 3 Replies
View Related
Sep 27, 2010
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies
View Related
Jul 6, 2010
A friend of mine is running Ubuntu. He used to run Windows XP, but he kept destroying it completely, and I soon got tired of fixing it for him. So I setup Ubuntu, and we're both happier people for it.BUT! The other day he asked me to setup a VPN (PPTP) connection to his workplace, which I promptly did. It also just works, except for one minor problem: When he fires up the VPN connection, I lose the ability to connect to his computer over SSH. As soon as he shutdown the VPN connection, I can once again log in over SSH.I use the SSH connection for basic maintenance and for tunneling port 5900 so I can assist him over VNC.
His nic is setup with DHCP. Gateway is 192.168.57.1. Port 22 is NAT'ed to 192.168.57.2, which is the IP his computer is assigned by the router (it's reserved to his MAC address).
When he connect the VPN, a new interface is created with the IP 192.168.1.32. I'm very much _not_ a network expert. I can manage the very basic stuff, but beyond that I'm quite lost.
View 1 Replies
View Related
Sep 6, 2010
as the majority of ubuntu 10.04 users I had problems with setting up wireless internet connection too. After reading many forum topics I somehow managed to set up the connection.Now the only problem is that when I restart computer wireless connection is no longer working. Each time I boot Ubuntu I have to go to System>Administration>Hardware Drivers, remove Broadcom STA wireless driver and then install it again. Otherwise the wireless connection is not working and under Broadcom STA wireless driver this message is written:
View 2 Replies
View Related
May 25, 2011
I bought Sony vivo c series laptop and I tried to install ubuntu 10.10 version on it.After installed ubuntu the ethernet device was not activated. But It's working fine with wireless network. Similar problem I faced with older version 10.04 also.
Then, I tried with newer version 11.04. It detected Ethernet device.After installation over I just rebooted and I have chosen ubuntu OS, then it stuck and goes to blank screen.I am doing all my work in ubuntu only, i am struggling to recover form this problem for a long time.
System Information:
Model :VPCCA15FG/B
Processor : Intel(R) Core (TM) i5-2410M CPU @ 2.30GHz
RAM : 4.00 GB
System Type : 64 bit
Network Adapter : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDE 6.20)
Display Adapter : AMD Radeon HD 6630M / Mobilie Intel (R) HD Graphics
View 3 Replies
View Related
Mar 11, 2009
After an update this week I noticed some strange things with the network.
1. The network connection doesn't activate itself automaticaly. Have to do it every time when booted up.
2. At the taskbar icon the previously "Auto eth0" changed to "System eth0". I guess this is kind of connected to the first issue
3. I can't connect anymore to the windows network -Times out (also worked fine before)
How to set it up to the "old" way?
View 1 Replies
View Related
Mar 29, 2009
I've a desktop running Fedora 10 connected to the Internet via LAN. There's 3 network controllers in the desktop. One integrated to the motherboard and two additional. I would like to connect other computers (two laptops, one running fc9 and the other Window$ XP) to the Internet via the desktop. I googled the question and found out that I need to adjust thing called 'NAT'.
For that purpose I did the following:
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source 192.168.*.*
where 192.168.*.* - is desktop' IP address. I want to use 192.168.2.0/24 as a network for laptops. I activated one of devices (eth1), gave it IP address:
ifconfig eth1 192.168.2.0/24
and connected f9 laptop to it.
On the laptop I activated eth0 with the same IP. The problem is: it doesn't work. I can't ping anything from the laptop except its own address (192.168.2.0).
View 4 Replies
View Related
Jun 17, 2011
I was trying to get the b43 driver work with my broadcom bcm4322 wireless card. I changed the kernel from 2.6.32 to 2.6.38 in order to make the b43 driver to work. When I booted with the new kernel the internet stopped working so I looked for a solution. I don't remember which website I went but it said that I have to re-install the STA drivers so I did that and rebooted and nothing happened. I decided to go back to the 2.6.32 kernel and re-installed the STA drivers. The wireless card (eth1) isn't showing when I run the command iwconfig
Code:
xavi@xavi-laptop:~$ iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
easytether0 no wireless extensions.
xavi@xavi-laptop:~$
I'm currently running Ubuntu 10.04 Lucid Lynx
View 4 Replies
View Related
Dec 28, 2010
The ethernet configuration files are under
"/etc/sysconfig/network-scripts" such as "ifcfg-eth0:1" etc.
The file looks as follow:
Code:
DEVICE="eth0:1"
BOOTPROTO="static"
ONBOOT=no
IPADDR="172.23.17.10"
NETMASK="255.255.255.0"
ALIAS="yes"
I've set the ONBOOT=no. This means this device should not be activated at boot-time. But as I reboot the machine, this device is activated again. This means the option ONBOOT doesn't work. Seems this is a bug of RedHat LINUX?
View 3 Replies
View Related
Nov 19, 2010
I have installed Fedora 14 about 4 days ago. I have set all the networking parameters like dns path, hostname etc. I have also ensured that I select the check-box for "Enable automatically when system starts" for eth0 interface. But weirdly, whenever I boot my system(or restart), I see that the interface eth0 is disabled. I have to manually enter as root and enable it, each time I boot/reboot my system. Why is this happening? Could you please suggest a way so that I have eth0 interface enabled always when I boot up?Also, my domainname also is not boot-persistent. What steps should I take to ensure that the domainname set once persists across reboots?
View 12 Replies
View Related
Apr 29, 2011
Here is the output of lspci -v on a dell xps laptop I got today:
Network controller: Intel Corporation Device 008a (rev 34)
Subsystem: Intel Corporation Device 5325
Flags: fast devsel, IRQ 17
Memory at f3b00000 (64-bit, non-prefetchable) [size=8K]
Capabilities: <access denied>
Kernel modules: iwlagn
View 3 Replies
View Related
