Networking :: Iptables REDIRECTing - All Outgoing Packets ?

Dec 6, 2010

I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.

So here's what I tried:

All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.

I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.

View 1 Replies


ADVERTISEMENT

Networking :: Redirecting Packets To Virtual Machine With Iptables

Mar 16, 2011

I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.

View 1 Replies View Related

Networking :: Capture Outgoing Packets Only?

Jun 11, 2009

I have a network like

Node A to Vlan Switch
Node B to Vlan Switch
Node C to Vlan Switch
Node B is set up to be a middle man between A and C.
All nodes have 1 NIC.

They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.

When I use Wireshark to sniff What's going on with Node B during a ping from Node A to Node C, I can see an ICMP request with src = Node A and dest = Node C. I'd like to know if that ICMP packet was received by B from A or if it is going out. If it's going out, that makes no sense since B knows how to send to C. If B is only getting the requests but not forwarding them, then I know there is something wrong with B's configuration.

So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?

View 1 Replies View Related

Ubuntu Networking :: Redirect Outgoing Packets To LAN?

Jul 6, 2011

is there any way to point certain packets from my outgoing traffic to a LAN : port ?

can iptables do this ? if yes how ?some like this [URL] ?

View 1 Replies View Related

Networking :: Monitoring Outgoing UDP Packets - PID In Access Log

Oct 11, 2010

On our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.

What I have checked already:

- outgoing UDP connections are not listed in netstat - so cannot get PID from there
- Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled
- I can see tons of records in tcpdump, but from the dump I'm not able to get PID
- In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker
- I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured
- checked the POST records from access log - nothing
- grepped all php files for keyword 'fsockopen' and 'torrent'
- from iptables --log-uid I have found user nobody (under apache is ran)

I think that the key is able to match outgoing connection to PID, than it will be easy.

View 1 Replies View Related

Networking :: Inspect Ports Or Packets For Outgoing Email?

Aug 2, 2010

My server ended up on 1 (just 1) block list and I'm finding it very difficult to convince myself that it was just an error of some kind.Can anyone think of any giveaways at the packet or port level that some program is sending spam from my server without using the normal MTA (nothing suspicious is showing up in the sendmail logs)

View 9 Replies View Related

Fedora Networking :: Can Ping But Cannot Browse - Outgoing Packets Dropped

Oct 5, 2010

In my Fedora13 machine, while in mobile broadband, i can ping and skype outside, but cannot browse/yum etc. Few output that may be of relevence are here:

$ netstat -s
IP:
149468 total packets received
6 with invalid headers
16174 with invalid addresses
0 forwarded
0 incoming packets discarded
118821 incoming packets delivered
101331 requests sent out
124 outgoing packets dropped
866 dropped because of missing route .....

View 3 Replies View Related

Networking :: IPTables Rule For Outgoing?

Dec 7, 2010

Unsure about IP tables lingo, so excuse me for not looking this up:I have a server, running IP tables, that I do not want to allow any type of outgoing traffic to 192.168.1.21

View 3 Replies View Related

Networking :: IPTables - Redirecting Web Traffic To Single Transparent Proxy Server

Mar 25, 2010

I am new to iptables. We have two Squid proxy servers running in "non-transparent mode" (172.16.0.1 and 172.16.0.2). Currently users have to configure the proxy server they want to use by configuring them in their browsers. Recently I saw an example for redirecting web traffic to a single transparent proxy server.

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128

Can anyone modify this rule to accommodate my current setup of two proxy servers running in non-transparent mode. i.e Redirect web traffic to the 172.16.0.1-172.16.0.2 ip range.

View 2 Replies View Related

Networking :: Iptables Outgoing Adress Using An Aliased Interface?

Dec 15, 2010

it�s been several years since i played with iptables. I have setup like this:eth0 is the only physical device on box and eth0:0 is aliased. Traffic going out of the box to internet uses eth0eth0 116.55.58.1eth0:0 116.55.58.2I have a service listening on port 80 on 116.55.58.2Lets say my client connect to 116.55.58.2:80 through 116.55.58.1 , how do I force (mangle you name it) with iptables that the outgoing source address will be always 116.55.58.2?

View 1 Replies View Related

Ubuntu Networking :: Iptables: Block Incoming And Allow Outgoing Traffic

Jan 6, 2011

I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.

I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)

The following was used:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP

Also, even allowing NOT SYN requests still prevents outgoing traffic.

iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT

Another point:

# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep

How to install ipt_state module on ubuntu?

View 2 Replies View Related

Networking :: Iptables Routing Packets On Same Sub-network

Feb 17, 2010

I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.

View 3 Replies View Related

Networking :: Interesting Distribution Of Packets Over Iptables Rules

Mar 13, 2011

I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?

View 1 Replies View Related

Networking :: SIP Packets Mysteriously Disappearing / When Iptables-nat Activated

Sep 10, 2010

I have a very weird case in my firewall.I have an asterisk server and some phones and between them there is a linux firewall based on iptables.With basic rules on iptables everything works ok, but when I put a single nat rule (no matter what rule I use) some packets from some phones misteriously disappear from interfase to interfase.

Clearer:The firewall has two interfases: eth0 (pointing to phones) and eth2 (pointing to asterisk).One problematic phone is 192.168.3.242, so I use tcpdump this way.

View 14 Replies View Related

CentOS 5 Networking :: View The Packets Saved By Iptables?

Jun 26, 2009

if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?

View 4 Replies View Related

Ubuntu Networking :: Setting Time Delay For IPTables (Incoming / Outgoing Port)

Mar 9, 2010

I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random

If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?

View 3 Replies View Related

Networking :: Iptables - Allow Http And Https Together With Mail Server (incoming And Outgoing) And Ftp - Ftps And Ssh

Apr 28, 2010

i need is to have http and https allowed, together with mail server (incoming and outgoing) and ftp, ftps and ssh. all other ports have to be closed.

View 3 Replies View Related

Networking :: IPtables: Route Outgoing Traffic From Internal Host To Only Go A Internet Interface?

Nov 21, 2010

My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2

View 4 Replies View Related

Networking :: IPTables / SSH Connection To .150 - The Packets Are Still Handled By .150 After Adding The Rules

Jul 2, 2010

I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):

iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE

My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160

View 5 Replies View Related

Networking :: Promiscuous Interface And Iptables To Receive Packets Not Destined To Localhost

Mar 22, 2010

I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.

View 2 Replies View Related

Server :: IPTABLES Port Redirecting To SQUID

Jul 12, 2011

i've got a software that uses a specific tcp port e.g 11111. i want to redirect all the traffic from 11111 to squid port 3128. i'm using the following commands to redirecting:

iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 --dport 11111 -j DNAT --to 192.168.0.1:3128
iptables -A FORWARD -p tcp -m tcp -i eth0 --dport 11111 -j ACCEPT

my ubuntu server has two interfaces. eth0 is for local network (dhcp assigns ips) and eth1 is for internet. my ubuntu server acts as a gateway and as an authentication server for users.

at squid also i have the following configuration regarding my port:

acl myport port 11111 http_access allow CONNECT myport. my squid installation is not transparent as users need to authenticate in order to access the web.

my application is a windows application and of course is not working. i examined the packets with wireshark and i noticed that when the program tries to access the internet, squid replies with err_invalid_request (the packet contains that data). the program is trying to send some plain text via port 11111 and as far as i can image, somehow squid declines the data. i cant get rid off squid as i want to pass the traffic from squid. what is the problem?

View 1 Replies View Related

Networking :: IPTABLES DNAT For Packets Originated Within The "firewall"?

Aug 26, 2010

I'd like to (if it's possible, of course) to redirect the packets originated within a linux box, and I've been tryin' to do it through the OUTPUT chain in nat table:

Code:

iptables -t nat -A OUTPUT -p tcp -d 192.168.0.74 --dport 80 -j DNAT --to-destination 192.168.0.17:80

The policy for the rest is ACCEPT.This redirection didn't work this way. If I do lynx http://192.168.0.74:80 I reach 192.168.0.74 host, so there is no redirection.Could I achieve what I'm needing through with IPTABLES' OUTPUT chain (in nat table)?

View 1 Replies View Related

Networking :: Route Eth2 TCP Packets To Tun0 With IPTABLES And IP RULE/ROUTE?

May 8, 2011

I have 3 network interfaces on my Linux Router :

Interface - Gateway - Type

Code:

br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)

What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :

Code:

route del default
route add default gw 10.0.0.2

Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :

Code:

iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300

First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.

View 4 Replies View Related

Networking :: Use Iptables In Order To Forward All The Incoming Packets For Port 5555 To Port 5556?

Apr 4, 2011

I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).

I wrote the following commands:

iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT

View 3 Replies View Related

Security :: Correct/safe Iptables Rules For Redirecting Port 80 To 8080?

Jul 13, 2010

I am setting up tomcat server on my Centos 5.5 machine. I've been advised to run tomcat on 8080 as non root user and redirect traffic to it from port 80.

I searched and found the following iptables commands for this:# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT -to-ports 8080
# iptables -I INPUT -p tcp --dport 8080 -j ACCEPTI have a doubt:

Tomcat is not accessible via port 80 without the second command. But the second command opens 8080 and makes it accessible over the internet (tomcat is accesible via both: www.<website>.com and http://<ip address>:8080). This doesn't seem right. Is there some simple (iptables) way to redirect traffic "internally" from port 80 to 8080 without having to open 8080 to the internet.

View 3 Replies View Related

Ubuntu :: How To Block All Outgoing With IPTables

May 10, 2010

I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.

View 1 Replies View Related

General :: Blocking Outgoing Ssh Using Iptables?

Aug 19, 2009

I want to block all the outgoing ssh form my machine, i.e my machine will not be able to ssh to any outside machine using iptables. The distro is RHEL, I added the following entry in the iptables but unfortunately it didnt worked, -A OUTPUT -p tcp -m tcp --dport 22 -j DROP

View 13 Replies View Related

Ubuntu :: IPTables Configuration Just Allow Outgoing To HTTP / DNS

Nov 18, 2010

Rather new to Ubuntu. I was wondering for advice on a basic iptables configuration blocking all incoming/forward and just allowing outgoing to http(s) and dns of course.

View 5 Replies View Related

Red Hat / Fedora :: Changing Outgoing DNS (port 53) IP Address With Iptables?

Mar 31, 2009

I need to know what the Iptables "code" is to change the outgoing/Incoming IP for port 53 (DNS). I'm running CentOS on a dedicated server. I very familiar with Putty and SSH. So I don't need much details, I just can't figure this out. I asked my server providor but they deleted my ticket and didn't answer me.I tried this but am not sure if this correct of working?

View 5 Replies View Related

Programming :: Drop Packets (not Iptables) In C / C++

May 24, 2010

I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved