Networking :: Trace Route On A Specific Port?
Dec 4, 2009
I've got a few systems which forward ports to one another all over the place, and somewhere along the line a port forward fails. I want to trace the route of a connection on a specific port to see where the connection hits a wall, to see what system is causing the problem. I've tried `tracetoure -T -p <port>` but it doesn't output anything about the ports it hits, stops when it hits the address I supplied even though it is forwarded elsewhere, and there doesn't seem to be a verbose mode. interstingly, if I specify a different source port via the '-s' option, the trace keeps hopping to * * * * and never get anywhere (at least to 27 hops then I CTRL+C)
View 6 Replies
ADVERTISEMENT
Mar 14, 2011
I have to route some packages over the right interface.I default route everything for the target-network over one network-interface. That works perfectly. But i have to route packages for one specific host and one specific port over another network-interface. I tried many things with the route-command, but i think there's no possibility to route only one port? May i can do this with iptables? I only found ways to forward some packages, which are coming in over one interface. But in my case all packages go out over one interface.
View 13 Replies
View Related
Oct 21, 2010
I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..
View 1 Replies
View Related
Apr 18, 2009
I have an Asterisk-server with 2 interfaces, a WAN-interface (eth1) and a LAN-interface (eth0).
SETUP : IAX-provider(internet) --> firewall --> Asterisk-server --> switch --> clients_on_LAN
So everything coming from the IAX-provider on port 4569 is forwarded to the Asterisk-server's WAN-interface (eth1). This needs then be routed to an internal SIP-phone (an IVR-system will define which one) via eth0. When a call is initiated from an internal SIP-phone (they register to the IP-address assigned to eth0) it needs to be routed via eth1 to the gateway (192.168.4.250). Asterisk will setup an IAX-channel on WAN-interface (eth1) to the IAX-provider (via gateway). So... will this work :
Code:
route add -net ip_IAXprovider netmask 255.255.255.0 gw 192.168.4.250 dev eth1
Code:
route add -net 192.168.4.0 netmask 255.255.255.0 dev eth0 (no gateway needed for the LAN-interface, communications to the gateway need to go via the WAN-interface !)
View 4 Replies
View Related
Apr 19, 2009
I have an Asterisk-server with 2 interfaces, a WAN-interface (eth1) and a LAN-interface (eth0).
SETUP :
IAX-provider(internet) --> firewall --> Asterisk-server --> switch --> clients_on_LAN
So everything coming from the IAX-provider on port 4569 is forwarded to the Asterisk-server's WAN-interface (eth1).
This needs then be routed to an internal SIP-phone (an IVR-system will define which one) via eth0.
When a call is initiated from an internal SIP-phone (they register to the IP-address assigned to eth0) it needs to be routed via eth1 to the gateway (192.168.4.250). Asterisk will setup an IAX-channel on WAN-interface (eth1) to the IAX-provider (via gateway).
So... will this work :
route add -net ip_IAXprovider netmask 255.255.255.0 gw 192.168.4.250 dev eth1
View 9 Replies
View Related
Mar 15, 2011
I know this post isn't strictly linux based, but since the system in question appears to be using Linux and I am as well I decided to post this here. In doing other network playing with Ubuntu Sever 10.10 I noticed that on all traceroutes I did to any IP the second hop from my house jumped through a connection on IP 24.96.153.61 which I think should only be another dynamic IP Knology.net customer...
In scanning the IP I now know that its a Juniper Junos Router 9.2R1.10 (Probably running on some VMware based on googling?) Open ports show: 22 ssh openSSH 4.4 v. 1.99 23 telnet Openwall GNU/*/Linux telnetd
At first I thought this was just a legit Knology.net DNS server or something, but using such outdated versions and freeware... I feel suspiciously like this is something else. Also, why in the world would knology allow remote access to their mainframe equipment? Seems that if it were ever breached it would be beyond terrible for the ISP...
Finally, why can't people not SSH into my box from the outside if I have MAC address filtering on? Anyone know anything about this or am I just being paranoid? I'm a noob, so knowing too little about all this is probably more the problem?
View 5 Replies
View Related
Aug 21, 2010
I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.
iptables -F
iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward
[code]....
My goal is to do something similar to the mangle on the tor traffic, but for an entire host.
View 2 Replies
View Related
Jul 14, 2011
I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS
View 1 Replies
View Related
Sep 19, 2010
I have be unable to access my bt homehub from another (external) ip address recently. I didtrace route to see what is happening to the connection and got the following.
It bounces around as it gets out my offices network and then seems to get to BT's servers and then I get stars. what that means?
1 - 8 bouncing round office network:
9 linx3.ukcore.bt.net (195.66.224.11) 19.405 ms 19.424 ms 19.381 ms
10 core2-pos0-1-5-0.ilford.ukcore.bt.net (62.6.201.121) 20.774 ms 21.099 ms 19.986 ms
[Code].....
View 4 Replies
View Related
Aug 13, 2010
I have two NIC, one is ethernet and second is via modem. On the eth0, most of no standard ports are blocked, so I need to connect to specified port on some IP, through ppp0 (modem), to use ssh connection on non standard port to that IP. For other ports on that IP and all other IPs I want to use eth0.
View 1 Replies
View Related
Jul 9, 2011
Recently I discovered that we were accidentally running a POP server (port 110), when we only should have been running the encrypted version thereof (port 995). This wouldn't have been a problem if the port was blocked in the first place. I had wrongly assumed that any port NOT specifically listed in one's firewall rules (CentOS 5 with default iptables installation) would be blocked. I thought you had to add a rule to /etc/sysconfig/iptables in order to open up a port. Apparently this is NOT the case. So is it true that if I install some random software that starts listening on any number of ports that I have not specifically mentioned in /etc/sysconfig/iptables that it will not be blocked - it will work right away?
Anyway, I guess two questions:
1) What's a generic way to block a specific port? I use rules like this to "open" ports (although is this not needed if they're open anyway?)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
What's the analog of this kind of rule to *block* a port?
2) Is there a better way to configure iptables to block all ports that are not mentioned in its configuration? Is that dangerous? (will it block things that I don't want to block?)
View 3 Replies
View Related
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
May 8, 2010
configure sendmail to route mail to specific hosts?
View 2 Replies
View Related
Jul 30, 2010
Is there a way to bind specific programs to specific network devices (not IPs, since I have dynamic IPs)?
For example, I wish for irssi to route through eth0 and w3m to route through eth1. Keep in mind these devices have dynamic IPs, so I cannot attached them to an IP.
The solution cannot be accomplished through route since route pivots on IPs not devices.
View 1 Replies
View Related
Jul 31, 2009
I need to instruct sendmail to accept mails that are destined to users that are not available on my server and then forward those emails to catchall@mydomain.tld.Please remember that i don't want to forward every single mail to catchall user. I just want to forward those emails which would be destined for users that do not exist on my server.i have used define(`LUSER_RELAY', `local:catchall@d.com')but it doesn't seems to work.
View 2 Replies
View Related
Apr 29, 2009
I would like to add a static route, however I do not understand what is meant by the Address setting below
GATEWAY2=10.241.58.62
NETMASK2=255.255.255.224
ADDRESS2=10.241.57.32
Does this mean any addresses beginning with 10.241.57.32 are routed over the gateway 10.241.58.62 an address range
View 3 Replies
View Related
Nov 13, 2010
I have a server set up with a VPN (openVPN with DynDNS). My emails are located there and I can check them from home, office, where ever really, with different computers, no problem.However, due to restrictions of some ISPs I would have to change the SMTP server used, depending on where I am with my laptop.
Now, I thought about using the VPN to also tunnel the SMTP traffic through that. But how am I doing that?So far, when I'm connected to via VPN I simply have a local (from the server point of view) IP address to connect to my IMAP server. But how can I route the SMTP port 25 through the VPN?Is that possible to do, also in a way that I don't have to change anything depending on where I am, as in within the network of the server or outside? Since when I'm within the network the VPN obviously isn't connecting..
View 7 Replies
View Related
Jan 25, 2011
Having trouble getting my Netgear WNA1000 working thru wireless router. Have tried lots of suggestions from other threads to no avail. Someone suggested that th routing table isn't set correctly, so have been trying to use the follwing to make the proper entry in the routing table: sudo route add -net 192.168.0.1 netmask 255.255.255.0 dev wlan0
Result: error message stating with:
"route: netmask does not match route address"
followed by "Usage" instructions which tell me to do what I just did. Any ideas on how I can populate my routing table with correct entry for my wireless card? Not to complicate matters, but I temporarily turned off encryption on my router to eliminate that as a possibility until I get connected. So maybe it'still trying to connect via encrypted mode - do I need to turn off encryption on my (client) end?
View 2 Replies
View Related
Apr 12, 2011
Yesterday I installed a RaLink RT2800 802.11n PCI on my squeeze system. Now I have a connection to Internet but I can not connect other systems in my home network. An ssh-try to a system in my home network results in: ssh: connect to host xxx.xxx.xxx.xxx port 22: No route to host If I use my eth0, I do not have connection to Internet, but I can connect other systems in my home network.
View 7 Replies
View Related
Feb 18, 2010
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB
[code]....
View 10 Replies
View Related
Mar 17, 2011
How do I get FTP to use a specific port number? .. I read the manual but cannot work this one out.
View 2 Replies
View Related
May 14, 2015
I'm looking forward to know how to connect to a remote server through SSH but from a specific port, so I con drop connections from random ports that's not the one I choose. Is this possible?
I have tried by setting up an iptables entry to forward output through both, PREROUTING and OUTPUT (one at each time, flushing when I can see that it's not working), in NAT table, so I can connect doing ssh localhost
Code: Select alliptables -t nat -I OUTPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 4141 -j DNAT --to 192.168.1.2:4040
Unfortunately, it is not forwarding as I'd like.
I want to do this because I think that doing this will enhace the security, dropping connections of clients that are trying to connect from not allowed ports. I have already set up fail2ban and created SSH keys, not allowing to login with password, only key allowed. Will only allowing connections from a specific port will enhance the security or not really?
View 4 Replies
View Related
Sep 17, 2010
Is it possible to setup SSH Daemon to listen on multiple ports and only accept specific groups to a given port? In the past I've created a second SSH Daemon by copying the config file and /etc/init.d/ daemon then configuring each port separately / rules however if I was able to maintain just the one Daemon that would be optimal. Is this possible?
View 1 Replies
View Related
Dec 11, 2010
how can i find on a linux system the processes that are using 8080 port (ex a web server)
View 2 Replies
View Related
Jan 11, 2010
How to trace the energy information from the trace file. also how to change the energy drain in faster manner.
View 2 Replies
View Related
Jul 28, 2010
Alright, I have a network trace file that I want to parse through.
The file looks like this:
+ 1.002 /NodeList/1/DeviceList/0/$ns3::PointToPointNetDevice/TxQueue/Enqueue ns3::PppHeader (Point-to-Point Protocol: IP (0x0021)) ns3::Ipv4Header (tos 0x0 ttl 62 id 0 protocol 6 offset 0 flags [none] length: 40 10.2.1.1 > 10.1.1.1) ns3::TcpHeader (49153 > 26 [ SYN ] Seq=0 Ack=0 Win=65535)
- 1.002 /NodeList/1/DeviceList/0/$ns3::PointToPointNetDevice/TxQueue/Dequeue ns3::PppHeader (Point-to-Point Protocol: IP (0x0021)) ns3::Ipv4Header (tos 0x0 ttl 62 id 0 protocol 6 offset 0 flags [none] length: 40 10.2.1.1 > 10.1.1.1) ns3::TcpHeader (49153 > 26 [ SYN ] Seq=0 Ack=0 Win=65535)
[Code]....
View 2 Replies
View Related
Sep 10, 2010
I want to create VBR traffic,I created file which contain two 32 bit fields.But When I execute tcl program with this.No pkt transfer is shown.When same program I tried with example-trace ,i saw pkt transfer.Containt of my traffic trace file is as follows :
[Code]...
View 4 Replies
View Related
Feb 4, 2011
For some reason my DNS servers aren't able to resolve certain names. Most names resolve fine there are just a few that don't work. Nslookup doesn't work either of course, and curiously neither does "whois".
Here's an example:
Quote:
dig facebookmail.com +trace
; <<>> DiG 9.2.4 <<>> facebookmail.com +trace
;; global options: printcmd
[code]...
View 2 Replies
View Related
Jun 2, 2010
Linux machine is running a webcam. I export my webcam with fswebcam for the moment on a ftp and ssh, but it is so slow.
I wanna stream it, how can I make it and make it simple for the friends ?
View 1 Replies
View Related
Sep 26, 2010
I am trying to create a socket to listen for a bootp response so I am using a PF_PACKET socket so that I get the response based on my mac. My problem is that I don't want to hear all traffic (as I do now) so would like to use a specific port number and bind to it.
View 1 Replies
View Related
