what rules I need to use to only allow traffic between 2 interfaces (which are part of a linux bridge) using ebtables?
So let's say I have if0, if1, if2. I want if1 to communicate with if0. I also want if2 to be able to communicate with if0. But I don't want if1 and if2 to communicate with each other.
I have a UBUNTU server 10.04 LTS with 3 network interfaces (eth0,1,2) with eth0 is connected to my lan and others connected to two different ISPs , I am looking for a very flexible and complete monitoring tool which can monitor all of the traffic of incoming and outgoing of any interface and SPECIALLY can show me which local client made connection to which interface for connecting to internet in online mode not offline and it is good to have online web base interface I mean the interface shows the measured data in real time mode. I fount some tools like iftop and iptraf and many others in this url: http://www.ubuntugeek.com/bandwidth-...for-linux.html but non of them are suitable for my net I mean none of them have good web real time data and non of them shows "which local client made connection to which interface for connecting to internet".
View 2 Replies View RelatedI have the following setup: Client A, having 2 network interfaces, eth0 and eth1, both with the IP address 192.168.1.1/32. Client B, also having 2 network interfaces, eth0 and eth1, with the IP addresses 192.168.1.2. The routing table on client A has one entry: 192.168.1.2 dev eth0 The routing table on client B has one entry: 192.168.1.2 dev eth1. Basically the idea is to send the upload traffic one one interface and the download traffic on the other interface. (Client B could serve as a gateway). However, with this setup, well... nothing works. The packets received by Client B are ignored. Does the linux kernel have anything against routing packets coming from an interface, although he thinks the source is on another interface?
View 4 Replies View RelatedI am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
I have a laptop connected to internet via wlan0. I also have eth0 interface and with it I share internet. I want to modify/filter all the traffic passing by the first laptop, something like this:
Code: Select all *---------------------------*
| LAPTOP 1 | *--------------* ?
|-----* *------* *----* | |
INTERNET<------>|wlan0|<-->|MY_APP|<-->|eth0|<---->|ANOTHER LAPTOP|
|-----* *------* *----| | |
*---------------------------* *--------------*
I know that in FreeBSD it is possible to use ipfw for that purpose, because it build-in into kernel. We set for example rule Code: Select allipfw add divert 2000 ip from any to 1.0.1.1
and we can use our own application to process those packets, reinject them forward etc. It will work also fast, because as I said, it build into kernel.
Is there any standart Linux-based solution to do the same? I found some info about netmap-ipfw. Is this a correct solution? Or I have to use for example IP-aliases and iptables to do that?
I need to process all the IP-packets, not only TCP/UDP/etc-protocol. Solution also must be very fast.
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
View 1 Replies View RelatedRecently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
When I use system-config-firewall, it asks what interfaces to trust. Where does it store that information for iptables (or whatever uses that info)? How iptables knows at what interfaces to use the rules?There is not that kind of information in /etc/sysconf/iptables and iptables-config.
View 2 Replies View Relatedim compiling from source on a old rig i have, its running ubuntu 10.10 server edition and i finaly got all the dependencys installed to a point where ./configure actualy worked. but whne i try and run make this is what i get.
[code]...
We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies View RelatedWhere I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
has my Ubuntu machine been cracked?
machine on home lan
192.168.0.102
it is the DMZ from router
ufw on (ports open for aMule)
sshd installed
[Code].....
I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies View RelatedI have computers in the DMZ (192.168.1.0/24) .. How to block traffic initiated from computers in the DMZ?
View 3 Replies View RelatedI set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:
Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
How do you allow SSH through the iptables firewall?
I've a server, and I want to drop all the traffic going out with other source port than 80 (apache) and 22(ssh). The reason is I want to prevent my machine sending packets I don't know (i.e. my server scanning networks or making DDOS attacks without my knowledge). The problem are the updates. If I do what I've said, the updates will not work. I want to allow updates, so I need to let DNS traffic (port 53) and the traffic of the updates to go out.
The problem is the source port. This traffic uses a dynamic port (I think like HTTP). Is there any way to specify a source port to do this? If a have a static port to do this, I would drop all the traffic going out with other port than 22,53,80 and this port.
I have a weird issue that I have not seen on any forum. My jaunty on DELL studio laptop seems connected to net, but I can not access any network service (ssh, firefox etc.). But when I connect a cable the cable lights blink as it should be and in wireless connection my wifi light blinks.
It was working 2 days ago without problem, and I have not done big changes recently.I removed and reinstalled network-manager and network-manager-gnome. Nothing changed. I see a message in each restart as follows (when Openafs is starting). I can reproduce it with "/etc/init.d/openafs-client restart"
Code:
ADVISEADDR:error in specifying interfaces: no existing ip interfaces found
#lspci
Code:
04:00.0 Network controller: Intel Corporation Wireless WiFi Link 5100
08:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5784M Gigabit Ethernet PCIe (rev 10)
#lshw -c network
[code].....
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
View 9 Replies View RelatedI want to check if traffic to a specific URL is being throttled by a hospital acting as an ISP. A client is having great trouble accessing a hosted web-app from inside the hospital, but access is fine from outside. The hospital IT dept are not interested as the rest of the Internet is fine. I need to trace where the latency is creeping in or where the throttling is happening, if I can do that, the hospital will remove it. Traffic is standard http to a specific URL.
View 9 Replies View Relatedwe want to post anonymously to a public forum like linuxquestions. We can do it through a service like [URL]. This uses a secure link so any eavesdropper in my LAN cannot see the url I am connecting to.
If this eavesdropper in my LAN suspects I am posting on linuxforums.com, they can look at times when my suspected posts appear in this public forum, and compare them with peaks in the traffic from my computer, and if the times match, it's a strong indication I am the same person. If I somehow fill the virtual private connection with a dummy data stream, can the eavesdropper still tell I am posting to linuxquestions?
I have 3 Interfaces for a different LAN's and when I start one interface the another interfaces goes down.How can it's possible?I configure my ethernets as:
Code:
/sbin/ifconfig eth0 172.16.3.108 netmask 255.255.0.0 broadcast 172.0.255.255
/sbin/ifconfig eth1 172.16.3.109 netmask 255.255.0.0 broadcast 172.0.255.255
/sbin/ifconfig eth2 172.16.3.1110 netmask 255.255.0.0 broadcast 172.0.255.255
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies View RelatedLast night my old Sony Vaio laptop which connects via wired Ethernet and runs Ubuntu 10.10 started hammering the network out onto the Internet. Fired up Wireshark and found lots of traffic between my machine and 174.129.193.12 which I did a whois on and found belonged to Amazon EC2 Cloud Server. The port on my machine was an unknown 5000+ but the port on the remote system was 443 the port used by https, however no browser was running. Did a search and put together a couple of iptable commands to block this IP address which stopped the traffic. I then used nmap and netstat and found port 3000 open and another connection to IP address 91.189.89.76 which I also blocked. Unusually no info exists on this IP when you do a whois. At first I thought it might be some sort of sync as this machine has Ubuntu One running on it, however it could also be something else.
View 3 Replies View RelatedI'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies View RelatedHow do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies View Relateda client asked me to install ettercap on their linux gateway machine - two ethernet machine. I tried it in bridged mode, it but as soon as I start it, the traffic stops and no one can access anything. Did anyone ever succeed in running it on the gateway?
View 1 Replies View RelatedI have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
the rules file has the following lines
Code:
ACCEPT$FWnettcp60000:60035
ACCEPTnet$FWtcp60000:60035
ACCEPT$FWnetudp51413
ACCEPTnet$FWudp51413
[Code]...
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
If I try to add a new interface (eth1) to /etc/network/interfaces, I get
Code:
* Reconfiguring network interfaces... SIOCSIFADDR: No such device
eth1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
[Code]...
How do I add 2 interfaces and get anyone of them to work, as available ?