Ubuntu Networking :: Redirect Outgoing Packets To LAN?
Jul 6, 2011is there any way to point certain packets from my outgoing traffic to a LAN : port ?
can iptables do this ? if yes how ?some like this [URL] ?
ADVERTISEMENT
Networking :: Capture Outgoing Packets Only?
Jun 11, 2009I have a network like
Node A to Vlan Switch
Node B to Vlan Switch
Node C to Vlan Switch
Node B is set up to be a middle man between A and C.
All nodes have 1 NIC.
They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.
When I use Wireshark to sniff What's going on with Node B during a ping from Node A to Node C, I can see an ICMP request with src = Node A and dest = Node C. I'd like to know if that ICMP packet was received by B from A or if it is going out. If it's going out, that makes no sense since B knows how to send to C. If B is only getting the requests but not forwarding them, then I know there is something wrong with B's configuration.
So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?
Networking :: Monitoring Outgoing UDP Packets - PID In Access Log
Oct 11, 2010On our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there
- Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled
- I can see tons of records in tcpdump, but from the dump I'm not able to get PID
- In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker
- I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured
- checked the POST records from access log - nothing
- grepped all php files for keyword 'fsockopen' and 'torrent'
- from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
Networking :: Iptables REDIRECTing - All Outgoing Packets ?
Dec 6, 2010I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
Networking :: Inspect Ports Or Packets For Outgoing Email?
Aug 2, 2010My server ended up on 1 (just 1) block list and I'm finding it very difficult to convince myself that it was just an error of some kind.Can anyone think of any giveaways at the packet or port level that some program is sending spam from my server without using the normal MTA (nothing suspicious is showing up in the sendmail logs)
View 9 Replies View RelatedFedora Networking :: Can Ping But Cannot Browse - Outgoing Packets Dropped
Oct 5, 2010In my Fedora13 machine, while in mobile broadband, i can ping and skype outside, but cannot browse/yum etc. Few output that may be of relevence are here:
$ netstat -s
IP:
149468 total packets received
6 with invalid headers
16174 with invalid addresses
0 forwarded
0 incoming packets discarded
118821 incoming packets delivered
101331 requests sent out
124 outgoing packets dropped
866 dropped because of missing route .....
Networking :: Redirect Marked Packets To Internal Website?
Dec 17, 2010I found this really cool guide / info about creating an internet portal where users have to register (their MAC) with the server to use the internet. basically if users MAC's are in the list they get routed to the internet if not they get routed to an internal page asking them to register. It works great and works well. I was wondering if there are some smart people out there who could help me reverse the process.. eg if your mac is not in the list you can access the internet if it is, you are redirected to an internal page saying "youve been blocked"
The firewall rules are as follows.
Code: IPTABLES=/sbin/iptables
# Create internet chain
# This is used to authenticate users who have already signed up
$IPTABLES -N internet -t nat
# First send all traffic via newly created internet chain
[Code]...
Networking :: How To Redirect Locally-generated Packets To Remote Server?
Mar 22, 2010I'm trying to workaround a limitation in a server application. The limitation is that I can only connect to a LOCAL mysql database. I am trying to fool the server in to using a remote mysql database. I was hoping to do this by simply forwarding 3306 to another server on the same subnet.To that end I've set up iptables rules to forward all connections to port 3306 to a non-standard mysql port on a remote server. This works, except that I need to deal with the loopback interface in a special way and I'm stuck.
View 14 Replies View RelatedUbuntu Servers :: Redirect All Outgoing Emails?
May 10, 2010Here's what I'm trying to do to complete my rocking development server.
I would like all outgoing email on my Ubuntu server to be redirected to one email address (internal or external). I don't have any mail server installed yet (I'll probably use postfix unless you have another suggestion).
The reason I would like this to work is because I'm a web developer working on multiple projects. When I start working on a new project I would like to be able to test some of the forms and features in the web application (PHP) without having emails sent to the email address configured in the application. I can always change configurations but having my development server forward the emails would save me lots of trouble.
Example:
If one of my php application sends an email to: user1@domain.com, user3@domain4.com... I would like all of them to forward to myemail@domain.com
Debian :: Forwarding TCP Packets - Redirect Also The Port 443 (HTTPS)
Mar 16, 2011This is where it starts: I have 2 networks. The first: 192.168.1.0/24 composed by the router which has access to the internet with the IP 192.168.1 and the server (who is a gateway) with the IP 192.168.1.42 The other network: 192.168.2.0/24 composed by the gateway with the IP 192.168.2.1 and the clients (on the 192.168.2.0/24 subnet). To sum up, the gateway has 2 IPs (192.168.1.4(eth0) and 192.168.2.1(eth1)). On this gateway, I have squid installed (and listening on port 3128). I also made a redirection to redirect some computers who want to access to the web (port 80) to squid (port 3128) with this command: /sbin/iptables -t nat -A PREROUTING -m mac --mac-source CLIENT_MAC -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
At this stage, everything works fine. The clients can access the web by the proxy without "knowing". What I wanted to do, is redirect also the port 443 (HTTPS). Actually, when a client wants to access to, for example, [URL]. He cannot. So I would want to be able to redirect people (without passing by any proxy) directly to google. Like a NAT. But the problem is that I can't. The thing would be to, in the gateway, take all the packets with port 443 in destination and handle them to the router 192.168.1.1. Then, when the router sends the packet back, the gateway takes the packet and handles it to the client. I tried putting ip_forward to 1, but the problem is that all IPs and ALL PORTS are forwarded. And I just want port 443 to be forwarded.
Networking :: Firewall - Allow Packets Coming From Internet After Authenticating And To By Pass Packets Generated From Internal LAN?
Feb 8, 2010i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
Programming :: Write A Program In C That Can Sniff Packets From Ethernet And Distinguish RTP Packets From Non-RTP Packets?
Aug 30, 2010i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedNetworking :: Kernel - Forward Packets From Eth0 To Eth1 And Eth1-to Eth0 As Well As Get A Copy Of These Packets For Analysis
Sep 27, 2010I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View RelatedNetworking :: Using A Different OUTGOING IP ADDRESS
Jun 23, 2010I am testing my setup which will have 2 public servers. HTTP & MAIL both with reverse DNS established.
www.mydomain.no -> xxx.xxx.xxx.034 -> internal name server
mail.mydomain.no -> xxx.xxx.xxx.035 -> internal name mail
Both addresses are on the same NIC with 34 being the main address.
The system work fine except one thing. The IP address mail sends out from is the Firewall Address _FW. I can see why as the default gateway set on the mail server is the FW_IP (The main gateway ip)How can I get the MAIL server to send through it's own public IP.I understand I can change the Firewall public IP to that of the Mail server and that would cure the problem for now. If it's possible I would like to learn a little in the process.
Ubuntu Networking :: 8.04.3 Server - No Outgoing Connection (VMware)
Feb 16, 2010I'm running Ubuntu 8.04.3 server on my XP Pro SP3 machine using VMWare. I'm trying to set up a static IP address but I can no longer ping anything except my router (not even the XP machine it's hosted on). I'm using "bridged" mode in VMware
Here's my /etc/network/interfaces file:
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.50
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Networking :: IPTables Rule For Outgoing?
Dec 7, 2010Unsure about IP tables lingo, so excuse me for not looking this up:I have a server, running IP tables, that I do not want to allow any type of outgoing traffic to 192.168.1.21
View 3 Replies View RelatedUbuntu Networking :: Unusual High Outgoing Traffic Generated
Aug 12, 2010I've noticed recently that a lot of outgoing internet traffic is generated by my laptop (running Ubuntu 10.04 - 64 bit). This wasn't the case previously. I only found out because my wireless broadband traffic allowance suddenly was used up very quickly. I've installed ntop to try to find out where all this traffic is going to.
I did find that there were a very high number (at one stage over 11.000) of active TCP/UDP sessions (see attached screenshot). Although the traffic generated by each is only small (about 100 bits/bytes - not sure what) multiplied by thousands, makes a fair bit of traffic. I wonder if I've got some kind of a virus/bug or do I have a configuration problem with my laptop?
Ubuntu Networking :: Iptables: Block Incoming And Allow Outgoing Traffic
Jan 6, 2011I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.
I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)
The following was used:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
Also, even allowing NOT SYN requests still prevents outgoing traffic.
iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT
Another point:
# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep
How to install ipt_state module on ubuntu?
Networking :: Outgoing Port Forwarding Wrt54gs?
Feb 22, 2010How would one forward a specific outgoing port to a local computer?
E.G.
Router: 192.168.1.1
Comp 1: 192.168.1.100
Comp 2: 192.168.1.200
When Comp 1 tries to browse to an internet page, forward that connection via the router to comp 2 to display a custom webpage. Using WRT54GS
Ubuntu Networking :: Firewall - Block Incoming / Outgoing Connections To IP Range
Jul 4, 2010I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedUbuntu Networking :: Cannot Access Certain Ports Via Web Browser, Outgoing Port Blocked
Aug 12, 2011I have a vps server running certain services which can be accessed via a web browser (e.g webmin control panel), but I have recently been unable to access these services from my home machine using Firefox 5.0, running ubuntu 11.04.
Example:
I can access the server on port 80 fine, eg: [URL]
However I cannot access my webmin control panel on: [URL]
The pages takes ages to load and then times out. Same with transmission-daemon on: [URL]
Everything is set up fine on my server, the ports are open in firewall etc. and I can access these pages fine from my work computer.
This has only started happening in the last day or two and had been working fine up till then. I have not messed around at all with the firewall on my home machine. I have tried other browsers besides Firefox with same result.
Fedora Networking :: IP Masquerading For All Outgoing Traffic In Eth0
Nov 13, 2010I have a couple of interfaces in a Fedora 14 box:
eth0: internet provided by an adsl router
eth1: LAN
I set up system-config-firewall to masquerade all outgoing traffic in eth0, as I did in other Fedora 13 boxes, but it seems it doesn't work. It sets to 1 /proc/sys/net/ipv4/ip_forward and also set the appropriate rules in iptables. But all traffic is blocked from the LAN to the Internet. "ping www.google.com" works in the Fedora box, but doesn't work in the LAN computers using the F14 IP as gateway. I have another F13 computer elsewhere configured this way and it works fine. But this one has Fedora 14.
Fedora Networking :: Send All Outgoing Traffic To A Specific Nic?
Jun 9, 2011I use a server with 3 nics,
eth0 192.168.2.100 (internal Web, Mail)
eth1 192.168.3.100 (Default Gateway nic for clients)
eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)
They are all on the same machine
i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)
is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?
Networking :: System / Script To Detect Outgoing DOS Flood?
Oct 16, 2010I run a Centos server that quite a few people have access to. I trust every user on the system, but i've had problems before like one user's account gets hacked and someone starts using my box to DDOS. Each user has their own ip.. And I would like to write a script or use an existing solution (if one exists) to monitor number of tcp/udp connections each minute and see if it's unusually high. I don't want it to stop the flooding or anything, I just want to be notified by email or something.
View 1 Replies View RelatedNetworking :: Configure Amavis To Allow All Outgoing Email By Postfix?
Apr 27, 2010I have CentOS 5.3 ISPConfig 3 installed. I have noticed that some mail I sent out were lost. Expecially, email with subject like "a" or "aa". I think Amavis block my email. Please tell me how to configure amavis to allow all outgoing email by postfix?
View 1 Replies View RelatedNetworking :: How To Make Outgoing Traffic Show From Different IP Address?
Nov 4, 2009I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.
View 4 Replies View RelatedNetworking :: Iptables Outgoing Adress Using An Aliased Interface?
Dec 15, 2010it�s been several years since i played with iptables. I have setup like this:eth0 is the only physical device on box and eth0:0 is aliased. Traffic going out of the box to internet uses eth0eth0 116.55.58.1eth0:0 116.55.58.2I have a service listening on port 80 on 116.55.58.2Lets say my client connect to 116.55.58.2:80 through 116.55.58.1 , how do I force (mangle you name it) with iptables that the outgoing source address will be always 116.55.58.2?
View 1 Replies View RelatedUbuntu Networking :: Setting Time Delay For IPTables (Incoming / Outgoing Port)
Mar 9, 2010I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
Ubuntu Networking :: How To Check Packets Being Sent / Received Through WAN
Jan 14, 2010I am new to Ubuntu almost installed it after windows showed blue screen 4 ever n ever. However after installing ubuntu whenever I log in windows it doesnt detect any network connection but when I use Ubuntu it automatically does can it be that Ubuntu is causing any problem? And how to check how many packets are being sent and received through my wired network and do I have to install any drivers for my modem in Ubuntu.
View 5 Replies View RelatedUbuntu Networking :: Packets DROPPED By Firewall?
Mar 13, 2010I am using ubuntu 9.10. Configuring my firewall using guarddog. I have setup a rule to allow traffic OUT on port 7078 UDP, and just because i'm having problems i added an IN rule.
# Create the filter chains
# Create chain to filter traffic going from 'Internet' to 'Local'
ipchains -N f0to1
[code]....
