iptables conundrum Post: 302915401

Sponsored Content

Special Forums IP Networking iptables conundrum Post 302915401 by Shocco on Tuesday 2nd of September 2014 06:23:57 PM

09-02-2014

Registered User

sorry! the first set of numbers is supposed to be 192.168.222.4, more to add would be that 192.168.222.2 is the gateway and dns of 192.168.222.4

and yes there is a port range. i think thats only the case if it cant connect the the server on 10.10.10.250. but the program i need to use eats all traffic that isnt needed.

so in turn its 10.10.10.250 being the reporting box, 10.10.10.125 being the connection live to the web to hit said reporting box, and 192.168.222.2 being the gateway/dns server of 192.168.222.4.

192.168.222.4 > 192.168.222.2 > 10.10.10.125 > 10.10.10.250

i say this because the last time i had it working it showed 10.10.10.125 as the address for 192.168.222.4(i assume thats masquerading) on the reporting box, and in the inetsim config file it says what ip should be used if inetsim will act as a router for certain traffic

This is a malware traffic analysis box. so it needs to only have this one ip address allowed on this one port so that it can report findings of files run to said box.

the inetsim program also makes its own rules that are pretty annoying. at one point i had it telling me that it was established but wasnt showing activity on the destination server. and now its back to square one. let me know if you need more details. sorry for the typo!

and i have traffic from 10.10.10.250 already accepted, its from 192.168.222.2 that i cant get routed.

Shocco

View Public Profile for Shocco

Find all posts by Shocco

7 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Unix Grep Conundrum - Not for Noobies

Help, I have been stuck on this issue for weeks. I am a unix noobie. I have a very long string and within that string I am trying to get proc file names ie PROCNAME1=SOME_FILENAME_UPDTBASE.SQL There is a space on either side. I can't for the life of me peel out the proc name:...

2. Shell Programming and Scripting

Sed pattern space/looping conundrum

Although my sed skills are gradually developing, thanks in large part to this forum, I'm having a hard time dealing with pattern space and looping, which I suspect is what I'll need a better handle on to figure out my current issue, which is converting a multi line file like this: ...

3. UNIX for Dummies Questions & Answers

umask conundrum

Hi All, i was reading up on a umask question on this forum and have a question on this. the umask value on my home PC running on cygwin is 022. when i create a dir it defaults to permission 755, when i create a file it defaults to 644. Now it starts at 777 for dirs and 666 for files and...

4. Shell Programming and Scripting

Conundrum - Flexible way to strip extension

Hi, First post here. I have something that may prove to be difficult. I have the following files: Example1.0.0.tar.gz Example2.tar Example3.zip Example4.0.0.0.0.0.bzip2 I need to remove the file extensions and store as a variable so they look like this: Example1.0.0 Example2...

5. Shell Programming and Scripting

sudo scripts conundrum

hello; Got a problem running monitoring scripts using sudo ssh.. Mgmt decided to take away root sudoers access.. so most of the scripts ran as: sudo ssh $BOX ... Now I need to run them as: echo $my_pw | sudo -S -l my_user_id $BOX ... I tried this but not working.. Any wisdom/tricks...

6. Red Hat

Physical Volume Create Conundrum

I want to start by saying I already resolved my issue but I want to understand why I am seeing what I am seeing. I have a server with a RAID controller two 500GB drives and six 600GB drives. The two 500GB drives are mirrored and have the OS installed on them. The six 600GB they wanted set as...

7. OS X (Apple)

Help in explaining this echo conundrum.

OSX 10.12.3, default bash terminal. Consider this code and note it is calling 'sh' inside the code... #!/bin/sh echo '1\n2\n2\n3\n5' > /tmp/text hexdump -C /tmp/text /bin/echo '1\n2\n3\n4\n5' > /tmp/text hexdump -C /tmp/text Now view the interactive mode below, note the underlying shell is...

LEARN ABOUT DEBIAN

lire::firewall::ipfilterdlfconverter

IpfilterDlfConverter(3pm)				  LogReport's Lire Documentation				 IpfilterDlfConverter(3pm)

NAME

       Lire::Firewall::IpfilterDlfConverter - convert ipf (ipmon) logs to firewall DLF

DESCRIPTION

       Lire::Firewall::IpfilterDlfConverter converts Ipfilter logs into firewall DLF format.  Input for this converter is the standard ipf syslog
       log file as produced by ipmon. IP Filter is shipped with FreeBSD, OpenBSD (up to 2.9) and some other OS's.

EXAMPLE

       A ipfilter logfile which looks like

	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:40:24 rolle ipmon[16747]: 07:40:23.631307	ep1 @0:6
	 b 192.168.26.5,113 -> 192.168.26.1,3717 PR tcp len 20 40 -AR OUT
	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:44:11 rolle ipmon[16747]: 07:44:10.605416 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN
	Oct 30 07:44:34 rolle ipmon[16747]: 07:44:33.891869	ie0 @0:10
	 b 192.168.48.1,23406 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:49:13 rolle ipmon[16747]: 07:49:12.554420	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,61915 - 210.132.100.117,53 PR udp len 20 23040 IN
	Oct 30 07:50:23 rolle ipmon[16747]: 07:50:22.908107	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,4480 - 210.132.100.117,53 PR udp len 20 19712 IN
	Oct 30 07:56:11 rolle ipmon[16747]: 07:56:11.113029 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN

       (that's: .... 'PR' protocol 'len' length_of_ip_headers_saved packetlength direction) will get converted to something like

	994398737 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994398861 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.1 - 56
	994398862 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994406849 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406850 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406866 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 98

SEE ALSO

       ipl(4) for description of log structure.

       The ipmon.c source (e.g. on

	http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ 
	 src/usr.sbin/ipmon/Attic/ipmon.c?rev=1.27& 
	 content-type=text/plain&hideattic=0

       ) for the specification of the log syntax.

       The IP Filter webpage on http://coombs.anu.edu.au/~avalon/ip-filter.html

AUTHOR

       Joost van Baal <joostvb@logreport.org>, Wessel Dankers <wsl@logreport.org>

VERSION

       $Id: IpfilterDlfConverter.pm,v 1.7 2009/03/15 08:10:55 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2001-2003 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2009-03-15						 IpfilterDlfConverter(3pm)