Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables conundrum
Special Forums IP Networking iptables conundrum Post 302915401 by Shocco on Tuesday 2nd of September 2014 06:23:57 PM
Old 09-02-2014
Debian
sorry! the first set of numbers is supposed to be 192.168.222.4, more to add would be that 192.168.222.2 is the gateway and dns of 192.168.222.4

and yes there is a port range. i think thats only the case if it cant connect the the server on 10.10.10.250. but the program i need to use eats all traffic that isnt needed.

so in turn its 10.10.10.250 being the reporting box, 10.10.10.125 being the connection live to the web to hit said reporting box, and 192.168.222.2 being the gateway/dns server of 192.168.222.4.

192.168.222.4 > 192.168.222.2 > 10.10.10.125 > 10.10.10.250

i say this because the last time i had it working it showed 10.10.10.125 as the address for 192.168.222.4(i assume thats masquerading) on the reporting box, and in the inetsim config file it says what ip should be used if inetsim will act as a router for certain traffic

This is a malware traffic analysis box. so it needs to only have this one ip address allowed on this one port so that it can report findings of files run to said box.

the inetsim program also makes its own rules that are pretty annoying. at one point i had it telling me that it was established but wasnt showing activity on the destination server. and now its back to square one. let me know if you need more details. sorry for the typo!

and i have traffic from 10.10.10.250 already accepted, its from 192.168.222.2 that i cant get routed.
 

7 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Unix Grep Conundrum - Not for Noobies

Help, I have been stuck on this issue for weeks. I am a unix noobie. I have a very long string and within that string I am trying to get proc file names ie PROCNAME1=SOME_FILENAME_UPDTBASE.SQL There is a space on either side. I can't for the life of me peel out the proc name:... (13 Replies)
Discussion started by: owenian
13 Replies

2. Shell Programming and Scripting

Sed pattern space/looping conundrum

Although my sed skills are gradually developing, thanks in large part to this forum, I'm having a hard time dealing with pattern space and looping, which I suspect is what I'll need a better handle on to figure out my current issue, which is converting a multi line file like this: ... (4 Replies)
Discussion started by: tiggyboo
4 Replies

3. UNIX for Dummies Questions & Answers

umask conundrum

Hi All, i was reading up on a umask question on this forum and have a question on this. the umask value on my home PC running on cygwin is 022. when i create a dir it defaults to permission 755, when i create a file it defaults to 644. Now it starts at 777 for dirs and 666 for files and... (1 Reply)
Discussion started by: Irishboy24
1 Replies

4. Shell Programming and Scripting

Conundrum - Flexible way to strip extension

Hi, First post here. I have something that may prove to be difficult. I have the following files: Example1.0.0.tar.gz Example2.tar Example3.zip Example4.0.0.0.0.0.bzip2 I need to remove the file extensions and store as a variable so they look like this: Example1.0.0 Example2... (3 Replies)
Discussion started by: Spadez
3 Replies

5. Shell Programming and Scripting

sudo scripts conundrum

hello; Got a problem running monitoring scripts using sudo ssh.. Mgmt decided to take away root sudoers access.. so most of the scripts ran as: sudo ssh $BOX ... Now I need to run them as: echo $my_pw | sudo -S -l my_user_id $BOX ... I tried this but not working.. Any wisdom/tricks... (3 Replies)
Discussion started by: delphys
3 Replies

6. Red Hat

Physical Volume Create Conundrum

I want to start by saying I already resolved my issue but I want to understand why I am seeing what I am seeing. I have a server with a RAID controller two 500GB drives and six 600GB drives. The two 500GB drives are mirrored and have the OS installed on them. The six 600GB they wanted set as... (4 Replies)
Discussion started by: scotbuff
4 Replies

7. OS X (Apple)

Help in explaining this echo conundrum.

OSX 10.12.3, default bash terminal. Consider this code and note it is calling 'sh' inside the code... #!/bin/sh echo '1\n2\n2\n3\n5' > /tmp/text hexdump -C /tmp/text /bin/echo '1\n2\n3\n4\n5' > /tmp/text hexdump -C /tmp/text Now view the interactive mode below, note the underlying shell is... (6 Replies)
Discussion started by: wisecracker
6 Replies

LEARN ABOUT CENTOS

ipsec_eroute

IPSEC_EROUTE(5) 						  [FIXME: manual]						   IPSEC_EROUTE(5)

NAME

       ipsec_eroute - list of existing eroutes

SYNOPSIS

       ipsec eroute
	     cat/proc/net/ipsec_eroute

OBSOLETE

       Note that eroute is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in
       future versions. On the mast stack, use ipsec policy, on the netkey stack, use ip xfrm

DESCRIPTION

       /proc/net/ipsec_eroute lists the IPSEC extended routing tables, which control what (if any) processing is applied to non-encrypted packets
       arriving for IPSEC processing and forwarding. At this point it is a read-only file.

       A table entry consists of:

       +
	   packet count,

       +
	   source address with mask and source port (0 if all ports or not applicable)

       +
	   a '->' separator for visual and automated parsing between src and dst

       +
	   destination address with mask and destination port (0 if all ports or not applicable)

       +
	   a '=>' separator for visual and automated parsing between selection criteria and SAID to use

       +
	   SAID (Security Association IDentifier), comprised of:

       +
	   protocol (proto),

       +
	   address family (af), where '.' stands for IPv4 and ':' for IPv6

       +
	   Security Parameters Index (SPI),

       +
	   effective destination (edst), where the packet should be forwarded after processing (normally the other security gateway) together
	   indicate which Security Association should be used to process the packet,

       +
	   a ':' separating the SAID from the transport protocol (0 if all protocols)

       +
	   source identity text string with no whitespace, in parens,

       +
	   destination identity text string with no whitespace, in parens

       Addresses are written as IPv4 dotted quads or IPv6 coloned hex, protocol is one of "ah", "esp", "comp" or "tun" and SPIs are prefixed
       hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6

       SAIDs are written as "protoafSPI@edst". There are also 5 "magic" SAIDs which have special meaning:

       +
	   %drop means that matches are to be dropped

       +
	   %reject means that matches are to be dropped and an ICMP returned, if possible to inform

       +
	   %trap means that matches are to trigger an ACQUIRE message to the Key Management daemon(s) and a hold eroute will be put in place to
	   prevent subsequent packets also triggering ACQUIRE messages.

       +
	   %hold means that matches are to stored until the eroute is replaced or until that eroute gets reaped

       +
	   %pass means that matches are to allowed to pass without IPSEC processing

EXAMPLES

       1867 172.31.252.0/24:0 -> 0.0.0.0/0:0 => tun0x130@192.168.43.1:0

	() ()

       means that 1,867 packets have been sent to an eroute that has been set up to protect traffic between the subnet 172.31.252.0 with a subnet
       mask of 24 bits and the default address/mask represented by an address of 0.0.0.0 with a subnet mask of 0 bits using the local machine as a
       security gateway on this end of the tunnel and the machine 192.168.43.1 on the other end of the tunnel with a Security Association
       IDentifier of tun0x130@192.168.43.1 which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a Security Parameters Index of
       130 in hexadecimal with no identies defined for either end.

       746 192.168.2.110/32:0 -> 192.168.2.120/32:25 => esp0x130@192.168.2.120:6

	() ()

       means that 746 packets have been sent to an eroute that has been set up to protect traffic sent from any port on the host 192.168.2.110 to
       the SMTP (TCP, port 25) port on the host 192.168.2.120 with a Security Association IDentifier of tun0x130@192.168.2.120 which means that it
       is a transport mode connection with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end.

       125 3049:1::/64 -> 0:0/0 => tun:130@3058:4::5 () ()

       means that 125 packets have been sent to an eroute that has been set up to protect traffic between the subnet 3049:1:: with a subnet mask
       of 64 bits and the default address/mask represented by an address of 0:0 with a subnet mask of 0 bits using the local machine as a security
       gateway on this end of the tunnel and the machine 3058:4::5 on the other end of the tunnel with a Security Association IDentifier of
       tun:130@3058:4::5 which means that it is a tunnel mode connection with a Security Parameters Index of 130 in hexadecimal with no identies
       defined for either end.

       42 192.168.6.0/24:0 -> 192.168.7.0/24:0 => %passthrough

       means that 42 packets have been sent to an eroute that has been set up to pass the traffic from the subnet 192.168.6.0 with a subnet mask
       of 24 bits and to subnet 192.168.7.0 with a subnet mask of 24 bits without any IPSEC processing with no identies defined for either end.

       2112 192.168.8.55/32:0 -> 192.168.9.47/24:0 => %hold (east) ()

       means that 2112 packets have been sent to an eroute that has been set up to hold the traffic from the host 192.168.8.55 and to host
       192.168.9.47 until a key exchange from a Key Management daemon succeeds and puts in an SA or fails and puts in a pass or drop eroute
       depending on the default configuration with the local client defined as "east" and no identy defined for the remote end.

       2001 192.168.2.110/32:0 -> 192.168.2.120/32:0 =>

	esp0xe6de@192.168.2.120:0 () ()

       means that 2001 packets have been sent to an eroute that has been set up to protect traffic between the host 192.168.2.110 and the host
       192.168.2.120 using 192.168.2.110 as a security gateway on this end of the connection and the machine 192.168.2.120 on the other end of the
       connection with a Security Association IDentifier of esp0xe6de@192.168.2.120 which means that it is a transport mode connection with a
       Security Parameters Index of e6de in hexadecimal using Encapsuation Security Payload protocol (50, IPPROTO_ESP) with no identies defined
       for either end.

       1984 3049:1::110/128 -> 3049:1::120/128 =>

	ah:f5ed@3049:1::120 () ()

       means that 1984 packets have been sent to an eroute that has been set up to authenticate traffic between the host 3049:1::110 and the host
       3049:1::120 using 3049:1::110 as a security gateway on this end of the connection and the machine 3049:1::120 on the other end of the
       connection with a Security Association IDentifier of ah:f5ed@3049:1::120 which means that it is a transport mode connection with a Security
       Parameters Index of f5ed in hexadecimal using Authentication Header protocol (51, IPPROTO_AH) with no identies defined for either end.

FILES

       /proc/net/ipsec_eroute, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5),
       ipsec_pf_key(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

[FIXME: source] 						    10/06/2010							   IPSEC_EROUTE(5)
All times are GMT -4. The time now is 02:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy