Login or Register to Ask a Question and Join Our Community


IP Networking

iptables: banned IP making it through!

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking iptables: banned IP making it through!
# 1  
Old 03-25-2011
iptables: banned IP making it through!
Hey folks!

Debian VPS running on proxmox host.
Linux ve2 2.6.18-3-pve #1 SMP Mon Sep 20 14:57:48 CEST 2010 i686

I have a most perplexing problem. I have 17 Drop rules in place in this VPS - and one of the banned ranges is making it through. (It happens to be a Googlebot).

Here is the rule from iptables -L w/line numbers
2 DROP all -- 66.249.0.0 0.0.0.0/0

(The reason I'm blocking this is to cut down on the noise in webserver logs BTW)

When I checked logs this morning I was totally horrified to discover that several IP's from that range had been crawling the site. (Not that they shouldn't, but this meant that iptables wasn't "working"). Until yesterday no 66.249.*.* IP had been in since I deployed iptables.

How do I troubleshoot this? What could possibly be wrong? Smilie

Umm, although I'd prefer not to, nevertheless I have to scream "help" here. Smilie

TIA for any pointers, I'm completely stumped.

Regards,
putter
# 2  
Old 03-25-2011
I don't see a netmask in there. It may be trying to match a literal 66.249.0.0
# 3  
Old 03-25-2011
iptables: banned IP making it through!
Quote:
Originally Posted by Corona688
I don't see a netmask in there. It may be trying to match a literal 66.249.0.0
ouch!

I get errors if I try and do:
Code:
/sbin/iptables -A INPUT -j DROP -s 66.249.0.0/16

is there another way I should be doing it?

As you may have gathered, I'm somewhat new to iptables, but I did a bunch of reading, surprised I missed this!

putter
# 4  
Old 03-25-2011
You could try /255.255.0.0 but your mask syntax already looks correct according to the manpage:
Code:
      [!] -s, --source address[/mask]
              Source specification. Address can be either a  network  name,  a
              hostname  (please  note  that specifying any name to be resolved
              with a remote query such as DNS is a really bad idea), a network
              IP address (with /mask), or a plain IP address.  The mask can be
              either a network mask or a plain number, specifying  the  number
              of 1's at the left side of the network mask.  Thus, a mask of 24
              is equivalent to  255.255.255.0.   A  "!"  argument  before  the
              address specification inverts the sense of the address. The flag
              --src is an alias for this option.

...so I suspect there's something up with something else in that line. What is the actual error?
# 5  
Old 03-25-2011
iptables: banned IP making it through!
Quote:
Originally Posted by Corona688
You could try /255.255.0.0 but your mask syntax already looks correct according to the manpage: <snip> ...so I suspect there's something up with something else in that line. What is the actual error?
Well, it seems to not be throwing errors any longer. If I may ask, should I also use a netmask on an individual IP? like 10.1.15.22/32?

THANKS FOR YOUR HELP! THANKS A LOT!

putter
# 6  
Old 03-25-2011
The mask is optional, if you don't give one it doesn't mask anything out (or assumes /32, however you want to describe it).
This User Gave Thanks to Corona688 For This Post:
putter1900
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question