thus spoke nudzo in 'LINUX pro uplne zacatecniky' :: Something smarter than us is going to emerge


node:	thus spoke nudzo in 'LINUX pro uplne zacatecniky'
template:	4
parent:	thus spoke hroch in 'LINUX pro uplne zacatecniky'
owner:	nudzo
viewed by:
created:	25.05.2004 - 17:22:47

cwbe coordinatez:
101
63540
63542
2109677
63692
861121
861676

ABSOLUT
KYBERIA

permissions
you:	r,
system:	public
net:	yes

Nezabudaj, ze po uspesnom spojeni na serverovom porte sa komunikacia redirektne na po niektory volny port povyse 1024... a ty vsetko okrem 80 a 22 dropujes...
Uprav si toto... http://iptables-tutorial.frozentux.net/scripts/rc.firewall.txt pripadne si to prestuduj... ;-)

0000010100063540000635420210967700063692008611210086167600861766

neblbni, preco by sa redirektovala?

jurajbug:~ juraj$ sudo tcpdump -i en1 -n host www.kyberia.sk
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
17:37:18.282709 IP 192.168.2.110.50120 > 195.168.3.82.80: S 1547229166:1547229166(0) win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 3641030868 0>
17:37:18.296930 IP 195.168.3.82.80 > 192.168.2.110.50120: S 4049419239:4049419239(0) ack 1547229167 win 5792 <mss 1460,nop,nop,timestamp 80340284 3641030868,nop,wscale 0>
17:37:18.297035 IP 192.168.2.110.50120 > 195.168.3.82.80: . ack 1 win 65535 <nop,nop,timestamp 3641030868 80340284>
17:37:21.398875 IP 192.168.2.110.50120 > 195.168.3.82.80: P 1:17(16) ack 1 win 65535 <nop,nop,timestamp 3641030875 80340284>
17:37:21.412205 IP 195.168.3.82.80 > 192.168.2.110.50120: . ack 17 win 5792 <nop,nop,timestamp 80340596 3641030875>
17:37:22.004650 IP 192.168.2.110.50120 > 195.168.3.82.80: P 17:19(2) ack 1 win 65535 <nop,nop,timestamp 3641030876 80340596>
17:37:22.021470 IP 195.168.3.82.80 > 192.168.2.110.50120: . ack 19 win 5792 <nop,nop,timestamp 80340657 3641030876>
17:37:22.025638 IP 195.168.3.82.80 > 192.168.2.110.50120: P 1:453(452) ack 19 win 5792 <nop,nop,timestamp 80340657 3641030876>
17:37:22.026155 IP 195.168.3.82.80 > 192.168.2.110.50120: F 453:453(0) ack 19 win 5792 <nop,nop,timestamp 80340657 3641030876>
17:37:22.026213 IP 192.168.2.110.50120 > 195.168.3.82.80: . ack 454 win 65535 <nop,nop,timestamp 3641030876 80340657>
17:37:22.029994 IP 192.168.2.110.50120 > 195.168.3.82.80: F 19:19(0) ack 454 win 65535 <nop,nop,timestamp 3641030876 80340657>
17:37:22.043851 IP 195.168.3.82.80 > 192.168.2.110.50120: . ack 20 win 5792 <nop,nop,timestamp 80340659 3641030876>

(v druhom okne som pustil telnet na www.kyberia.sk 80 a dal stiahnut stranku). nic sa nikde neredirektlo, na serveri je to port 80 stale.

akurat spojenie jednoznacne urcuje stvorica (zdrojova adresa, zdrojovy port, cielova adresa, cielovy port).

a to som prave vyriesil tym -m state --state ESTABLISHED,RELATED

000001010006354000063542021096770006369200861121008616760086176600862216

Aaale sa mi vynorili dake cudne imprinty z cias, ked som riesil na cvika zadania typu napiste tcp server/client a nepouzite bsd sockety z libc... Takze zavaadzam... :-) No ale presne to iste som xel... -m state --state ESTABLISHED,RELATED a netreba sa zamyslat nad aktualnym stavom spojenia... BTW z toho dumpu sa da vidiet preco tie ruly povyse nie su dobre, resp. neficia spojenia. BTW2 pri ladeni posledne dva riadky pre INPUT odporucam:
iptables -A INPUT -p TCP -j LOG --log-prefix "TCP -> REJECT:"
iptables -A INPUT -p TCP -j REJECT
Obdobne UDP... 1. riadok loguje 2. odpoveda na cudne konekty s ICMP (traceroute ukaze na poslednom hope, to co ma, nie * * *)

00000101000635400006354202109677000636920086112100861676008617660086221600862734

na log urcite este -m limit s nejakym rozumnym rateom.

0000010100063540000635420210967700063692008611210086167600861766008622160086273400865857

diky chlapi