Alan Kis's questions -server

Alan Kis

Asked: 2019-11-12 08:23:51 +0800 CST

How to forward UDP traffic on same eth0 interface from one to another port

1

I am trying to follow some guidelines to forward UDP traffic, but it seems that nothing works.

I am having a Syslog server pushing logs to my Logstash instance (yes, EC2) on port 514.

As this is a privileged port and I don't want to give JAVA privileges to run on non-privileged ports due to security restrictions, I need to forward the UDP traffic from one port to another port on the same interface.

I am not using loopback interface.

For testing purposes, I am using port 1025 as a DST port.

First, I am generating UDP traffic inside my VPN network using nc, like this:

nc -u xx.xx.xx.xx 1025

Where xx.xx.xx.xx is internal IP address. This machine is not reachable from the internet.

I can see traffic incoming on port 1025 using tcpdump, like this:

tcpdump -i eth0 UDP port 1025 -vv -X

I want this traffic being forwarded to port, let us say, 55514.

My NAT table looks like this:

[email protected]:/home/ubuntu# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   udp  --  anywhere             anywhere             udp dpt:1025 redir ports 55514

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

However, I do not see any traffic on the same interface when using tcpdump:

[email protected]:/home/ubuntu# tcpdump -i eth0 UDP port 55514 -vv -X
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

I have read dozens of articles, tried various rules, but I can't just put it to work.

As far as I read, the PREROUTING doesn't make sense when using the same interface.

Port forwarding is enabled:

[email protected]:/home/ubuntu# cat /proc/sys/net/ipv4/conf/eth0/forwarding
1

As it is EC2 instance, I have disabled src/dest check, but again, the traffic is not leaving this machine, so it shouldn't be relevant.

EDIT:

Machine is Ubuntu 16.04.6 LTS.

EDIT:

[email protected]:/home/ubuntu# iptables -L -t nat -v -n
Chain PREROUTING (policy ACCEPT 156 packets, 34827 bytes)
 pkts bytes target     prot opt in     out     source               destination
    5   163 REDIRECT   udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:1025 redir ports 55514
    0     0 REDIRECT   udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:1025 redir ports 6363

Chain INPUT (policy ACCEPT 157 packets, 34861 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 13 packets, 1201 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 13 packets, 1201 bytes)
 pkts bytes target     prot opt in     out     source               destination

Alan Kis

Asked: 2017-10-03 07:02:42 +0800 CST

How to add access list to Cisco ASA?

2

I have the following rules configured at my Cisco ASA firewall:

access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 3306
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2083
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2087
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2095

Now, when I want to add a rule to permit only a traffic to tcp to the specified IP address, like bellow, my rule is failing with ERROR: % Invalid Hostname

sh run access-list OUTSIDE_IN extended permit tcp ip yy.yy.yy.yy host xx.xx.xx.xx eq 10050

What am I doing wrong? As far as I see, my syntax is wrong, but official documentation is not helping me.

Alan Kis

Asked: 2016-12-18 10:51:46 +0800 CST

Allow single IP address in iptables and deny range

0

I have recently blocked whole range of IP addresses coming from China on my server, but I have to allow one or few. However I am not much familiar with iptables rules precedence.

My rules regarding this special case are like this bellow:

Chain            num   pkts bytes target     prot opt in     out     source               destination         

ALLOWIN          1        0     0 ACCEPT     all  --  !lo    *       223.252.213.134      0.0.0.0/0

ALLOWOUT         1        0     0 ACCEPT     all  --  *      !lo     0.0.0.0/0            223.252.213.134

CC_DENY          5      251 15060 DROP       all  --  *      *       223.252.192.0/18     0.0.0.0/0

Will this work way I would expect?

First allow, 223.252.213.134 and then deny range 223.252.192.0/1?

Alan Kis

Asked: 2016-02-18 02:33:10 +0800 CST

How to exclude Apache VirtualHost from global rewriting?

1

I have setup Let's Encrypt SSL certificate on my VPS, which works fine, but now all VirtualHost are trying to load over https://.

I have found RewriteRule directive in le-redirect.conf:

<VirtualHost _default_:80>


ServerSignature Off

RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

ErrorLog /var/log/apache2/redirect.error.log
LogLevel warn

But I am not sure how to exclude specific VirtualHost named example.com from matching https rewrite rule.

How to forward UDP traffic on same eth0 interface from one to another port

How to add access list to Cisco ASA?

Allow single IP address in iptables and deny range

How to exclude Apache VirtualHost from global rewriting?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?