LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-26-2005, 08:42 AM   #1
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
Iptables is converting -s 192.168.1.0/8 into 192.0.0.0/8 why !?


My firewall needs often change, in in an effort to make a easily felaxable firewall, i went tith the following format.

Chains like "DO_SSHD" find ssh traffic from valid hosts, then -j jumps it to anouther chain called "SSH_RULE"

i can then turn ON of OFF SSf with a simply comman...
iptables -F SSH_RULE
iptables -A SSH_RULE -j DROP

i do the same for Samba / FTP and HTTP servers.

there are 2 trusted Ip address ranges.. my university x.243.0.0/16 and the local network.
Iptables accepts x.243.0.0/16, and traffic from university is allowde through... however when i write the rule....

iptables -A DO_FTPD -p tcp --dport ftp -s 192.168.1.0/8 -j FTP_RULE

whn i look at the rile with "iptables -vL" the rule has changed to

Quote:
0 0 FTP_RULE tcp -- any any 192.0.0.0/8 anywhere tcp dpt:ftp
the WRONG ip range.

why is iptables doing this ? how should i specify all IP's in my home network (between 192.168.1.X ???)

i cant work it out, this is driving me mad !

incase its important, im running a freshly compiled Gentoo on the MAD64 platform, with kernel gentoo-2.6.9-r14.

thanX
 
Old 01-26-2005, 08:58 AM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 65
The problem is the /8. The mask (number after the /) indicates how many bits to consider. An IP (version 4) is a 32 bit number. Each number between the .'s is 8 bits. By saying /8 you mean only match the first 8 bits. Thus 192.anything/8 would be matched as 192.0.0.0. If you want to match 192.168.1.x then you need to put 192.168.1.0/24. Since the first 3 bytes equals 24 bits.
 
Old 01-26-2005, 09:57 AM   #3
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
Ahhh.. I thought /X meant consider the IP address, with range of IP + X bits From the right.... thanks

Last edited by qwijibow; 01-26-2005 at 10:06 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is someone on my network?! ::ffff:192.168.0.10:ssh ::ffff:192.168.0.:38201 ESTABLISHE ming0 Linux - Security 4 04-12-2005 01:04 AM
192.168.2.1 network with 192.168.0.1? Micro420 Linux - Networking 2 02-27-2005 06:59 AM
What does this mean? 192.168.254.32/24 costasm Linux - Networking 5 12-06-2003 04:57 PM
192.168.0.# and webserver. Is it possible? woranl Linux - Networking 16 06-02-2003 12:16 PM
192.168.0.0/25 ? Firew Linux - Networking 1 04-12-2001 01:02 PM


All times are GMT -5. The time now is 02:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration