Hello,
I am new to iptables and i just succeed in creating a simple rule in my system.
I try to create a rule so that with just an IP public, let's say it is 202.x.y.140, so that i could accessed another 5 servers in the same internal network (10.x.x.0/24).
The firewall itself (Linux RHEL 4.3 with iptables 1.2.11) is on 10.x.x.1.
The rule is so that I could ssh directly to the 10.x.x.2 box using this line:
Code:
ssh 202.x.y.140 -l user -p 2202 (for 10.x.x.2)
ssh 202.x.y.140 -l user -p 2203 (for 10.x.x.3)
ssh 202.x.y.140 -l user -p 2204 (for 10.x.x.4)
and so on
And it works! But there is something strange happening lately. When it was reaching a 10 servers, the 10.x.x.1 server or the firewall, couldn't ping the 10.x.x.10.
When I open 2 terminal in the firewall box, i tried ping 10.x.x.10 and in the other one, I do
tcpdump | grep "10.x.x.10" and found this strange line..
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:23:51.564852 arp who-has 10.x.x.10 tell 202.x.y.150
10:23:51.564991 arp reply 10.x.x.10 is-at aa:bb:cc:dd:ee:05
10:23:51.565004 IP 202.x.y.150 > 10.x.x.10: icmp 64: echo request seq 0
10:23:51.567606 arp reply 10.x.x.10 is-at ff:gg:hh:ii:jj:00
10:23:53.563836 IP 202.x.y.150 > 10.x.x.10: icmp 64: echo request seq 2
10:23:54.563941 IP 202.x.y.150 > 10.x.x.10: icmp 64: echo request seq 3
10:23:55.566020 IP 202.x.y.150 > 10.x.x.10: icmp 64: echo request seq 4
10:23:56.565168 IP 202.x.y.150 > 10.x.x.10: icmp 64: echo request seq 5
in the first terminal, the ping got no reply at all but in the 2nd one, we could see that the reply is coming from the 202.x.y.150 which is my other server (Win2K).
And I notice that the first arp reply is coming from the correct mac address. But why does the second reply the mac address is changed?
Could somebody tell me, whether my configuration is incorrect or is there is any other issues that I don't know yet regarding this arp spoof?
Also whenever this weirdness happens, the Win2K box always got an IP Conflict error saying that the machine is detecting IP conflict with a machine on MAC Address xx:xx:xx:xx:xx which is the firewall!
How could the 202.x.y.140 conflicting with 202.x.y.150? i am very confused.
Any suggestion?