LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-26-2010, 04:05 PM   #16
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15

Here is a section of the output:

Code:
192.168.0.2:1247           => 90.207.227.93:www          3.05Kb  5.70Kb  3.67Kb
                           <=                            1.79Kb  87.2Kb  67.9Kb
192.168.0.2:1249           => 90.207.227.93:www          3.16Kb  5.33Kb  2.42Kb
                           <=                            1.80Kb  54.3Kb  24.7Kb
192.168.0.2:1266           => 87.82.51.93:www            8.21Kb  2.87Kb  1.30Kb
                           <=                             169Kb  38.2Kb  17.4Kb
192.168.0.2:1250           => 90.207.227.93:www          3.38Kb  4.83Kb  2.19Kb
                           <=                            14.2Kb  35.4Kb  16.1Kb
192.168.0.2:1257           => 90.207.227.92:www             0b   1.45Kb   677b
                           <=                               0b   21.4Kb  9.74Kb
192.168.0.2:1268           => 87.82.51.93:www            11.9Kb  3.54Kb  1.61Kb
                           <=                            57.9Kb  16.0Kb  7.27Kb
192.168.0.2:1264           => 87.82.51.93:www            11.3Kb  3.97Kb  1.81Kb
                           <=                            43.7Kb  10.8Kb  4.91Kb
192.168.0.2:1265           => 87.82.51.93:www            11.5Kb  3.96Kb  1.80Kb
                           <=                            39.8Kb  10.0Kb  4.55Kb
192.168.0.2:1252           => 90.207.227.93:www          3.32Kb  3.13Kb  1.42Kb
                           <=                            14.0Kb  5.78Kb  2.63Kb
192.168.0.2:1263           => 87.82.51.93:www            11.1Kb  4.44Kb  2.02Kb
                           <=                            9.48Kb  3.07Kb  1.39Kb
192.168.0.2:1251           => 90.207.227.93:www          2.96Kb  3.06Kb  1.39Kb
                           <=                            1.79Kb  3.17Kb  1.44Kb
192.168.0.2:1253           => 90.207.227.93:www          3.21Kb  3.11Kb  1.41Kb
                           <=                            7.85Kb  3.05Kb  1.39Kb
192.168.0.2:1229           => 159.134.196.161:www        6.20Kb  3.53Kb  1.60Kb
                           <=                            2.31Kb  1.14Kb   530b
192.168.0.2:1230           => 159.134.196.161:www        11.6Kb  3.53Kb  1.60Kb
                           <=                            3.39Kb  1.14Kb   530b
192.168.0.2:1272           => 212.118.226.93:www         8.94Kb  1.79Kb   832b
                           <=                            9.99Kb  2.00Kb   930b
────────────────────────────────────────────────────────────────────────────────
TX:             cumm:  93.6KB   peak:    113Kb  rates:    113Kb  67.8Kb  32.9Kb
RX:                     466KB            442Kb            391Kb   304Kb   167Kb
TOTAL:                  560KB            504Kb            504Kb   372Kb   200Kb
Can i get it to output to a file so u can see the whole thing?
 
Old 04-26-2010, 04:26 PM   #17
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
Well it's definitely coming through the ubuntu machine. I guess that was eth0
run the same command again but with -i eth1

Code:
iftop -nP -i eth1 -f "port 80"
Is the virtual machine set up to nat connections ?
 
Old 04-26-2010, 04:41 PM   #18
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Here is a sample of the output when i run it with eth1:

Code:
89.207.56.140              => 192.168.0.2                   0b      0b   8.28Kb
                           <=                               0b      0b    966b
216.239.59.148             => 192.168.0.2                   0b      0b   7.83Kb
                           <=                               0b      0b    758b
216.239.59.144             => 192.168.0.2                   0b      0b   1.83Kb
                           <=                               0b      0b    709b
212.147.135.190            => 192.168.0.2                   0b      0b    348b
                           <=                               0b      0b    331b
69.63.180.45               => 192.168.0.3                   0b      0b     54b
                           <=                               0b      0b    309b
159.134.196.136            => 192.168.0.2                   0b      0b    118b
                           <=                               0b      0b    165b


















────────────────────────────────────────────────────────────────────────────────
TX:             cumm:  93.2KB   peak:    204Kb  rates:      0b      0b   18.4Kb
RX:                    15.9KB           44.3Kb              0b      0b   3.16Kb
TOTAL:                  109KB            248Kb              0b      0b   21.6Kb
I don't know if it is set up to nat connections but im using two bridged network adapters.
 
Old 04-26-2010, 04:48 PM   #19
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
What about if you change the iptables rule to this
Code:
iptables -A INPUT -j DROP -p tcp --dport 80 -s 192.168.0.2 -i eth1
 
Old 04-26-2010, 04:59 PM   #20
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Nope that didnt work either. Is there any configuration I have to do for iptables? as I didn't even have to install it it was just installed by default in ubuntu.
 
Old 04-26-2010, 05:09 PM   #21
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
No configuration needed.
Just getting it to block anything would be useful at this point.
Have you restarted iptables at all since you've been adding these rules ?

iptables restart
or
iptables-restart

(i'm basing this on fedora which has a different comand set up)

which clears all the latest rules out.

Then try

Code:
iptables -A FORWARD -s 192.168.0.2 -i eth1 -j DROP

Last edited by smoker; 04-26-2010 at 05:18 PM.
 
Old 04-26-2010, 05:15 PM   #22
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Well that seemed to work. Cant access the net on the xp host after running this command.

I can still ping eth0 and eth1 though.

But times out when pinging the router at 192.168.1.254
 
Old 04-26-2010, 05:19 PM   #23
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
Put the --dport 80 back in and try that then
 
Old 04-26-2010, 05:32 PM   #24
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Yes. That seems to have worked. Finally.

Thank you very much for your patience.
 
Old 04-26-2010, 05:35 PM   #25
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
I would have a read of man iptables and try to get a grip of all the commands and filters available.

I have a fedora vm running on a fedora host, but my gateway is my router, so I didn't really want to risk breaking everything here to test it exactly.
 
Old 04-26-2010, 05:38 PM   #26
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
No problem. You have been very helpful.

Do you know anything about executing iptables from php?
 
Old 04-26-2010, 07:40 PM   #27
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
No, I'm a perl man really, or more lately bash.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BLOCK any web site ( IPTABLES ) barcaalep Linux - Networking 5 10-13-2008 05:26 AM
BLOCK any web site ( IPTABLES ) barcaalep Linux - Security 2 10-08-2008 02:18 PM
trying to block users from accessing web site with iptables Histamine Linux - Security 2 08-10-2007 09:36 AM
trying to block user from accessing external web site with iptables Histamine Linux - Networking 1 08-10-2007 08:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration