Need help installing Trace to debug Iptables

aboka · 07-18-2020, 05:25 AM

hi, found an article online that use Trace to debug iptables. I try installing but it will give the error below. Wondering if anyone get this too and how do we solve them? Am using root on Ubuntu 20.04 LTS

Code:

echo ipt_LOG >/proc/sys/net/netfilter/nf_log/2
-bash: echo: write error: No such file or directory

article - https://www.opsist.com/blog/2015/08/...-is-doing.html

thank you,

berndbausch · 07-18-2020, 11:10 PM

I guess that the number is your interface number. On my system, /proc/sys/net/netfilter/nf_log contains files 0, 1, 2, ..., though these numbers have nothing to do with the indices displayed by the ip link command.

Thus, my next guess is that you have two interfaces, loopback and your main interface, and therefore /proc/sys/net/netfilter/nf_log only contains files 0 and 1.

TLDR: Try /proc/sys/net/netfilter/nf_log/1 instead.

berndbausch · 07-18-2020, 11:23 PM

Quote:

Originally Posted by berndbausch

I guess that the number is your interface number.

Totally wrong.
The numbers are protocol numbers.
Try modprobing something else, such as nf_log_ipv4.

What do you get from

Code:

ls /proc/sys/net/netfilter/nf_log
cat /proc/net/netfilter/nf_log

?

aboka · 07-19-2020, 12:02 AM

Quote:

Originally Posted by berndbausch

Totally wrong.
The numbers are protocol numbers.
Try modprobing something else, such as nf_log_ipv4.

What do you get from

Code:

ls /proc/sys/net/netfilter/nf_log
cat /proc/net/netfilter/nf_log

?

hi, im testing this on a Pi running Ubuntu 20.04 64bit. its default user is Ubuntu and I change to root(sudo su) since it say permission denied for user Ubuntu.

When i try run this-

Code:

modprobe nf_log_ipv4
echo nf_log_ipv4 >/proc/sys/net/netfilter/nf_log_ipv4/2
bash: /proc/sys/net/netfilter/nf_log_ipv4/2: No such file or directory

Code:

ls /proc/sys/net/netfilter/nf_log
0  1  10  11  12  2  3  4  5  6  7  8  9

Code:

cat /proc/net/netfilter/nf_log
 0 NONE ()
 1 NONE ()
 2 nf_log_ipv4 (nf_log_ipv4)
 3 NONE ()
 4 NONE ()
 5 NONE ()
 6 NONE ()
 7 NONE ()
 8 NONE ()
 9 NONE ()
10 NONE ()
11 NONE ()
12 NONE ()

Thank you,

aboka · 07-19-2020, 12:27 AM

I change the second line to

Code:

echo nf_log_ipv4 >/proc/sys/net/netfilter/nf_log/2

and it didn't show any error now.

but how do i try them? i follow the guide on the page to Trace a port(OpenVPN) -

Code:

iptables -t raw -I PREROUTING -p udp --dport 1194 -j TRACE

then i run this

Code:

dmesg | grep 'TRACE: raw:PREROUTING:policy' | head -1
[ 2068.518401] TRACE: raw:PREROUTING:policy:2 IN=wlan0 OUT= MAC=b8:27:eb:9a:d9:a                                                                                        5:00:72:63:52:da:20:08:00 SRC=183.171.88.171 DST=192.168.1.13 LEN=104 TOS=0x00 P                                                                                        REC=0x00 TTL=51 ID=40359 DF PROTO=UDP SPT=49017 DPT=1194 LEN=84

but it returns nothing when run this line

Code:

dmesg | grep ID=40359

am i doing something wrong? please suggest some way to test, or further reading on this as like to learn howto debug iptables. as this is a very important thing to learn in linux. recently spend so many hours tinker here and there just bcoz of one iptables rule. would be great if we can look into what happens in the back like where is the blockage and figure out how to let them pass thru or something like that

thank you.

berndbausch · 07-19-2020, 12:31 AM

Sorry, iptables tracing is something I want to try but I have no experience so far. I was just curious about your original question (and totally missed the incorrect directory that you used).

aboka · 07-19-2020, 12:36 AM

Quote:

Originally Posted by berndbausch

Sorry, iptables tracing is something I want to try but I have no experience so far. I was just curious about your original question (and totally missed the incorrect directory that you used).

No worry pal, you have help so much. at least i could run them now. thanks alot

and do you know if we need to cleanup(the modprobe, echo nf thingy) after using? if yes, how?

p/s - u hv any suggest reading for this topic?

berndbausch · 07-19-2020, 02:49 AM

Quote:

Originally Posted by aboka

and do you know if we need to cleanup(the modprobe, echo nf thingy) after using? if yes, how?

It's the opposite. Once you reboot, the tracing is gone. If you need it to be permanent, you have to add the kernel module to a file like /etc/modules (the precise method depends on your distro).

Quote:

p/s - u hv any suggest reading for this topic?

This seems to be sparsely documented. I would start at netfilter.org and perhaps use their mailing list, both to see if there are discussions around that subject and to ask questions.

aboka · 07-21-2020, 09:05 AM

@berndbausch thanks a lot. hope someone will chip in with more info in future rgd this topic. cheers