Hi Folks,
I am trying to set up collection of data from a server at Rackspace
behind a firewall & a machine in our DMZ. The Rackspace firewall has
been configured to allow both TCP and UDP traffic on port 5556 in both
directions:
Type Protocol Port From To
permit tcp 5556 aaa.bbb.ccc.ddd/32 www.xxx.yyy.zzz/32
permit udp 5556 aaa.bbb.ccc.ddd/32 www.xxx.yyy.zzz/32
permit tcp 5556 www.xxx.yyy.zzz/32 aaa.bbb.ccc.ddd/32
permit udp 5556 www.xxx.yyy.zzz/32 aaa.bbb.ccc.ddd/32
aaa.bbb.ccc.ddd represents the IP of the Rackspace server.
www.xxx.yyy.zzz represents the IP of the DMZ server.
The iptables on the DMZ machine have the following rules:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * aaa.bbb.ccc.ddd
0.0.0.0/0 tcp dpt:5556
0 0 ACCEPT udp -- * * aaa.bbb.ccc.ddd
0.0.0.0/0 udp dpt:5556
Chain OUTPUT (policy ACCEPT 367 packets, 529K bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
aaa.bbb.ccc.ddd tcp dpt:5556
0 0 ACCEPT udp -- * * 0.0.0.0/0
aaa.bbb.ccc.ddd udp dpt:5556
I have started nprobe on the Rackspase server as follows:
nprobe -zmw "tcp://*:5556" -i eth0 -n www.xxx.yyy.zzz:5556 -u -1 -Q -1
Where www.xxx.yyy.zzz is the external IP of the DMZ machine.
I have started ntopng on the DMZ machine as follows:
ntopng -e -i tcp://aaa.bbb.ccc.ddd:5556 -w :8080
Things weren't working so I did a tcpdump on both endpoints.
On the Rackspace server I see UDP packets of length 1464 being
sent to the DMZ machine. One the DMZ machine I see zero length
TCP packets being sent to the Rackspase server. Neither one
is receiving any inbound traffic from the other.
It's almost as if there were still a firewall in place. Any
pointers on how to further diagnose this would be appreciated.
Kind regards,
Rob
--
Rob Bartlett
Hosting Engineer
LEO
52 Old Steine | Brighton | East Sussex | BN1 1NH | United Kingdom
Switchboard +441273728686
leolearning.com <http://leolearning.com>
SAVE PAPER
Please do not print this e-mail unless absolutely necessary. LEO is
accredited to the ISO 14001:2004 Environmental Management Standard.
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Please
note that any views or opinions presented in this email are solely those of
the author and do not necessarily represent those of LEO. LEO accepts no
liability for any damage caused by any virus transmitted by this email and
therefore you should check this email and any attachments for the presence
of viruses.
Leo Learning Limited. Registered in England under Company Number: 2371375.
Registered Office: 52 Old Steine, Brighton, East Sussex, BN1 1NH, UK
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
