iptables, forse altri problemi di prerouting

Thu, 25 Oct 2007 09:33:40 -0700 

Buonngiorno a tutti.
Qualcuno ha una motivazione plausibile secondo cui, a fronte di queste regole scarico la posta che passa dalla 110 143 ma non quella di gmail che passa sulla 995??? 

PROXYPORT='110 143 993 995'
for proxyport in $PROXYPORT

$IPT -t nat -A PREROUTING -i $EXT -p tcp --dport $proxyport -j REDIRECT 
--to-port 8110
$IPT -t nat -A PREROUTING -i $EXT -p udp --dport $proxyport -j REDIRECT 
--to-port 8110
$IPT -t nat -A PREROUTING -i $INT1 -p tcp --dport $proxyport -j 
REDIRECT --to-port 8110
$IPT -t nat -A PREROUTING -i $INT1 -p udp --dport $proxyport -j 
REDIRECT --to-port 8110
$IPT -t nat -A PREROUTING -i $INT2 -p tcp --dport $proxyport -j 
REDIRECT --to-port 8110
$IPT -t nat -A PREROUTING -i $INT2 -p udp --dport $proxyport -j 
REDIRECT --to-port 8110
$IPT -t nat -A OUTPUT  -p tcp --dport 110 -m owner --uid-owner 
$P3SCAN_USER -j ACCEPT
$IPT -t nat -A OUTPUT  -p udp --dport 110 -m owner --uid-owner 
$P3SCAN_USER -j ACCEPT;

done

Alcuni dump x la diagnosi.

pbt:~# watch -n 1 "/sbin/iptables -t nat -L -n -v"

    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:25 redir ports 10026
    0     0 REDIRECT   tcp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:25 redir ports 10026
    0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:110 redir ports 8110
    0     0 REDIRECT   udp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:110 redir ports 8110
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:110 redir ports 8110
    0     0 REDIRECT   udp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:110 redir ports 8110
    6   360 REDIRECT   tcp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:110 redir ports 8110
    0     0 REDIRECT   udp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:110 redir ports 8110
    0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:143 redir ports 8110
    0     0 REDIRECT   udp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:143 redir ports 8110
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:143 redir ports 8110
    0     0 REDIRECT   udp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:143 redir ports 8110
    0     0 REDIRECT   tcp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:143 redir ports 8110
    0     0 REDIRECT   udp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:143 redir ports 8110
    0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:993 redir ports 8110
    0     0 REDIRECT   udp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:993 redir ports 8110
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:993 redir ports 8110
    0     0 REDIRECT   udp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:993 redir ports 8110
    0     0 REDIRECT   tcp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:993 redir ports 8110
    0     0 REDIRECT   udp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:993 redir ports 8110
    0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:995 redir ports 8110
    0     0 REDIRECT   udp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:995 redir ports 8110
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:995 redir ports 8110
    0     0 REDIRECT   udp  --  eth1   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:995 redir ports 8110
    6   360 REDIRECT   tcp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:995 redir ports 8110
    0     0 REDIRECT   udp  --  eth2   *       0.0.0.0/0            
0.0.0.0/0           udp dpt:995 redir ports 8110



pbt:~# tcpdump -i eth2 port  995

tcpdump: verbose output suppressed, use -v or -vv for full protocol 
decode

listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes

18:22:12.007994 IP tiranno.52190 > mu-in-f109.google.com.pop3s: S 
2327777768:2327777768(0) win 65535 <mss 1460,nop,wscale 
0,nop,nop,timestamp 451950160 0>
18:22:12.008025 IP mu-in-f109.google.com.pop3s > tiranno.52190: S 
1447103863:1447103863(0) ack 2327777769 win 5840 <mss 1460>
18:22:12.008297 IP tiranno.52190 > mu-in-f109.google.com.pop3s: . ack 1 
win 65535
18:22:12.009989 IP tiranno.52190 > mu-in-f109.google.com.pop3s: P 
1:112(111) ack 1 win 65535
18:22:12.010017 IP mu-in-f109.google.com.pop3s > tiranno.52190: . ack 
112 win 5840
18:22:12.401545 IP tiranno.52195 > mu-in-f109.google.com.pop3s: S 
3740327402:3740327402(0) win 65535 <mss 1460,nop,wscale 
0,nop,nop,timestamp 451950161 0>
18:22:12.401600 IP mu-in-f109.google.com.pop3s > tiranno.52195: S 
1455840892:1455840892(0) ack 3740327403 win 5840 <mss 1460>
18:22:12.402193 IP tiranno.52195 > mu-in-f109.google.com.pop3s: . ack 1 
win 65535
18:22:15.186067 IP tiranno.52195 > mu-in-f109.google.com.pop3s: P 
1:112(111) ack 1 win 65535
18:22:15.186083 IP mu-in-f109.google.com.pop3s > tiranno.52195: . ack 
112 win 5840





--

Per REVOCARE l'iscrizione alla lista, inviare un email a 
[EMAIL PROTECTED] con oggetto "unsubscribe". Per

problemi inviare un email in INGLESE a [EMAIL PROTECTED]

To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]















    











					Rispondere a