I have a software router running OpenBSD and a DPI service on a VM on a separate physical machine.
I want all the passing traffic to be mirrored from the OpenBSD machine to the DPI machine online (not bulk-wise but with reasonably minimized lag). I know of a method to tunnel tcpdump output via SSH to the listening host and tcpreplaying it there, but it feels really hacky.
What a proper method would be for my setup? Something tunnely perhaps like GRE mirroring?
If i understand correctly this could be done with a bridge.
Lets say you have incoming traffic on if1 , outgoing on if2 and you have an if3 back to back with your DPI machine and ip forwarding is enabled.
then you could
ifconfig bridge0 create
ifconfig bridge0 add if1 add if2 up
ifconfig bridge0 addspan if3
then according to man 4 bridge
SPAN PORTS
The bridge can have interfaces added to it as span ports. Span ports
transmit a copy of every frame received by the bridge. This is most
useful for snooping a bridged network passively on another host connected
to one of the span ports of the bridge. Span ports cannot be bridge
members; instead, the addspan and delspan commands are used to add and
delete span ports to and from a bridge.
Related
I have a pcap file that I modified with tcprewrite to set source and destination IP = 127.0.0.1, while the port numbers are different. I also set both mac addresses to 00:00:00:00:00:00 as I understand that comms over localhost ignore MAC. I made sure checksum was fixed.
When I run tcpreplay -i lo test-lo.pcap in one shell, and tcpdump -i lo -p udp port 50001 in another, I see the traffic. Yet, when I try to view the traffic with netcat -l -u 50001, it sees nothing. Wireshark is capturing the traffic correctly.
Side note: I'm seeing the following warning when running tcpreplay on localhost:
Warning: Unsupported physical layer type 0x0304 on lo. Maybe it works, maybe it won't. See tickets #123/318 That seems worrisome.
I'm asking because my own UDP listener code is also having the same problem as netcat and thought that maybe I'm missing something. Why would traffic be seen by tcpdump and wireshark, and not by netcat?
I'm asking because my own UDP listener code is also having the same problem as netcat and thought that maybe I'm missing something. Why would traffic be seen by tcpdump and wireshark, and not by netcat?
Look at this image of the kernel packet flow from wikipedia:
As you can see, there are different places along the path where packets can be accessed. Wireshark uses libpcap, which uses an AF_PACKET socket to see packets. Your UDP listener, like netcat, uses regular user-space sockets. Let's highlight both on this image. Wireshark obtains packets via the red path, netcat via the purple one:
As you can see, there is a whole sequence of steps packets have to go through in the kernel to get to a local process socket. These steps include bridging, routing, filtering etc. Which step drops your packets? I don't know. You can try tweaking the packets and maybe you'll get lucky.
If you want a more systematic approach, use a tool like dropwatch. It hooks into the kernel and shows you counters of where the kernel drops packets.
I am trying to set up a STUN/TURN server on my local computer for a webrtc application of me. I decided to use coturn. Note that my server is running behind a NAT.
So i fired up my Ubuntu VM and installed it. After reading through the wiki I got it working, atleast on my local network. For testing purposes, i use this site. Therefore, when i try it there with 192.168.178.25:3478, it works. When i try it with "public-ip":3478, it doesnt.
This told me, it is working locally and it should be a port/NAT issue. What i did:
1) I set the VM to Bridging
2) I opened the port 3478 on my router. To test if this is really working, i used telnet on a remote machine and it worked. Another test was that i set up a quick apache server on my local machine on port 3478 and it could be accessed from the outside. This told me that there is, or should be, not port/NAT issue and my turn server should be working.
Any ideas?
I am running my server with the following command:
"sudo turnserver -X "public-ip" -listening-port=3478 -v
The turnserver.conf looks something like this:
fingerprint
realm="myRealm"
lt-cred-mech
user=test:test
As telnet and apache server are both working, i am pretty sure i have a configuration issue. I basically spent the weekend trying and im really lost on what could be wrong.
Thanks for any help!
From the documentation of turnserver
-X, --external-ip <public-ip>[/private-ip] TURN Server public/private address mapping, if the server is behind NAT. In that situation, if a -X is used in form "-X " then that ip will be reported as relay IP address of all allocations. This scenario works only in a simple case when one single relay address is to be used, and no CHANGE_REQUEST STUN functionality is required. That single relay address must be mapped by NAT to the 'external' IP. The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field. For that 'external' IP, NAT must forward ports directly (relayed port 12345 must be always mapped to the same 'external' port 12345). In more complex case when more than one IP address is involved, that option must be used several times, each entry must have form "-X ", to map all involved addresses. CHANGE_REQUEST NAT discovery STUN functionality will work correctly, if the addresses are mapped properly, even when the TURN server itself is behind A NAT. By default, this value is empty, and no address mapping is used.
So, it is not enough that you expose only the listening port from the inside LAN to the public network but all ports that you are going to use to relay. Please, note what is said in the same documentation:
--min-port <port> Lower bound of the UDP port range for relay endpoints allocation. Default value is 49152, according to RFC 5766.
--max-port <port> Upper bound of the UDP port range for relay endpoints allocation. Default value is 65535, according to RFC 5766.
You should choose a range of ports in the server, configure with them the options --min-port and --max-port and create a NAT rule to expose those ports to the public side of the router without change.
Okay, here's the situation I am in. I have a raspberry Pi 2 model B. I have Raspbain Jessie installed as the OS. I have Apache installed as well. I have a web server running and i am able to edit it and access the site from different devices on different internet connections. I want to be able to connect to my RaspPi through SSH on my MacBook Pro. I am able to do this while on the same network. My Pi is plugged into the router via an Ethernet. What i have tried is, logging into my router and reserving an IP for my Pi, i also entered my MAC address here. I have gone into the port forwarding options in my router and have it set up as: HTTP, TCP, Server address(the one i reserved) my Ipv6, and Start port 80, end port 80. Ontop of that i have gone into my /etc/dhcpcd.conf file. There at the end of the file i added
interface eth0
static ip_address=10.0.0.100
static routers=10.0.0.1
static domain_name_servers=68.44.180.118 2001:558:feed::1 2001:558:feed::2
The guide I followed is attached here and follows other guides i have seen.
http://www.circuitbasics.com/how-to-set-up-a-static-ip-on-the-raspberry-pi/
Yet when i try to SSH remotely i cannot get a connection, and when i connect on the same internet i can connect as normal. Please if anybody sees what could help .
Your router's firewall is probably blocking the ports for SSH, which does not use port 80 (in raspbian, I think its default is port 22). If you are going to take the risk of leaving your SSH open to the public, you should probably switch it to a different port other than the default before opening up a port on your firewall. The Raspbian Community has a thread on how to properly change SSH's default server port. You'll also need to make sure your SSH client is using the same port. You will need to leave 80 open for web, and also forward the SSH port, which ever you choose that to be (22 is the default).
I don't have a ton of experience with routers or port forwarding, but I do have a new Raspberry Pi and I wanted to see if I could set up a simple Hello World page just for educational purposes. I have quite a bit set up with apache2 already installed and the web page works great on my local area network, however I can't connect to it using my LTE from my phone, telling me this thing does not connect to the internet.
I am currently using Rasbian under all the default settings from the pi.
My router is an all in one modem and router, from xfinity. After sifting through countless sites trying to solve this issue, the following 2 were the closest thing to my particular issue. My reputation is not high enough to put more than 2 links, so I will put the most important ones..
So to the best of my knowledge this is the way to do it ...
1) Set the web server up to work locally
2) Then go into the router with the IPv4 or IPv6 (shouldn't matter which) and forward all Port 80 traffic to, say, Port 8080 where my PI 'should' be listening, then send back my web page down through Port 80 to the client calling the web page.
Under 10.0.0.1 I find this...
Then I go to 'Advanced'
I have tried from Start port 80 to End port 8080, which my 2 PI files I edited to listen for that port.
Those files are under
sudo nano /ect/apache2/sites-enabled-000-default.conf
and
sudo nano /ect/apache2/ports.conf
I changed
Listen 80
to
Listen 8080
and all other combinations alongside changing my router Start and End ports... none of which worked so I am lead to believe there is either a knowledge gap or I am doing something terribly wrong.
I just want to put a simply Raspberry pi web server online from my Local connection at home using a Comcast xfinity router. If anyone has any experience doing, I would seriously appreciate it, I've spent far too many hours trying to walk through this alone, so now I am reaching out to the faithful stackoverflow community.
It sounds like you are almost there.
For you to be able to access your raspberry pi server from the internet, you need to find your external ip address. Your router has one external ip address that you can reach from the internet. While on your wifi, search google for "what is my ip" Google may display it as the top result, or you might have to click into a site like ipchicken. Write this IP address down.
Next, setup your router to forward all port 80 (default http port). Try setting Apache to listen on port 80, and have your router set with start port and end port to be port 80 (this makes it so you don't have to put :port-number in the address, i.e. you will do http://your-ip-address rather than http://your-ip-address:8080). The start port is the port on the external network, the end is the port that your Apache server is running on the raspi.
It looks like your raspi has the ip address of 10.0.0.17 on your local network based on your screen shot. If it doesn't, change the IP address in the port forwarding section of the router configuration to be the IP address of your pi. You can figure out what the assigned IP address of your pi is through the router interface, or by typing ifconfig -a and looking for the ip address of the adapter that you're using to connect to the network. Your router may have the ability to assign a static ip address to your raspberry pi while it's connected to your network. It would say something like DHCP reservation. You'd need to find the MAC address of your pi. You can do that with ifconfig -a as well. Then configure your modem to always assign your pi the same ip address that you've configured in the port forwarding.
Now that everything is setup, switch to your cellular connection and then try to go to the ipaddress that Google gave you.
type your-ip in browser address bar -> port 80 request to your modem's IP -> you've set external port 80 requests to be forwarded to port 80 on your internal network for the device 10.0.0.17 -> your raspberry pi will serve the HTML
Note: The external ip address of your modem is most likely not static unless you specifically pay for a static address. This address usually will stay the same for at least a day though, so if you're just testing, it's not a big problem. In the future, if you want to ensure that you'll be able to reach your pi, look into dynamic dns.
I was looking for an answer on my question on google and also here, but a didn't find a proper answer.
So here is the context:
I have a software running on some server (without firewall) in one subnet.
There is another software running on some PC in a different subnet.
Both subnets are connected to a gateway server. All computers are running CentOS or RHEL.
On the gateway server, there is a firewall, preventing multicast traffic from leaving the one subnet and allow clients from outside to connect to computers inside this subnet. Therefore xinetd is used. The computer from outside needs to send a packet to a specific port, the computer on the inside answers to another specific port depending on the sender. So there is no need for the gateway to keep track of sender-receiver relations. It just needs to forward UDP on specific ports to specific computers from one subnet to another.
So I added one service in /etc/services (for one direction):
udp-gateway 6000/udp
And created the according configuration file in /etc/xinetd.d/gateway like:
service udp-gateway
{
disable = no
socket_type = dgram
protocol = udp
wait = no
user = root
redirect = 192.168.1.1 6000 #Server inside the 192.168.1.0 subnet
}
Now the problem is, that the server doesn't open an UDP-port to listen on ('netstat -nulp' says). When I change the protocol to TCP and the socket_type to stream, it works. But I need this for UDP.
Is it possible that this is not possible for UDP? Or is netstat just not showing the ports? Or is my xinetd-configuration missing something?
Thanks in advance, every hint is appreciated.
Benny
redirect = 192.168.1.1 6000 #Server inside the 192.168.1.0 subnet
from the man page of xinetd:
redirect
Allows a tcp service to be redirected to another host.
This means usage of redirect for udp is not possible. And I don't see any other way to do this with xinetd.