Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
Giorgio Al2020-01-21 12:42:24
linux
Giorgio Al, 2020-01-21 12:42:24

How do I configure iptables to run an application on an internal network client machine?

Question on iptables
There is a network of virtual machines raised on VirtualBox
I. The first, let's call it Server, plays the role
of an OS gateway - Ubuntu Desktop 16.04 LTS
It has two network interfaces:
1) NAT:

enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:d1:38:f2 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 54554sec preferred_lft 54554sec
    inet6 fe80::8ca9:6ac7:9b8e:b285/64 scope link 
       valid_lft forever preferred_lft forever

2) Internet:
enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:c4:12:c7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 brd 192.168.3.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::3db0:c89c:7b8f:8b5c/64 scope link 
       valid_lft forever preferred_lft forever

The dnsmasq service is also installed to assign ip-addresses to hosts in Intnet.
To ensure Internet connection on the Client, I enabled masquerading in iptables:
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE

As well as port forwarding:
sysctl -w net.ipv4.conf.all.forwarding=1

II. The second, let's call it the Client, is used to analyze the operation of the
OS application - Android KitKat 4.4.
It has one network interface:
1) Intnet:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:5c:0b:c5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.70/24 brd 192.168.3.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe5c:bc5/64 scope link 
       valid_lft forever preferred_lft forever

Routes on the Client:
default via 192.168.3.1 dev eth0 
default via 192.168.3.1 dev eth0  metric 204 
192.168.3.0/24 dev eth0  scope link 
192.168.3.0/24 dev eth0  proto kernel  scope link  src 192.168.3.70  metric 204 
192.168.3.1 dev eth0  scope link

The configuration described above ensures a stable Internet connection on the Client.
On the client, an application is installed that runs on ports 9080, 9081. It is
necessary to study network activity, there are suspicions about security issues.
Installed sslsplit on the server.
Need help in configuring iptables to remove traffic from 9080, 9081 ports on the client.
PS:
I tried to set the following settings:
iptables -t nat -A PREROUTING -p tcp --dport 9080 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p tcp --dport 9081 -j REDIRECT --to-ports 8443

At the same time, I launched sslsplit with the parameter:
ssl 0.0.0.0 8443

At the same time, sslsplit did not receive packets.
At the same time, if you drop packets on the specified ports, the application, as expected, does not work:
sudo iptables -t mangle -A PREROUTING -p tcp --dport 9080 -j DROP
sudo iptables -t mangle -A PREROUTING -p tcp --dport 9081 -j DROP

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
Andrey Zhigunovsky2017-11-28 12:16:35
How to include fpdf library in laravel? 3Reply
W
Wexter2017-09-28 16:50:51
Why is memory clogged with buff/cache and oomkiller kills virtual machines? 1Reply
E
Egor2020-02-18 17:32:41
*NIX (Linux) or Windows (or other)? 4Reply
A
Andrey2020-02-19 11:50:29
Give rights to a new user as root on Centos 8? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question