Answer the question
In order to leave comments, you need to log in
How to make netstat listen for connections if the server is running as a router?
A dedicated server is used as a router, since it has virtual (VPS) servers installed via VMManager, in the sysctl.conf settings ip_forwarding is set to 1.
How to make it so that netstat on a dedicated server listens to the traffic of all virtual servers combined, installed on it, and not just on this server.
For example, in iptables this can be done through the FORWARD flag
. For example, such a command
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > /tmp/ddos.iplist
How should I change it or what should I change so that it looks for forwarded connections?
I really hope for help, the question is not googled
Answer the question
In order to leave comments, you need to log in
Netstat shows connections to applications on the same server. iptables forward, unexpectedly, does not start applications on this server. Some external system is needed for monitoring. The most correct thing is to raise netflow. Or, as an option, add rules to iptables with the action log.
If you just need to read the traffic on the network interface, you can use snmp/mrtg.
Technologies designed for this can be used. Info here https://www.tux.in.ua/articles/3328
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question