E
E
enly12017-11-17 21:46:31
Debian
enly1, 2017-11-17 21:46:31

How to make netstat listen for connections if the server is running as a router?

A dedicated server is used as a router, since it has virtual (VPS) servers installed via VMManager, in the sysctl.conf settings ip_forwarding is set to 1.
How to make it so that netstat on a dedicated server listens to the traffic of all virtual servers combined, installed on it, and not just on this server.
For example, in iptables this can be done through the FORWARD flag
. For example, such a command
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > /tmp/ddos.iplist
How should I change it or what should I change so that it looks for forwarded connections?
I really hope for help, the question is not googled

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Valentine, 2017-11-17
@vvpoloskin

Netstat shows connections to applications on the same server. iptables forward, unexpectedly, does not start applications on this server. Some external system is needed for monitoring. The most correct thing is to raise netflow. Or, as an option, add rules to iptables with the action log.
If you just need to read the traffic on the network interface, you can use snmp/mrtg.

S
Someone White, 2017-11-17
@hack_student

Technologies designed for this can be used. Info here https://www.tux.in.ua/articles/3328

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question