[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Tor and iptables
I have this iptables in my script:
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --sport 9001 --dport
> 9090:9091 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --sport 9030 --dport
> 9090:9091 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --sport 80 --dport
> 9090:9091 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --sport 443 --dport
> 9090:9091 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --sport 9090 --dport
> 9090:9091 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --sport 9091 --dport
> 9090:9091 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --dport 9090 -j ACCEPT
> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --dport 9091 -j ACCEPT
Now i got my logs filled by a user connecting from privileged port 80 :
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13348 DF PROTO=TCP SPT=80 DPT=12971 SEQ=2765356488 ACK=1949227637 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13347 DF PROTO=TCP SPT=80 DPT=12982 SEQ=117068163 ACK=1002994963 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13346 DF PROTO=TCP SPT=80 DPT=12970 SEQ=3425689590 ACK=925052953 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13345 DF PROTO=TCP SPT=80 DPT=12985 SEQ=1614575110 ACK=1593592475 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13343 DF PROTO=TCP SPT=80 DPT=12972 SEQ=2515422567 ACK=1242495854 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13342 DF PROTO=TCP SPT=80 DPT=12990 SEQ=1783217778 ACK=768027605 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13341 DF PROTO=TCP SPT=80 DPT=12984 SEQ=2330446581 ACK=60706365 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13340 DF PROTO=TCP SPT=80 DPT=12986 SEQ=2466621319 ACK=92341939 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13339 DF PROTO=TCP SPT=80 DPT=12974 SEQ=214979759 ACK=246135416 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13338 DF PROTO=TCP SPT=80 DPT=12980 SEQ=3094063307 ACK=1733429009 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13369 DF PROTO=TCP SPT=80 DPT=12992 SEQ=202180988 ACK=458846818 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13371 DF PROTO=TCP SPT=80 DPT=12993 SEQ=2372780055 ACK=1673513368 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13372 DF PROTO=TCP SPT=80 DPT=12991 SEQ=1322503841 ACK=824885277 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13429 DF PROTO=TCP SPT=80 DPT=13084 SEQ=4069911222 ACK=1349544616 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13433 DF PROTO=TCP SPT=80 DPT=16144 SEQ=1658902793 ACK=1197889954 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13452 DF PROTO=TCP SPT=80 DPT=17663 SEQ=19722934 ACK=345639476 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13461 DF PROTO=TCP SPT=80 DPT=13356 SEQ=2583304338 ACK=303940658 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13462 DF PROTO=TCP SPT=80 DPT=13097 SEQ=1919126686 ACK=2020777536 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:56 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13463 DF PROTO=TCP SPT=80 DPT=13092 SEQ=263521307 ACK=2024921705 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:57 argo NO_PASSARAN: IN=eth0 OUT= MAC=00:40:f4:7a:58:25:00:09:5b:b0:3c:a2:08:00 SRC=64.179.93.196 DST=192.168.0.2 LEN=44 TOS=00 PREC=0x00 TTL=107 ID=13543 DF PROTO=TCP SPT=80 DPT=16363 SEQ=1769710793 ACK=514301826 WINDOW=16560 ACK SYN URGP=0
> Sep 15 09:43:58 argo kernel: ip_conntrack: table full, dropping packet.
> Sep 15 09:43:58 argo kernel: ip_conntrack: table full, dropping packet.
> Sep 15 09:43:58 argo kernel: ip_conntrack: table full, dropping packet.
I would like to understand when tor is server mode or client and how i
have to best configure my iptables .