drop incoming/outgoing packets using iptables

[doshiaj]

Hi,

I am running a java application from my linux machine, which connects over internet to a remote computer on a given port. Now, during the run of the application, if the internet link goes down, then the application behaviour is unpredictable, so I want to reproduce the timeout problem by dropping the incoming and outgoing packets from the given IP using iptables. Following are the rules I am using for dropping the incoming/outgoing packets :

iptables -t mangle -I OUTPUT -p tcp --syn -d 203.88.194.194 -j DROP
iptables -t mangle -I PREROUTING -p tcp --syn -s 203.88.194.194 -j DROP

Now, if I apply these rules before starting my application, then it properly drops the packets and application gives timeout. But let say I haven't applied these rules at the start of the application, (means the IP is not blocked when the application starts), so application connects to the remote IP on the specified port, opens input/output streams on it. If I apply the above rules now to disable the incoming/outgoing traffics from the given IP, then it doesn't work, means it will transfer data on both the input and output streams properly and no timeout comes.

What is the problem here and what would be the work around?

Ankit

[hchasqueira]

If you want to block all traffic between your computer and the remote machine, you've have to remove the "--syn" part of your commands. Also, applying the rules to the normal chains, instead of the chains in the "mangle" table, would suffice.

Code:

iptables -I INPUT -p tcp -s 203.88.194.194 -j DROP
iptables -I OUTPUT -p tcp -d 203.88.194.194 -j DROP

The "--syn" option cause iptables to only look at the first packet of a TCP connection.

[doshiaj]

Thanks for the prompt reply, that problem is solved now. One more problem I am facing is as follows, I would be very thankful if you can help me out with this :

The machine I'm implementing iptables on, contains two ethernet cards - eth0 is for LAN and eth1 is for external line. Now, on this machine, my application server is running, which is listening on many ports, including 1098 and 9094 ports. Now, if I try connecting to 1098 port (through internal address - 192.168.111.10) from another machine on LAN, it gives me following error :

$ telnet 192.168.111.10 1098
îur[B¬óTàxp1¬ít http://netnut.net4nuts.com:9094/q~q~uq~À¬ísr org.jnp.server.NamingServer_Stubxrjava.rmi.server. RemoteStubéþÜÉ‹áexrjava.rmi.server.RemoteObjectÓa´ ‘
a3xpw4
UnicastRef2 127.0.0.1§*a‰›ý"#i™€xConnection closed by foreign host.

But if try to connect to 9094 port, it doesn't give any errors :
$ telnet 192.168.111.10 9094
Trying 192.168.111.10...
Connected to 192.168.111.10.
Escape character is '^]'.

Here, netnut.net4nuts.com is the hostname of the machine on which I am implementing the firewall. Can you please tell me what could be the problem and what would be the workaround?

Ankit