Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, I am running a java application from my linux machine, which connects over internet to a remote computer on a given port. Now, during the run of the application, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2004
    Posts
    6

    drop incoming/outgoing packets using iptables


    Hi,

    I am running a java application from my linux machine, which connects over internet to a remote computer on a given port. Now, during the run of the application, if the internet link goes down, then the application behaviour is unpredictable, so I want to reproduce the timeout problem by dropping the incoming and outgoing packets from the given IP using iptables. Following are the rules I am using for dropping the incoming/outgoing packets :

    iptables -t mangle -I OUTPUT -p tcp --syn -d 203.88.194.194 -j DROP
    iptables -t mangle -I PREROUTING -p tcp --syn -s 203.88.194.194 -j DROP

    Now, if I apply these rules before starting my application, then it properly drops the packets and application gives timeout. But let say I haven't applied these rules at the start of the application, (means the IP is not blocked when the application starts), so application connects to the remote IP on the specified port, opens input/output streams on it. If I apply the above rules now to disable the incoming/outgoing traffics from the given IP, then it doesn't work, means it will transfer data on both the input and output streams properly and no timeout comes.

    What is the problem here and what would be the work around?

    Ankit

  2. #2
    Just Joined!
    Join Date
    Jun 2004
    Location
    Portugal
    Posts
    47
    If you want to block all traffic between your computer and the remote machine, you've have to remove the "--syn" part of your commands. Also, applying the rules to the normal chains, instead of the chains in the "mangle" table, would suffice.

    Code:
    iptables -I INPUT -p tcp -s 203.88.194.194 -j DROP
    iptables -I OUTPUT -p tcp -d 203.88.194.194 -j DROP
    The "--syn" option cause iptables to only look at the first packet of a TCP connection.

  3. #3
    Just Joined!
    Join Date
    Jun 2004
    Posts
    6
    Thanks for the prompt reply, that problem is solved now. One more problem I am facing is as follows, I would be very thankful if you can help me out with this :

    The machine I'm implementing iptables on, contains two ethernet cards - eth0 is for LAN and eth1 is for external line. Now, on this machine, my application server is running, which is listening on many ports, including 1098 and 9094 ports. Now, if I try connecting to 1098 port (through internal address - 192.168.111.10) from another machine on LAN, it gives me following error :

    $ telnet 192.168.111.10 1098
    îur[B¬óTàxp1¬ít http://netnut.net4nuts.com:9094/q~q~uq~À¬ísr org.jnp.server.NamingServer_Stubxrjava.rmi.server. RemoteStubéþÜÉ‹áexrjava.rmi.server.RemoteObjectÓa´ ‘
    a3xpw4
    UnicastRef2 127.0.0.1§*a‰›ý"#i™€xConnection closed by foreign host.

    But if try to connect to 9094 port, it doesn't give any errors :
    $ telnet 192.168.111.10 9094
    Trying 192.168.111.10...
    Connected to 192.168.111.10.
    Escape character is '^]'.

    Here, netnut.net4nuts.com is the hostname of the machine on which I am implementing the firewall. Can you please tell me what could be the problem and what would be the workaround?

    Ankit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •