Netfilter chain port 80

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Netfilter chain port 80

Oliveiros Peixoto (Netinho)

Hi,

 

I installed nufw and try to test. I create the chain to test authentication in iptables.

 

iptables -A FORWARD -s 192.168.200.0/24 -p tcp --dport 22 -m state --state NEW --syn -j QUEUE

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

 

[19:28:49] NuFW Packet: src=192.168.200.21 dst=189.91.13.123 proto=6 sport=54117 dport=22, IN=eth0 OUT=eth0, packet_id=85, mark=0, exptime=-1

[19:28:51] User Packet: src=192.168.200.21 dst=189.91.13.123 proto=6 sport=54117 dport=22, mark=0, user=admin, OS=Windows 7  7600, app=c:\users\peixoto\documents\putty.exe, exptime=-1

[19:28:51] [9] [plaintext] matching with ACL ssh and decision 1

[19:28:51] [9] [plaintext] matching with ACL full access for group 103 and decision 1

[19:28:51] [nuauth] Default Open [admin] 1305574129 : IN=eth0 OUT=eth0 SRC=192.168.200.21 DST=189.91.13.123 PROTO=6 SPT=54117 DPT=22

[19:28:51] Answ Packet: src=192.168.200.21 dst=189.91.13.123 proto=6 sport=54117 dport=22, decision=ACCEPT, IN=eth0 OUT=eth0, packet_id=85, mark=2, user=admin, OS=Windows 7  7600, app=c:\users\peixoto\documents\putty.exe, exptime=-1

 

I have succcesfull authenticated, but when try to use this chain on port 80 this not work.

 

iptables -A FORWARD -s 192.168.200.0/24 -p tcp --dport 80 -m state --state NEW --syn -j QUEUE

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

 

 

[19:26:55] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6 sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=83, mark=0, exptime=-1

[19:27:01] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6 sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=84, mark=0, exptime=-1

[19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6 sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=84, mark=0, exptime=-1

[19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6 sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=83, mark=0, exptime=-1

[19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6 sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=82, mark=0, exptime=-1

[19:27:08] [7] Clean connection list: 1 connection(s) suppressed

[19:27:08] [nuauth] Default Drop [(null)] 1305574012 : IN=eth0 OUT=eth0 SRC=192.168.200.165 DST=200.154.56.73 PROTO=6 SPT=1841 DPT=80

 

 

Somebody can help with this?

 

Thanks

Oliveiros Peixoto


_______________________________________________
Nufw-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

Re: Netfilter chain port 80

Eric Leblond-2
Hi,

On Tue, 2011-05-17 at 07:52 -0300, Oliveiros Peixoto (Netinho) wrote:
> Hi,
>
>  
>
> I installed nufw and try to test. I create the chain to test
> authentication in iptables.
>
...
>
> [19:28:51] Answ Packet: src=192.168.200.21 dst=189.91.13.123 proto=6
> sport=54117 dport=22, decision=ACCEPT, IN=eth0 OUT=eth0, packet_id=85,
> mark=2, user=admin, OS=Windows 7  7600, app=c:\users\peixoto\documents
> \putty.exe, exptime=-1
>
Authentication is working well here.

>  
>
> I have succcesfull authenticated, but when try to use this chain on
> port 80 this not work.
>
>  
>
> iptables -A FORWARD -s 192.168.200.0/24 -p tcp --dport 80 -m state
> --state NEW --syn -j QUEUE
>
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>  
>
>  
>
> [19:26:55] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=83, mark=0,
> exptime=-1
>
> [19:27:01] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=84, mark=0,
> exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=84,
> mark=0, exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=83,
> mark=0, exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=82,
> mark=0, exptime=-1


There is no message sent by user maybe your NuFW client is not connected
anymore. What give the command :
nuauth_command
        # users
when doing the test ?

BR,
--
Eric Leblond



_______________________________________________
Nufw-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

RES: Netfilter chain port 80

Oliveiros Peixoto (Netinho)
Yes this user is authenticated.
2.4.2 ($Revision$)
Uptime: 15:23:39 since 2011-05-16 20:15:10

>>> users
#27: u'admin' at ::ffff:192.168.200.21 (port 59106) 15:23:34 since 2011-05-16 20:15:16
   id: 2, groups: 100, 102
   Windows 7  (7600)
(list: 1 items)

If change port to 22 and try to connect ssh this work, this problem only in port 80.
My nufw daemon report this message in verbose mode.

[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 33
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 34
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 35
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 36
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 37
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 38
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 39
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 40
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 41
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 42
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 43
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 44
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 45
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 46
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 47
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 48
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 49
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 50
[14:40:38] Treatment time for connection: 7453.2 ms
[14:40:38] Treatment time for connection: 13453.0 ms
[14:40:38] [!] Packet without a known ID: 35


-----Mensagem original-----
De: Eric Leblond [mailto:[hidden email]]
Enviada em: terça-feira, 17 de maio de 2011 11:06
Para: Oliveiros Peixoto (Netinho)
Cc: [hidden email]
Assunto: Re: [Nufw-users] Netfilter chain port 80

Hi,

On Tue, 2011-05-17 at 07:52 -0300, Oliveiros Peixoto (Netinho) wrote:
> Hi,
>
>  
>
> I installed nufw and try to test. I create the chain to test
> authentication in iptables.
>
...
>
> [19:28:51] Answ Packet: src=192.168.200.21 dst=189.91.13.123 proto=6
> sport=54117 dport=22, decision=ACCEPT, IN=eth0 OUT=eth0, packet_id=85,
> mark=2, user=admin, OS=Windows 7  7600, app=c:\users\peixoto\documents
> \putty.exe, exptime=-1
>
Authentication is working well here.

>  
>
> I have succcesfull authenticated, but when try to use this chain on
> port 80 this not work.
>
>  
>
> iptables -A FORWARD -s 192.168.200.0/24 -p tcp --dport 80 -m state
> --state NEW --syn -j QUEUE
>
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>  
>
>  
>
> [19:26:55] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=83, mark=0,
> exptime=-1
>
> [19:27:01] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=84, mark=0,
> exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=84,
> mark=0, exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=83,
> mark=0, exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=82,
> mark=0, exptime=-1


There is no message sent by user maybe your NuFW client is not connected
anymore. What give the command :
nuauth_command
        # users
when doing the test ?

BR,
--
Eric Leblond



_______________________________________________
Nufw-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

RES: Netfilter chain port 80

Oliveiros Peixoto (Netinho)
In reply to this post by Eric Leblond-2
I found the problem with Eric.
The problem is that i have Trend Micro AntiVirus and antivirus redirect silently the traffic to a local proxy who does not run as the identified user. When disabled antivirus work all traffic.

Thanks

Oliveiros Peixoto



-----Mensagem original-----
De: Oliveiros Peixoto (Netinho) [mailto:[hidden email]]
Enviada em: terça-feira, 17 de maio de 2011 11:48
Para: '[hidden email]'
Assunto: RES: [Nufw-users] Netfilter chain port 80

Yes this user is authenticated.
2.4.2 ($Revision$)
Uptime: 15:23:39 since 2011-05-16 20:15:10

>>> users
#27: u'admin' at ::ffff:192.168.200.21 (port 59106) 15:23:34 since 2011-05-16 20:15:16
   id: 2, groups: 100, 102
   Windows 7  (7600)
(list: 1 items)

If change port to 22 and try to connect ssh this work, this problem only in port 80.
My nufw daemon report this message in verbose mode.

[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 33
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 34
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 35
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 36
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 37
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 38
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 39
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 40
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 41
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 42
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 43
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 44
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 45
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 46
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 47
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 48
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 49
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 50
[14:40:38] Treatment time for connection: 7453.2 ms
[14:40:38] Treatment time for connection: 13453.0 ms
[14:40:38] [!] Packet without a known ID: 35


-----Mensagem original-----
De: Eric Leblond [mailto:[hidden email]]
Enviada em: terça-feira, 17 de maio de 2011 11:06
Para: Oliveiros Peixoto (Netinho)
Cc: [hidden email]
Assunto: Re: [Nufw-users] Netfilter chain port 80

Hi,

On Tue, 2011-05-17 at 07:52 -0300, Oliveiros Peixoto (Netinho) wrote:
> Hi,
>
>  
>
> I installed nufw and try to test. I create the chain to test
> authentication in iptables.
>
...
>
> [19:28:51] Answ Packet: src=192.168.200.21 dst=189.91.13.123 proto=6
> sport=54117 dport=22, decision=ACCEPT, IN=eth0 OUT=eth0, packet_id=85,
> mark=2, user=admin, OS=Windows 7  7600, app=c:\users\peixoto\documents
> \putty.exe, exptime=-1
>
Authentication is working well here.

>  
>
> I have succcesfull authenticated, but when try to use this chain on
> port 80 this not work.
>
>  
>
> iptables -A FORWARD -s 192.168.200.0/24 -p tcp --dport 80 -m state
> --state NEW --syn -j QUEUE
>
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>  
>
>  
>
> [19:26:55] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=83, mark=0,
> exptime=-1
>
> [19:27:01] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=84, mark=0,
> exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=84,
> mark=0, exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=83,
> mark=0, exptime=-1
>
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=82,
> mark=0, exptime=-1


There is no message sent by user maybe your NuFW client is not connected
anymore. What give the command :
nuauth_command
        # users
when doing the test ?

BR,
--
Eric Leblond



_______________________________________________
Nufw-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/nufw-users