FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-27-2011, 11:46 PM
Sam Varshavchik
 
Default What tool shows /proc/net/nf_conntrack

I forwarded a port, using system-config-firewall.

The destination machine, not surprisingly, shows the IP address of the
firewall as the source of the connection. The goal is obtaining the
connection's real source IP. However, on the firewall the forwarded
connection isn't reported anywhere by netstat or ss.


After poking around, I found what I was looking for in
/proc/net/nf_conntrack. The forwarded connection was listed there, showing
the connection's real source IP.


But grepping through /proc/net/nf_conntrack seems to be rather quaint.
Neither netstat's nor ss's man page hint at any option that would report on
/proc/net/nf_conntrack in some user-friendly fashion. Is there some other
admin utility that does?



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-27-2011, 11:50 PM
Kevin Fenzi
 
Default What tool shows /proc/net/nf_conntrack

On Sat, 27 Aug 2011 19:46:12 -0400
Sam Varshavchik <mrsam@courier-mta.com> wrote:

> I forwarded a port, using system-config-firewall.
>
> The destination machine, not surprisingly, shows the IP address of
> the firewall as the source of the connection. The goal is obtaining
> the connection's real source IP. However, on the firewall the
> forwarded connection isn't reported anywhere by netstat or ss.

This is a DNAT forward? it should show the IP of whatever machine is
sending the request, not the firewall box in the middle.

> After poking around, I found what I was looking for in
> /proc/net/nf_conntrack. The forwarded connection was listed there,
> showing the connection's real source IP.
>
> But grepping through /proc/net/nf_conntrack seems to be rather
> quaint. Neither netstat's nor ss's man page hint at any option that
> would report on /proc/net/nf_conntrack in some user-friendly fashion.
> Is there some other admin utility that does?

conntrack-tools has a 'conntrack' command line tool.

kevin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-28-2011, 05:00 AM
Andre Speelmans
 
Default What tool shows /proc/net/nf_conntrack

> Sam Varshavchik <mrsam@courier-mta.com> wrote:
>> I forwarded a port, using system-config-firewall.
>>
>> The destination machine, not surprisingly, shows the IP address of
>> the firewall as the source of the connection. The goal is obtaining
>> the connection's real source IP. However, on the firewall the
>> forwarded connection isn't reported anywhere by netstat or ss.

On Sun, Aug 28, 2011 at 1:50 AM, Kevin Fenzi <kevin@scrye.com> wrote:
> This is a DNAT forward? it should show the IP of whatever machine is
> sending the request, not the firewall box in the middle.

As the forwarded port most likely also does SNAT, so the receiving
machine can send its packets back, the receiver has no clue about the
original sender and will show the IP of the firewall.

--
Regards,

André
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-28-2011, 05:17 AM
Tom H
 
Default What tool shows /proc/net/nf_conntrack

On Sat, Aug 27, 2011 at 7:50 PM, Kevin Fenzi <kevin@scrye.com> wrote:
> On Sat, 27 Aug 2011 19:46:12 -0400
> Sam Varshavchik <mrsam@courier-mta.com> wrote:
>>
>> I forwarded a port, using system-config-firewall.
>>
>> The destination machine, not surprisingly, shows the IP address of
>> the firewall as the source of the connection. The goal is obtaining
>> the connection's real source IP. However, on the firewall the
>> forwarded connection isn't reported anywhere by netstat or ss.
>
> This is a DNAT forward? it should show the IP of whatever machine is
> sending the request, not the firewall box in the middle.
>
>> After poking around, I found what I was looking for in
>> /proc/net/nf_conntrack. The forwarded connection was listed there,
>> showing the connection's real source IP.
>>
>> But grepping through /proc/net/nf_conntrack seems to be rather
>> quaint. Neither netstat's nor ss's man page hint at any option that
>> would report on /proc/net/nf_conntrack in some user-friendly fashion.
>> Is there some other admin utility that does?
>
> conntrack-tools has a 'conntrack' command line tool.

KF1: You missed "on the firewall."

KF2: Thanks, didn't know about "conntrack".

OP: You can make iptdables log your forwarding rule; that log *might*
be more convenient than "/proc/net/nf_conntrack".
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 04:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org