https problem one server, two url, two ip addresses (eth0 and eth0:0)
134 views
Skip to first unread message
Karl
Oct 30, 2012, 2:16:12 PM10/30/12
to nod...@googlegroups.com
Hi,
(Debian 6, Node 8.10, express 3, zappa 4.10)
I have requested a second ip number for my remote box
and want two run a second nodejs app on that ip. The ip
runs on the same card I guess (remote box)
So I have
web1.net on ip1
web2.com on ip2
and use iptables to redirect from 80 and 443 to
my ports
PROD# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere www.web1.net tcp dpt:www redir ports 3003
REDIRECT tcp -- anywhere www.web2.com tcp dpt:www redir ports 3004
REDIRECT tcp -- anywhere www.web1.net tcp dpt:https redir ports 3443
REDIRECT tcp -- anywhere www.web2.com tcp dpt:https redir ports 3445
and ensure-https to protocol change all 80 traffic to 443:
var ensure=require('ensure-https');
var options={
'forceHost':undefined, // If this is set then the destination URL is forced to this hostname
'host':'localhost', // This is the default host to use (for HTTP/0.9 clients) (default: localhost)
'sslHost':443, // This is the port of your HTTPS server if it is not 443 (default: 443)
'statusCode':301 // This is the HTTP Status-Code to use (default: 301)
};
var server=ensure.createServer(options);
server.listen(3004,'ip1...');
and the same for the other one, ip2 (web2.com).
My *problem*: web1.net works fine when users enter
but web2.com will only work if I give the https://web2.net:3445 format
otherwise I get "unable to connect"
They have two separate certificates, they works with all browsers I tried.
/etc/hostname has "www.bodywrappers.net"
/etc/hosts has
127.0.0.1 localhost.localdomain localhost
ip1.. sxxxxxxx.online.de (this is a rented box)
ip2... www.web2.com web2.com
The A records are redirected <-> from a different provider but that works with web1.net
/etc/networks/interfaces
auto lo eth0
iface lo inet loopback
iface eth0 inet dhcp
auto eth0:0
iface eth0:0 inet static
address ip2...
netmask 255.255.255.0
network ip2....0
broadcast ip2....255
Thanks, I'm a bit lost. Feel free to comment more compact solutions, too, of course. Still a bit green here.
Ben Noordhuis
Oct 30, 2012, 7:05:24 PM10/30/12
to nod...@googlegroups.com
one address, you can - realistically speaking - forget about
multi-domain SSL.
Karl
Oct 30, 2012, 7:16:27 PM10/30/12
to nod...@googlegroups.com
it's one interface with two ip-addresses set up by the provider
*******
*-network
description: Ethernet interface
product: MCP51 Ethernet Controller
vendor: nVidia Corporation
physical id: 14
bus info: pci@0000:00:14.0
logical name: eth0
version: a3
serial: 00:19:99:23:07:a1
size: 100MB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm bus_master cap_list ethernet physical mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=forcedeth driverversion=0.64 duplex=full ip=xx.xxx.xxx.50 latency=0 link=yes maxlatency=20 mingnt=1 multicast=yes port=MII speed=100MB/s
resources: irq:23 memory:f2202000-f2202fff ioport:8c38(size=8)
*********
PROD# ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
inet addr:xx.xxx.xxx.50 Bcast:xx.xxx.xxx.50 Mask:255.255.255.255
inet6 addr: xxxx::xxx:xxxx:fe23:7a1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39140493 errors:0 dropped:0 overruns:0 frame:0
TX packets:41299455 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5145305162 (4.7 GiB) TX bytes:25999465836 (24.2 GiB)
Interrupt:23 Base address:0x8000
eth0:0 Link encap:Ethernet HWaddr 00:19:99:23:07:a1
inet addr:xx.xxx.xx.39 Bcast:xx.xxx.xx.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:23 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3113201 errors:0 dropped:0 overruns:0 frame:0
TX packets:3113201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Ben Noordhuis
Oct 30, 2012, 7:28:35 PM10/30/12
to nod...@googlegroups.com
https://web2.net:3445 is reachable.) Maybe add some logging rules to
your prerouting chain and check with `openssl s_client -connect
web2.net:443` where you end up?
Karl
Oct 30, 2012, 8:04:54 PM10/30/12
to nod...@googlegroups.com
DEV$ openssl s_client -connect web2.com:443
connect: Connection refused
connect:errno=111
First one works, of course, iptables are the same for both
DEV$ openssl s_client -connect web1.net:443
CONNECTED(00000003)
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0 etc etc
**********
iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xxx.50 --dport 80 -j
REDIRECT --to-port 3003
iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.39 --dport 80 -j R
EDIRECT --to-port 3004
# protocol conversion done with zappa ensure-https listening 3003 and 3004
#also redirect direct hits on https 443 to 3443 ...
iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.50 --dport 443 -j
REDIRECT --to-port 3443
iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xxx.xx.39 --dport 443 -j
REDIRECT --to-port 3445
Karl
Oct 30, 2012, 8:56:58 PM10/30/12
to nod...@googlegroups.com
the logging produces a lot of this, don't know if this is useful:
(the one with the problem,web2.com)
12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0 OUT=
MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140 DST=xx.xx
x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440 DPT=5
3 LEN=34
12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN= OUT=eth0
SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=3
7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
(the other one which works)
12841 Oct 31 01:34:39 www kernel: [11427689.127311] KLR LOG INPUT: IN=eth0 OUT=
MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx
.xxx.50 LEN=100 TOS=0x00 PREC=0x00 TTL=47 ID=33959 DF PROTO=TCP SPT=41330
DPT=22 WINDOW=661 RES=0x00 ACK PSH URGP=0
12842 Oct 31 01:34:39 www kernel: [11427689.133085] KLR LOG OUTPUT: IN= OUT=eth0
SRC=xx.xxx.xxx.50 DST=85.51.193.137 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=
55242 DF PROTO=TCP SPT=22 DPT=41330 WINDOW=185 RES=0x00 ACK PSH URGP=0
12843 Oct 31 01:34:39 www kernel: [11427689.205662] KLR LOG INPUT: IN=eth0 OUT=
MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx
.xxx.50 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=33960 DF PROTO=TCP SPT=41330 D
PT=22 WINDOW=661 RES=0x00 ACK URGP=0
12844 Oct 31 01:34:40 www kernel: [11427689.333075] KLR LOG INPUT: IN=eth0 OUT=
MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx
.xxx.50 LEN=100 TOS=0x00 PREC=0x00 TTL=47 ID=33961 DF PROTO=TCP SPT=41330
DPT=22 WINDOW=661 RES=0x00 ACK PSH URGP=0
Ben Noordhuis
Oct 30, 2012, 9:08:05 PM10/30/12
to nod...@googlegroups.com
On Wed, Oct 31, 2012 at 1:56 AM, Karl <klr...@gmail.com> wrote:
> the logging produces a lot of this, don't know if this is useful:
>
> (the one with the problem,web2.com)
> 12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0
> OUT=
> MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
> DST=xx.xx
> x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440
> DPT=5
> 3 LEN=34
> 12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN=
> OUT=eth0
> SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
> ID=3
> 7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
Those are DNS packets. Do you see any TCP traffic?
> the logging produces a lot of this, don't know if this is useful:
>
> (the one with the problem,web2.com)
> 12839 Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0
> OUT=
> MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140
> DST=xx.xx
> x.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440
> DPT=5
> 3 LEN=34
> 12840 Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN=
> OUT=eth0
> SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64
> ID=3
> 7760 PROTO=UDP SPT=53 DPT=63440 LEN=34
Karl
Oct 31, 2012, 3:21:22 PM10/31/12
to nod...@googlegroups.com
Hi,
thanks for your help, I'm aware now it is not really a node issue
I did
iptables -A INPUT -m limit --limit 15/minute -j LOG --log-tcp-options --log-prefix "KLR LOG TCP INPUT: "
iptables -A OUTPUT -m limit --limit 15/minute -j LOG --log-tcp-options --log-prefix "KLR LOG TCP OUTPUT: "
On the browser I did 1) https://web2.com:443 then 2) www.web2.com and 3) https://web2.com:3445 (the one that works)
PROD# grep 'xx.xxx.xx.39' syslog.0
Oct 31 01:34:39 www kernel: [11427688.839066] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140 DST=xx.xxx.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=48 ID=9878 PROTO=UDP SPT=63440 DPT=53 LEN=34
Oct 31 01:34:39 www kernel: [11427688.839380] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=37760 PROTO=UDP SPT=53 DPT=63440 LEN=34
Oct 31 01:35:19 www kernel: [11427729.155113] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=83.242.252.140 DST=xx.xxx.xx.39 LEN=54 TOS=0x00 PREC=0x00 TTL=49 ID=11349 PROTO=UDP SPT=7380 DPT=53 LEN=34
Oct 31 01:35:19 www kernel: [11427729.155405] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=83.242.252.140 LEN=54 TOS=0x00 PREC=0x00 TTL=64 ID=37761 PROTO=UDP SPT=53 DPT=7380 LEN=34
Oct 31 01:35:24 www kernel: [11427733.903903] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=87.239.190.90 DST=xx.xxx.xx.39 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=9930 DF PROTO=TCP SPT=443 DPT=47534 WINDOW=8192 RES=0x00 ACK SYN URGP=0
Oct 31 01:35:24 www kernel: [11427733.903947] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=87.239.190.90 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=47534 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Oct 31 01:35:40 www kernel: [11427749.997344] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=62.149.2.60 DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=56 ID=58873 PROTO=UDP SPT=53946 DPT=53 LEN=45
Oct 31 01:35:40 www kernel: [11427749.997703] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=62.149.2.60 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=39066 PROTO=UDP SPT=53 DPT=53946 LEN=45
Oct 31 01:35:42 www kernel: [11427751.756019] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=62.149.2.52 DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=56 ID=32108 PROTO=UDP SPT=63957 DPT=53 LEN=45
Oct 31 01:35:42 www kernel: [11427751.756292] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=62.149.2.52 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=23671 PROTO=UDP SPT=53 DPT=63957 LEN=45
Oct 31 01:35:56 www kernel: [11427766.204069] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194 DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=6179 PROTO=TCP SPT=58546 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
Oct 31 01:35:56 www kernel: [11427766.204113] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=58546 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct 31 01:38:06 www kernel: [11427895.919137] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194 DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=14040 PROTO=TCP SPT=59930 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
Oct 31 01:38:06 www kernel: [11427895.919179] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=59930 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct 31 01:38:35 www kernel: [11427924.420169] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54670 PROTO=UDP SPT=53 DPT=63737 LEN=40
Oct 31 01:38:38 www kernel: [11427927.772669] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=6491 DF PROTO=UDP SPT=60788 DPT=53 LEN=40
Oct 31 01:38:38 www kernel: [11427927.772971] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54671 PROTO=UDP SPT=53 DPT=60788 LEN=40
Oct 31 01:38:44 www kernel: [11427933.775233] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54672 PROTO=UDP SPT=53 DPT=42220 LEN=40
Oct 31 01:38:56 www kernel: [11427945.777601] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=10993 DF PROTO=UDP SPT=3555 DPT=53 LEN=40
Oct 31 01:38:56 www kernel: [11427945.777891] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54677 PROTO=UDP SPT=53 DPT=3555 LEN=40
Oct 31 01:39:00 www kernel: [11427949.474563] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=11917 DF PROTO=UDP SPT=59638 DPT=53 LEN=40
Oct 31 01:39:00 www kernel: [11427949.474880] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54679 PROTO=UDP SPT=53 DPT=59638 LEN=40
Oct 31 01:39:05 www kernel: [11427954.427453] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=13154 DF PROTO=UDP SPT=41683 DPT=53 LEN=40
Oct 31 01:39:05 www kernel: [11427954.427814] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54683 PROTO=UDP SPT=53 DPT=41683 LEN=40
Oct 31 01:39:23 www kernel: [11427972.529462] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17681 DF PROTO=UDP SPT=30063 DPT=53 LEN=40
Oct 31 01:39:23 www kernel: [11427972.529750] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54691 PROTO=UDP SPT=53 DPT=30063 LEN=40
Oct 31 01:39:31 www kernel: [11427980.532363] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=19682 DF PROTO=UDP SPT=6573 DPT=53 LEN=40
Oct 31 01:39:31 www kernel: [11427980.532694] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54694 PROTO=UDP SPT=53 DPT=6573 LEN=40
Oct 31 01:39:39 www kernel: [11427989.183585] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54697 PROTO=UDP SPT=53 DPT=9335 LEN=40
Oct 31 01:39:43 www kernel: [11427992.984365] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=22795 DF PROTO=UDP SPT=24262 DPT=53 LEN=40
Oct 31 01:39:43 www kernel: [11427992.984660] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54700 PROTO=UDP SPT=53 DPT=24262 LEN=40
Oct 31 01:39:48 www kernel: [11427997.941833] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=24034 DF PROTO=UDP SPT=49811 DPT=53 LEN=40
Oct 31 01:39:48 www kernel: [11427997.942130] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54702 PROTO=UDP SPT=53 DPT=49811 LEN=40
Oct 31 01:39:52 www kernel: [11428001.300970] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=24874 DF PROTO=UDP SPT=33505 DPT=53 LEN=40
Oct 31 01:39:52 www kernel: [11428001.301341] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54704 PROTO=UDP SPT=53 DPT=33505 LEN=40
Oct 31 01:40:11 www kernel: [11428021.249732] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29862 DF PROTO=UDP SPT=29598 DPT=53 LEN=40
Oct 31 01:40:11 www kernel: [11428021.250065] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54715 PROTO=UDP SPT=53 DPT=29598 LEN=40
Oct 31 01:40:23 www kernel: [11428033.095853] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32823 DF PROTO=UDP SPT=40897 DPT=53 LEN=40
Oct 31 01:40:23 www kernel: [11428033.096152] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54721 PROTO=UDP SPT=53 DPT=40897 LEN=40
Oct 31 01:40:27 www kernel: [11428037.099640] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=33823 DF PROTO=UDP SPT=43000 DPT=53 LEN=40
Oct 31 01:40:27 www kernel: [11428037.099939] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54724 PROTO=UDP SPT=53 DPT=43000 LEN=40
Oct 31 01:40:37 www kernel: [11428046.457050] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36161 DF PROTO=UDP SPT=41186 DPT=53 LEN=40
Oct 31 01:40:37 www kernel: [11428046.457346] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54726 PROTO=UDP SPT=53 DPT=41186 LEN=40
Oct 31 01:40:39 www kernel: [11428049.106856] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36823 DF PROTO=UDP SPT=51379 DPT=53 LEN=40
Oct 31 01:40:39 www kernel: [11428049.107161] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54727 PROTO=UDP SPT=53 DPT=51379 LEN=40
Oct 31 01:40:45 www kernel: [11428055.111275] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=38324 DF PROTO=UDP SPT=18441 DPT=53 LEN=40
Oct 31 01:40:45 www kernel: [11428055.111583] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54728 PROTO=UDP SPT=53 DPT=18441 LEN=40
Oct 31 01:40:49 www kernel: [11428058.465020] KLR LOG INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=208.67.217.13 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39162 DF PROTO=UDP SPT=12790 DPT=53 LEN=40
Oct 31 01:40:49 www kernel: [11428058.465335] KLR LOG OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=208.67.217.13 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54729 PROTO=UDP SPT=53 DPT=12790 LEN=40
PROD# grep 'xx.xxx.xx.39' syslog
Oct 31 20:04:59 www kernel: [11494308.901330] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=75.125.70.194 DST=xx.xxx.xx.39 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=4183 PROTO=TCP SPT=55699 DPT=445 WINDOW=512 RES=0x00 SYN URGP=0
Oct 31 20:04:59 www kernel: [11494308.901370] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=75.125.70.194 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=55699 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct 31 20:05:22 www kernel: [11494331.430109] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=50081 DF PROTO=TCP SPT=45054 DPT=3445 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405840402080A000E2BC00000000001030306)
Oct 31 20:05:22 www kernel: [11494331.430170] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080AAB464011000E2BC001030307)
Oct 31 20:05:22 www kernel: [11494331.431953] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx.xx.39 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=21340 DF PROTO=TCP SPT=45055 DPT=3445 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405840402080A000E2BC00000000001030306)
Oct 31 20:05:22 www kernel: [11494331.432006] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=3445 DPT=45055 WINDOW=5792 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080AAB464011000E2BC001030307)
Oct 31 20:06:06 www kernel: [11494376.206441] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=212.242.34.199 DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=54 ID=796 PROTO=UDP SPT=50994 DPT=53 LEN=45
Oct 31 20:06:06 www kernel: [11494376.206769] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=212.242.34.199 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=44771 PROTO=UDP SPT=53 DPT=50994 LEN=45
Oct 31 20:06:07 www kernel: [11494376.307500] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=212.242.34.195 DST=xx.xxx.xx.39 LEN=65 TOS=0x00 PREC=0x00 TTL=54 ID=1941 PROTO=UDP SPT=64023 DPT=53 LEN=45
Oct 31 20:06:07 www kernel: [11494376.307806] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=212.242.34.195 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=50886 PROTO=UDP SPT=53 DPT=64023 LEN=45
Oct 31 20:06:07 www kernel: [11494377.029708] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=50092 DF PROTO=TCP SPT=45054 DPT=3445 WINDOW=494 RES=0x00 ACK URGP=0 OPT (0101080A000E5849AB464094)
Oct 31 20:06:07 www kernel: [11494377.029748] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45272 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=83 RES=0x00 ACK URGP=0 OPT (0101080AAB466C99000E2C57)
Oct 31 20:06:07 www kernel: [11494377.037337] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=15066 DF PROTO=TCP SPT=45057 DPT=3445 WINDOW=450 RES=0x00 ACK URGP=0 OPT (0101080A000E584BAB464097)
Oct 31 20:06:07 www kernel: [11494377.037377] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45235 DF PROTO=TCP SPT=3445 DPT=45057 WINDOW=74 RES=0x00 ACK URGP=0 OPT (0101080AAB466C9B000E2C59)
Oct 31 20:06:07 www kernel: [11494377.053392] KLR LOG TCP INPUT: IN=eth0 OUT= MAC=00:19:99:23:07:a1:00:1d:71:9b:e9:c0:08:00 SRC=85.51.193.137 DST=xx.xxx.xx.39 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23053 DF PROTO=TCP SPT=45056 DPT=3445 WINDOW=450 RES=0x00 ACK URGP=0 OPT (0101080A000E584FAB46409A)
Oct 31 20:06:07 www kernel: [11494377.053432] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28573 DF PROTO=TCP SPT=3445 DPT=45056 WINDOW=74 RES=0x00 ACK URGP=0 OPT (0101080AAB466C9F000E2C5D)
Oct 31 20:06:32 www kernel: [11494402.213320] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45273 DF PROTO=TCP SPT=3445 DPT=45054 WINDOW=83 RES=0x00 ACK FIN URGP=0 OPT (0101080AAB468531000E2C57)
Oct 31 20:06:32 www kernel: [11494402.213377] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8196 DF PROTO=TCP SPT=3445 DPT=45055 WINDOW=74 RES=0x00 ACK FIN URGP=0 OPT (0101080AAB468531000E2C5F)
Oct 31 20:06:32 www kernel: [11494402.213404] KLR LOG TCP OUTPUT: IN= OUT=eth0 SRC=xx.xxx.xx.39 DST=85.51.193.137 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28574 DF PROTO=TCP SPT=3445 DPT=45056 WINDOW=74 RES=0x00 ACK FIN URGP=0 OPT (0101080AAB468531000E2C5D)
Karl
Nov 1, 2012, 6:37:43 AM11/1/12
to nod...@googlegroups.com
I made filtered version with tcpdump/wireshark of the relevant packages
like so: ip.addr == xx.xxx.xx.39 and tcp and ! tcp.port eq 22
should I dump that here on the list or mail it? sort of long
Ben Noordhuis
Nov 1, 2012, 9:24:41 AM11/1/12
to nod...@googlegroups.com
On Thu, Nov 1, 2012 at 11:37 AM, Karl <klr...@gmail.com> wrote:
> I made filtered version with tcpdump/wireshark of the relevant packages
> like so: ip.addr == xx.xxx.xx.39 and tcp and ! tcp.port eq 22
> should I dump that here on the list or mail it? sort of long
The blob you posted doesn't show anything obviously wrong, there's
> I made filtered version with tcpdump/wireshark of the relevant packages
> like so: ip.addr == xx.xxx.xx.39 and tcp and ! tcp.port eq 22
> should I dump that here on the list or mail it? sort of long
traffic going to port 3445. I didn't see any traffic to port 443 but
maybe you don't log from the REDIRECT rule.
One potential pitfall is that iptables doesn't support virtual
interfaces: you have eth0 and eth0:0 but iptables only sees eth0.
Then again, you're matching on destination address and port so I guess
it shouldn't matter.
tl;dr I don't know either. :-)
Karl
Nov 1, 2012, 10:08:33 AM11/1/12
to nod...@googlegroups.com
Thanks to all, I'll come back if I find out what's the cause
Reply all
Reply to author
Forward
0 new messages