I have a multiple network interfaces to my pc. I want to configure only eth0 as a udp sender for sending packets to other pc. How can we specify the interface name to be configured as udp sender. I have installed libudp-tcl, but not able to find the way to do it. Can anybody tell me the exact way to do that.
The udp package can't do what you want. As kostix mentioned you can always modify the udp package at the C level to expose the binding interface to tcl.
But there is an alternative work-around.
On Linux you can use iptables to restrict packets for specific ports to only go through specific interfaces. So, just open a UDP port of your choice (for example 9999) and then only allow packets from that port to go through eth0 and drop it from other interfaces.
For example, say your application uses UDP port 9999, then set up the following iptables rules:
# Accept udp packets from port 9999 for eth0
iptables -A OUTPUT -i eth0 -p udp --source-port 9999 -j ACCEPT
# Drop udp packets from port 9999 for all other interfaces
iptables -A OUTPUT -p udp --source-port 9999 -j DROP
Or you can do it in tcl using exec:
# Warning! Need to be root to do this:
set myPort 9999
exec /sbin/iptables -A OUTPUT -i eth0 -p udp --source-port $myPort -j ACCEPT
exec /sbin/iptables -A OUTPUT -p udp --source-port $myPort -j DROP
But always remember to delete your added rules before your program exits:
# Clearup iptables rules
exec /sbin/iptables -D OUTPUT -i eth0 -p udp --source-port $myPort -j ACCEPT
exec /sbin/iptables -D OUTPUT -p udp --source-port $myPort -j DROP
From what I gather, to do what you want, you need to bind(2) to a specific IP address (one of those available on eth0) first, but the udp package does not appear to support anything like this.
So it looks like you need to patch the package yourself. Tcl has excellent C API so it's not really hard if you're familiar with C.
Related
We have installed samba4 on ubuntu 18.04 server and we are getting DNS error
Issue in DNS
Please find the /etc/resolv.conf file
resolv.conf
Please find the /etc/samba/smb.conf
smb.conf file
Please help me to resolve the issue
Thanks
I think you should allow the trafic in firewall with these :
iptables -A INPUT -p tcp --dport 135 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 135 -j ACCEPT
iptables -A INPUT -p udp --dport 135 -j ACCEPT
iptables -A OUTPUT -p udp --dport 135 -j ACCEPT
tho if you dont add
browseable = yes
you may not see the shared files
Is there any commands or possibilities to use TCP dump command to listen from only 2 specific interfaces simultaneously as something like below, (instead of using "any" option)
tcpdump -i wlan0 AND -i eth0
or
tcpdump -i wlan0 eth0
I'm trying to open tcp and udp port 7774 on google cloud VM instance without results.
I'm sure that my server is using this network. For example, the ssh port is opened, rdp port also should be opened but i can't communicate with the server on this port, the same situation is with 7774 port, i have to setup something which needs this port to communicate, but i don't know how.
I also added rules to iptables:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 7774 -j ACCEPT
iptables -A INPUT -p udp -d 0/0 -s 0/0 --dport 7774 -j ACCEPT
Without any results.
I'm using the Chromium browser as the display for an embedded openSUSE-based project. Everything's going well, but I just now found out that Chromium is making dozens of connections to various *.ie100.net domains. I know this is Google's safe browsing system kicking in, but in my case this is useless because Chromium is just showing my own embedded server. I also know it isn't nefarious, and won't cause explicit harm, but I'm worried customers will see the traffic and get worried.
I've tried turning off safe browsing by editing .config/chromium/Default/Preferences...
"safebrowsing": {
"enabled": false
},
... but to no avail. I'm also worried that there are other Chromium features that may kick in and send backdoor traffic.
So, how can I tell Chromium to stop making unrequested outgoing connections? Do I need to block it at the system level?
My best solution has been to use iptables to block all outgoing request to ports 80 or 433. Yes, this prevents other browswers from being used in my product, but this isn't a problem for an embedded system.
Here's the script which cleans up any previous rules and then sets up blocking rules:
# Chrome has a nasty habit of connecting to various *.ie100.net domains, probably for
# safe browsing but who knows. Concern is that our customers will see these
# connections and wonder what the heck's going on. So, we block them.
# Kill any previous KILL_CHROME chain. First, get rid of all referencing rules
RULES=$(sudo iptables -L OUTPUT --line-numbers | grep KILL_CHROME | cut -d' ' -f1 | sort -r )
for rule in $RULES; do
sudo iptables -D OUTPUT $rule
done
# Clean out chain
sudo iptables --flush KILL_CHROME
# Remove chain
sudo iptables -X KILL_CHROME
# Now, build new rules. Add new iptables chain KILL_CHROME
sudo iptables -N KILL_CHROME
# Any newly-created outgoing tcp connections on eth0 to port 80 are routed to KILL_CHROME
sudo iptables -A OUTPUT -o eth0 -m conntrack --ctstate NEW -p tcp --dport 80 -j KILL_CHROME
# Any newly-created outgoing tcp connections on eth0 to port 443 are routed to KILL_CHROME
sudo iptables -A OUTPUT -o eth0 -m conntrack --ctstate NEW -p tcp --dport 443 -j KILL_CHROME
# Log every connection in KILL_CHROME
sudo iptables -A KILL_CHROME -j LOG --log-prefix "New Dropped: "
# And drop it like a hot potato.
sudo iptables -A KILL_CHROME -j
'Twould be good for Chromium to support some sort of flag to prevent this behavior, but since there doesn't seem to be one this is the best I can do.
Recently I've managed to block all unused ports on my dedicated server (Linux CentOS latest 64-bit) but whenever I do so, sites that connect to my database just simply cannot connect.
iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -o lo -p tcp --sport 3306 -j ACCEPT
I believe it has something to do with the OUTPUT port, but I am not sure.
Thanks.
If you want to allow remote incoming mysql connections you will need to define an INPUT rule that is not isolated to your local interface:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
In Centos this will be defined in the /etc/sysconfig/iptables file. Then restart:
sudo service iptables restart
Alternatively, from the command line, you can use:
sudo system-config-firewall-tui
To configure your firewall, it is in the package of the same name:
sudo yum install system-config-firewall-tui -y