[ale] More on NAT issues with ppp interface.

Chris Fowler cfowler at outpostsentinel.com
Tue Jun 14 21:49:44 EDT 2005 

-- server --

Network Config:

[root at localhost]# ip
Interface: eth0
IP Address: 192.168.0.5
Netmask: 255.255.255.0
Broadcast: 192.168.0.255
Nameserver: 192.168.0.1

Interface: ppp0
IP Address: 10.0.5.215
Netmask: 255.255.255.255
Broadcast: 0.0.0.0
Nameserver: 192.168.0.1

Rules Config:

[root at localhost]# iptables -F
[root at localhost]# iptables -F -t nat
[root at localhost]# /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j
MASQUERADE
[root at localhost]# /sbin/iptables -t nat -A PREROUTING -p tcp --dport 81
-i ppp0 -j DNAT --to 192.168.3.1:80

[root at localhost]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere           tcp dpt:81
to:192.168.3.1:80 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       

[root at localhost]# iptables -L       
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

[root at localhost]# cat /proc/sys/net/ipv4/ip_forward 
1
-----------------------------------

--- Client ---

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.0.5.1  P-t-P:10.0.5.215  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
          RX packets:2071 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2291 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:92841 (90.6 Kb)  TX bytes:99922 (97.5 Kb)

[tomcat at sam2u htdocs]$ sudo nmap 10.0.5.215

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-06-14 21:36
EDT
Interesting ports on 10.0.5.215:
(The 1650 ports scanned but not shown below are in state: closed)
PORT    STATE    SERVICE
22/tcp  open     ssh
23/tcp  open     telnet
80/tcp  open     http
81/tcp  filtered hosts2-ns
443/tcp open     https
782/tcp open     hp-managed-node
783/tcp open     hp-alarm-mgr
784/tcp open     unknown
785/tcp open     unknown

----------------------

On the server ppp0 is actually an encrypted tunnel running inside of
eth0.

What confuses me is that why does nmap or the server filter port 81.
Anything coming from interface ppp0 on port 81 should be natted to
192.168.3.1:81

More information about the Ale mailing list