iptables não governam ações em pacotes scapy

4

Eu escrevi esta regra para alterar todos os endereços IP de destino udp para 8.8.8.8 quando dport for 53:

iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -j DNAT --to-destination 8.8.8.8

A regra funcionou quando usei:

dig +short iranled.com @4.2.2.4

tcpdump output é:

04:42:38.023348 IP 192.168.1.2.48984 > 8.8.8.8.53: UDP, length 29
04:42:38.242241 IP 8.8.8.8.53 > 192.168.1.2.48984: UDP, length 45

está tudo bem.

Mas quando eu crio este pacote de scapy , a regra iptables não tem resultado!

sr1(IP(dst="4.2.2.4")/UDP()/DNS(rd=1,qd=DNSQR(qname="iranled.com")))

tcpdump output é:

04:43:00.442453 IP 192.168.1.2.53 > 4.2.2.4.53: UDP, length 29
04:43:00.855930 IP 4.2.2.4.53 > 192.168.1.2.53: UDP, length 45

por que os pacotes scapy não foram alterados por iptables ?

UPDATE :

#iptables -L -n --line-numbers

Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  127.0.0.1            0.0.0.0/0            tcpflags:! 0x17/0x02
2    ACCEPT     udp  --  127.0.0.1            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
5    DROP       all  --  0.0.0.0/0            255.255.255.255     
6    DROP       all  --  0.0.0.0/0            192.168.1.255       
7    DROP       all  --  224.0.0.0/8          0.0.0.0/0           
8    DROP       all  --  0.0.0.0/0            224.0.0.0/8         
9    DROP       all  --  255.255.255.255      0.0.0.0/0           
10   DROP       all  --  0.0.0.0/0            0.0.0.0             
11   DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID
12   LSI        all  -f  0.0.0.0/0            0.0.0.0/0            limit: avg 10/min burst 5
13   INBOUND    all  --  0.0.0.0/0            0.0.0.0/0           
14   LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
15   LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Input"

Chain FORWARD (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
2    LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
3    LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Forward"

Chain OUTPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  192.168.1.2          127.0.0.1            tcp dpt:53
2    ACCEPT     udp  --  192.168.1.2          127.0.0.1            udp dpt:53
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    DROP       all  --  224.0.0.0/8          0.0.0.0/0           
5    DROP       all  --  0.0.0.0/0            224.0.0.0/8         
6    DROP       all  --  255.255.255.255      0.0.0.0/0           
7    DROP       all  --  0.0.0.0/0            0.0.0.0             
8    DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID
9    OUTBOUND   all  --  0.0.0.0/0            0.0.0.0/0           
10   LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
11   LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Output"

Chain INBOUND (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
3    LSI        all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOG_FILTER (5 references)
num  target     prot opt source               destination         

Chain LSI (2 references)
num  target     prot opt source               destination         
1    LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
2    LOG        tcp  --  0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
3    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x02
4    LOG        tcp  --  0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
5    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcpflags: 0x17/0x04
6    LOG        icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
7    DROP       icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
8    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Inbound "
9    DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain LSO (0 references)
num  target     prot opt source               destination         
1    LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
2    LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Outbound "
3    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
num  target     prot opt source               destination         
1    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    
por بارپابابا 16.07.2014 / 02:46

0 respostas