LesD
Member
- Joined
- Nov 8, 2009
- Messages
- 408
- Reaction score
- 15
Could anyone advise what to change in the iptables file to block all traffic targeted at a specific public IP.
I have router firewall issue - which is letting through attacks which it should be stopping.
It seems to be that on one of my Internet lines (cable) my ISP has not only allocated my fixed IP but also a 2nd IP (seems to be sort of fixed but I can force it to change). The router seems to be blocking properly for the regular fixed IP but seems to be blind to this 2nd IP and lets everything through.
Till this is sorted I would like to block all traffic to this IP using the PIAF firewall. (In the interim I have turned off port forwarding for this internet line)
(I have found what looks like a nice tool (fwbuilder) for amending iptables but with a 500 page manual to read I don't want to get this wrong)
The first issue is whether this is at all possible. As I am using NAT to port forward 5060 and 10000-20000 to my PIAF internal IP (I need that for my Anveo trunk), will the PIAF firewall actually see the public IP destination to which the original packet was sent?
The actual log lines I see are like
where xx.yy.22.213 is the public IP in question. But obviously that is part of the data rather than the destination IP of the packet - which I suspect will be the IP of my PIAF machine.
Is there a way to stop these packets?
I have router firewall issue - which is letting through attacks which it should be stopping.
It seems to be that on one of my Internet lines (cable) my ISP has not only allocated my fixed IP but also a 2nd IP (seems to be sort of fixed but I can force it to change). The router seems to be blocking properly for the regular fixed IP but seems to be blind to this 2nd IP and lets everything through.
Till this is sorted I would like to block all traffic to this IP using the PIAF firewall. (In the interim I have turned off port forwarding for this internet line)
(I have found what looks like a nice tool (fwbuilder) for amending iptables but with a 500 page manual to read I don't want to get this wrong)
The first issue is whether this is at all possible. As I am using NAT to port forward 5060 and 10000-20000 to my PIAF internal IP (I need that for my Anveo trunk), will the PIAF firewall actually see the public IP destination to which the original packet was sent?
The actual log lines I see are like
Code:
NOTICE[1846] chan_sip.c: Registration from '"308" <sip:[email protected]:5060>' failed for '50.30.42.12:5079' - No matching peer found
NOTICE[1846] chan_sip.c: Sending fake auth rejection for device 400<sip:[email protected]>;tag=f374b34e
where xx.yy.22.213 is the public IP in question. But obviously that is part of the data rather than the destination IP of the packet - which I suspect will be the IP of my PIAF machine.
Is there a way to stop these packets?