Community discussions

 
el berto
Member Candidate
Member Candidate
Topic Author
Posts: 197
Joined: Wed Sep 26, 2007 10:53 am

RouterOS firewall not working with netcat?

Thu Sep 17, 2015 5:44 pm

Hi guys, I'm trying to use netcat on Linux OS to check if a server is correctly working.

I have RB750:
- eth1 = 192.168.1.2/24
- eth2 = 192.168.10.1/24

default gateway = 192.168.1.1/24
test server = 192.168.1.3/24
Ubuntu PC = 192.168.10.2/24 (connected on eth2)


I placed masquerade rule on output traffic on eth1 to make Ubuntu PC running.
I can correctly access to server.

I try to test netcat with TCP protocol on port 80 (http interface on my server):
 nc -zv -w5 192.168.1.3 80 &> /dev/null && echo "online" || echo "offline"
result: "online"

I place firewall rule on my routerOS:
chain=forward
dst-address=192.168.1.3
protocol=tcp
action=drop

Now my netcat output is "offline".


Now I try to test my UDP server:
 nc -zvu -w5 192.168.1.3 5330 &> /dev/null && echo "online" || echo "offline"
I got output message "online".

I set firewall to block UDP traffic (I want simulate my server offline):
chain=forward
dst-address=192.168.1.3
protocol=udp
port=5330
action=drop

I correctly see packet counter of drop rule increasing, using wireshark I don't see any incoming traffic on server, but netcat says: "online".

Any ideas?
Thanks.
 
Sob
Forum Guru
Forum Guru
Posts: 4806
Joined: Mon Apr 20, 2009 9:11 pm

Re: RouterOS firewall not working with netcat?

Fri Sep 18, 2015 12:04 am

You want:

action=reject
reject-with=icmp-host-unreachable

That's what router should produce for offline server. If you just drop the packet, nothing is sent back to client. The problem is that if you had silent udp server, which just accepts the packet and does not send any reply, the result would be exactly the same - nothing sent back to client. And it's hard to tell the different between first case nothing and second case nothing. ;)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: MSN [Bot] and 113 guests