.

Linux port redirect

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Apr 10, 2007 8:52 pm

Linux port redirect

Hey guys, for the life of me I can't remember the port redirect tool for linux systems....

What I have is a DNS server that can't get the responses back out to the person making the query. I think it's my ISP blocking it (though they say they aren't). See full story at linuxquestions.org.

I need to accept queries on 53 and then send the reply back out a different port.. at least just to be sure that they are in fact blocking it, or that it's somehow something on my end. If anyone has any suggestions.. feel free to shout as I've been fighting with this for a couple weeks now.

Thanks :)
<<

jimbob

Post Wed Apr 11, 2007 1:51 am

Re: Linux port redirect

Hi,
There are various programs out there that will do this. You'll find many examples like the one for TCP....

http://packetstormsecurity.org/Exploit_ ... datapipe.c

You can also use OpenSSH to do port forwarding with the added benefit of encryption. Check the SSH man page for the -L and -R flags

$ ssh -L 53:<dns_server>:53 <your_box>

This is OK if you just need to forward to a single DNS server but if you need to forward DNS requests to multiple servers consider using a DNS proxy.

Jimbob
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Wed Apr 11, 2007 8:15 am

Re: Linux port redirect

If the issue is that your ISP is blocking, then they are probably blocking the incoming connections to the DNS server rather than outbound traffic from the server. From reading your posts on linuxquestions.org, this seems to be the case since you can't telnet into the server on port 53 *although* the server may not be configured to listen for TCP connections as most DNS traffic is UDP. I'd try using netcat to connect to UDP port 53 from outside the your network and see if that works.

Also if I understand what you are saying correctly, I'm not sure if the client would accept a reply packet that had a different UDP source port than the port that they sent a request to (I know this wouldn't work with TCP).

Have you tried setting the DNS server to listen on a different port? If you can connect to it at that point, then the ISP is probably blocking incoming DNS requests and you'll have to use some type of DNS proxy as jimbob mentioned.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Apr 11, 2007 2:18 pm

Re: Linux port redirect

Thanks for the help and suggestions.

I've been mostly using the XP server for diagnosing. As I said, I can see that the DNS queries are coming through and hitting the server. I can also see the server process the query and then send out a response. I've double checked this by logging outbound port 53 traffic through the firewall, so I know that the answers are going out. On the other end, I never see the reply. Running a sniffer outside just shows the request, no response.

I can't get a response by using telnet regardless of whether I'm on the LAN or outside on the Internet. I also thought of trying netcat, and it failed as well on port 53. So that should pretty much tell me that something is blocking it (and again, I can see the request come in and a reply head out, but it never makes it to the other end).

Yeah... I also figured that a reply from a different port probably wouldn't be accepted either.

I can not change the port that the XP DNS server listens on. When I try to edit the port for the Linux firewall DNS (I've been trying to change it in /etc/init.d/named) BIND says that it is starting up correctly, but then I don't see it listening when I run netstat. How can I query a DNS server on a different port anyway? I tried to find someway to do that but didn't have any luck.

At this point I'm still waiting to hear back from my email to my ISP. I think from all that I've done it definitely points to a problem at their end.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Apr 11, 2007 2:42 pm

Re: Linux port redirect

Also, here's a quick glance at what I'm seeing on both ends as well as the firewall... check here
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Wed Apr 11, 2007 4:52 pm

Re: Linux port redirect

Why don't you run hping on the DNS server using the ports showing up on the sniffer capture to see where it's getting stuck?
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software