0

I have set up a brand new Ubuntu server, and I'm encountering a very strange network related issue - the processes running on the server cannot 'see' packets originating from external networks, but they do show up when I run a tcpdump on the server's only network interface. However, when I send the exact same kind of traffic from other server on the same subnet, it goes all the way through.

I originally encountered the problem with SNMP traps (UDP 162/10162) coming to the server (it's supposed to be a logging server), but the same issue persists on more ports (tried a couple random high-ports, as well as a few privileged ports).

I have written two short python scripts, one is running on the 'target' server, and dumps traffic comming to one of the ports, and two identical scripts are run on two other servers (one on the local network, the other in an external network), generating the traffic - I can see traffic from both servers when running tcpdump, but the listening python script only dumps traffic from the local server.

I have checked iptables multiple times, and flushed all rules in all chains and tables.

I'm pretty stumped by this, if anyone has a hint as to what I can check next, I'd be very grateful.

Thanks in advance.

kralewitz
  • 51
  • 1
  • 6
  • It is not at all clear what kind of network structure/configuration you have. What do you mean by external network and same subnet? Please make your network setup clear first if you need help. – Diamond Jan 21 '16 at 22:15

2 Answers2

0

Please post the output of iptables -vnL and iptables -t nat -vnL so that we can see your rulesets and determine possible firewalling issues.

Also, if your services are running on 127.0.0.1, then you must either:

1) Change the interface that your service binds to from lo or from 127.0.0.1

2) Create a NAT rule that takes packets coming into a physical interface and NATs the connection to 127.0.0.1 in order for outside connections to access your service (this one requires a kernel past 3.13 to work; depending on your version of Ubuntu, this may already be available in your kernel)

Please post the output of netstat -anp | grep <your service's port> and post any lines beginning with tcp or tcp6.

Hope this helps

maff1989
  • 311
  • 2
  • 7
0

Thanks for the replies, in the end I managed to fix it with the help of a colleague of mine.

The target server had only a local route in it's routing table, and no default route. I assumed that it doesn't have to have a default gateway, as there would be only incoming UDP traffic. The problem went away after setting up a default gateway - the traffic coming from external networks now correctly reaches the listening process.

kralewitz
  • 51
  • 1
  • 6