Results 1 to 2 of 2

Thread: Sagecom Fast 5250 and the famous Steve router question :)

  1. #1
    Junior Member smarch291's Avatar
    Join Date
    Apr 2018
    Location
    Longueuil, QC, Canada
    Posts
    1

    Sagecom Fast 5250 and the famous Steve router question :)

    Hi everyone !

    My setup:
    Sagecom Fast 5250.
    This router is from Virgin Internet (bell).

    I'm having TCP traffic on port 80. It's open
    on purpose. nat redirection to my web server
    lubuntu.

    I was checking access.log and webalyzer. and I didn't like it.
    So I've done some research about ipset and iptables. Decide to
    ban subnet from russia, china, north korea... etc.

    The problem is I still see traffic from them but with error 302.
    To make sure the iptables rules was working, I used Tor browser
    and force it to exit out from Russia and yes, it working ... almost.

    The question is why, if I drop traffic using my ban rules I still see
    traffic in access.log . In the first place, is it suppose to not let them in ?

    And the juicy...
    I can access my router port 22 as the owner of the Virgin contract and
    I found that I could do a "login" in the ssh shell as root.
    Then I created /home/<myuser>.
    I can write file in there and change permission and I even have access
    to /usr/bin/iptables which is completely normal to exist in busybox.

    Would it be more accurate/logic to create my ban rules in my router ?
    that would be fantastic.

    Thanks and regard
    smarch291
    longueuil, qc
    canada

  2. #2
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,981
    Blog Entries
    6
    Yes, it would make more sense to ban them at the router I suppose, but either way should work. I'd look into your iptables rules. They shouldn't be denied access, you should be DROPping incoming requests from the IP ranges. They shouldn't be getting to your server at all, if they are, something is incorrect with your rules, or you need to reload the rules into iptables for them to take effect... Also, note you may have to use some type of hash of all the network ranges you are adding for performance reasons, large blocks may not work with single rules.

    To list the current rules:
    iptables -L

    To restart iptables (may be different depening on distro and init.d vs systemd):
    /etc/init.d/iptables restart
    or
    sysctl iptables restart


    Many distros have a front end to iptables now, ufw for Ubuntu I believe, firewalld for Fedora, etc. You may have to explore what firewall is running.
    Also, how are you loading all those IP ranges? It may be a good idea to use "hash:net" or "hash:ip" with your firewall. hash:ip is good for smaller number of IPs, does not work well with large subnets at all!!! Use "hash:net" for larger subnets / network ranges.


    Once you load your IP ranges into a hash:net, you then issue a rule something like this:
    firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 0:65535 -m set --match-set myhashnet src -j DROP

    (the above command assumes firewalld, and that your hash:net is called "myhashnet").


    Just some pointers, good luck with it
    Linux is user friendly, it's just picky about its friends...
    Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits).
    ๑۩۞۩๑

Similar Threads

  1. Replies: 15
    Last Post: 02-12-11, 01:51 PM
  2. Looking for a fast router
    By motoman in forum Wireless Networks & Routers
    Replies: 4
    Last Post: 09-22-06, 01:25 PM
  3. service using speedstream 5250 sdsl modem?
    By doneedlove in forum General Broadband Forum
    Replies: 0
    Last Post: 04-28-01, 03:38 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •