Firewall dont work

B

bomart

Member
Feb 21, 2020
5
0
21
52
Hi!

I have DNS server on LXC container. Two IPs generate heavy traffic, i decide to block in firewall:

ns-fw.png

Unfortunately one of them i properly blocked but second not:

# iptables -L -nv | grep 185.45.244.21
19554 1319K DROP all -- * * 185.45.244.21 0.0.0.0/0


# iptables -L -nv | grep 185.28.249.92
0 0 DROP all -- * * 185.28.249.92 0.0.0.0/0

There is tcpdump on lxc interface:

# tcpdump -pqnn -i veth117i0 host 185.45.244.21
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on veth117i0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel


# tcpdump -pqnn -i veth117i0 host 185.28.249.92
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on veth117i0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:56:24.891322 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
20:56:25.888069 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
20:56:26.891736 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
20:56:27.893856 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

# pveversion
pve-manager/7.4-17/513c62be (running kernel: 5.15.39-4-pve)

On main node interface i see this traffic:
# tcpdump -pqnn -i enp1s0f0 host 185.28.249.92
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:11:53.293707 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
21:11:54.292641 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
21:11:55.294155 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
21:11:56.292241 IP 185.28.249.92.5678 > xx.yy.zz.qq.53: UDP, length 36
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

# tcpdump -pqnn -i enp1s0f0 host 185.45.244.21
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:12:16.522222 IP 185.45.244.21.56941 > xx.yy.zz.qq.53: UDP, length 28
21:12:17.103961 IP 185.45.244.21.51629 > xx.yy.zz.qq.53: UDP, length 28
21:12:17.104135 IP 185.45.244.21.54133 > xx.yy.zz.qq.53: UDP, length 36
21:12:18.406119 IP 185.45.244.21.48982 > xx.yy.zz.qq.53: UDP, length 47
21:12:18.456461 IP 185.45.244.21.45639 > xx.yy.zz.qq.53: UDP, length 44
^C
5 packets captured
20 packets received by filter
0 packets dropped by kernel


Whats wrong?
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back