Netfilter: Look up real destination IP address and port number after NATed

A user space server (or proxy daemon) may need to know the original IP address and port number of a connection before the connection is NATed (usually port redirection). This can be done easily with Netfilter/Linux. The steps are:

1. accept() a new connection: c = accept(s, (struct sockaddr*) &sin, &sinlen)
2. getsockopt(c, &sin, SOL_IP, SO_ORIGINAL_DST, &sin, &tsinlen).

The original destination IP address and port number can be then extracted from sin.sin_addr and sin.sin_port.

Compile Snort with large file support on Linux

Add these environment variables when running the configure script:

CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" ./configure ...

The built snort will be able to read trace files greater than 2GiB.

Modify Netfilter Packet Flow

We can often find the default netfilter packet flow from the following figure (although it's a little bit out dated ...):

(Source: http://l7-filter.sourceforge.net/PacketFlow.png)

You may wish to change the position of these blocks (hooks). It is not really complex to do that. As we can find the priority of these hooks in (kernel-source)/include/linux/netfilter_ipv4.h (if you'd like to modify other address families, just find the corresponding header files). Simply add new priorities into the enumeration of nf_ip_hook_priorities and then modify the table registration data structure, e.g., the mangle table registration is done in (kernel-source)/net/ipv4/netfilter/iptable_mangle.c.

Suppose we are going to move the "mangle" table before "nat" table in the POSTROUTING chain. The steps are:

1. Add a new priority, say NF_IP_PRI_POST_MANGLE = 150 into the nf_ip_hook_priorities enumeration.
2. Modify the ipt_ops data structure in iptable_mangle.c so that the priority of that hook in POSTROUTING chain is set to the newly added NF_IP_PRO_POST_MANGLE.

Recompile your kernel and everything is done! Just remember that a hook with a lower priority number will be placed earlier in the chain.

Setup PPTP server in Ubuntu

It's quick and easy. The steps are:

1. apt-get install pptpd
2. Modify "localip" and "remoteip" in /etc/pptpd.conf
3. (Optional) Modify "ms-dns" in /etc/ppp/pptpd-options
4. Add user accounts and passwords into /etc/ppp/chap-secrets. Place each user in a single line: username * "password" *

That's it.