[Nufw-users] RES: Netfilter chain port 80

[Oliveiros Peixoto \(Netinho\)]

I found the problem with Eric.
The problem is that i have Trend Micro AntiVirus and antivirus redirect 
silently the traffic to a local proxy who does not run as the identified user. 
When disabled antivirus work all traffic.

Thanks

Oliveiros Peixoto



-----Mensagem original-----
De: Oliveiros Peixoto (Netinho) [mailto:address@hidden 
Enviada em: terça-feira, 17 de maio de 2011 11:48
Para: 'address@hidden'
Assunto: RES: [Nufw-users] Netfilter chain port 80

Yes this user is authenticated.
2.4.2 ($Revision$)
Uptime: 15:23:39 since 2011-05-16 20:15:10

>>> users
#27: u'admin' at ::ffff:192.168.200.21 (port 59106) 15:23:34 since 2011-05-16 
20:15:16
   id: 2, groups: 100, 102
   Windows 7  (7600)
(list: 1 items)

If change port to 22 and try to connect ssh this work, this problem only in 
port 80.
My nufw daemon report this message in verbose mode.

[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 33
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 34
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 35
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 36
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 37
[14:40:22] Can not get physindev information
[14:40:22] Get outdev information: eth0
[14:40:22] Can not get physoutdev information
[14:40:22] Sending request for 38
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 39
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 40
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 41
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 42
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 43
[14:40:25] Can not get physindev information
[14:40:25] Get outdev information: eth0
[14:40:25] Can not get physoutdev information
[14:40:25] Sending request for 44
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 45
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 46
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 47
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 48
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 49
[14:40:31] Can not get physindev information
[14:40:31] Get outdev information: eth0
[14:40:31] Can not get physoutdev information
[14:40:31] Sending request for 50
[14:40:38] Treatment time for connection: 7453.2 ms
[14:40:38] Treatment time for connection: 13453.0 ms
[14:40:38] [!] Packet without a known ID: 35


-----Mensagem original-----
De: Eric Leblond [mailto:address@hidden 
Enviada em: terça-feira, 17 de maio de 2011 11:06
Para: Oliveiros Peixoto (Netinho)
Cc: address@hidden
Assunto: Re: [Nufw-users] Netfilter chain port 80

Hi,

On Tue, 2011-05-17 at 07:52 -0300, Oliveiros Peixoto (Netinho) wrote:
> Hi,
> 
>  
> 
> I installed nufw and try to test. I create the chain to test
> authentication in iptables.
> 
...
> 
> [19:28:51] Answ Packet: src=192.168.200.21 dst=189.91.13.123 proto=6
> sport=54117 dport=22, decision=ACCEPT, IN=eth0 OUT=eth0, packet_id=85,
> mark=2, user=admin, OS=Windows 7  7600, app=c:\users\peixoto\documents
> \putty.exe, exptime=-1
> 
Authentication is working well here.

>  
> 
> I have succcesfull authenticated, but when try to use this chain on
> port 80 this not work.
> 
>  
> 
> iptables -A FORWARD -s 192.168.200.0/24 -p tcp --dport 80 -m state
> --state NEW --syn -j QUEUE
> 
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
>  
> 
>  
> 
> [19:26:55] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=83, mark=0,
> exptime=-1
> 
> [19:27:01] NuFW Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, IN=eth0 OUT=eth0, packet_id=84, mark=0,
> exptime=-1
> 
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=84,
> mark=0, exptime=-1
> 
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=83,
> mark=0, exptime=-1
> 
> [19:27:08] Answ Packet: src=192.168.200.165 dst=200.154.56.73 proto=6
> sport=1841 dport=80, decision=DROP, IN=eth0 OUT=eth0, packet_id=82,
> mark=0, exptime=-1


There is no message sent by user maybe your NuFW client is not connected
anymore. What give the command :
nuauth_command
        # users
when doing the test ?

BR,
--
Eric Leblond