- 论坛徽章:
- 0
|
使用iptables做地址伪装,大部分数据包能正常伪装源IP,但也一些数据包无法伪装
iptables命令为
iptables -t nat -A POSTROUTING -s 10.103.0.0/16 -j SNAT --to-source 118.144.78.157
echo "1" > /proc/sys/net/ipv4/ip_forward
但是通过抓包可以看到
15:13:34.642145 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:34.889378 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:35.705236 IP 10.103.0.13.1452 > 42.156.166.36.80: Flags [FP.], seq 1269288121:1269289078, ack 1270442436, win 15544, length 957
15:13:36.553620 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:39.935391 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:44.194912 IP 10.103.0.13.41424 > 123.151.153.103.80: Flags [F.], seq 0, ack 1, win 4202, options [nop,nop,TS val 104925984 ecr 3969108009], length 0
15:13:46.758047 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:57.398939 IP 10.103.0.13.57811 > 111.30.131.145.80: Flags [F.], seq 0, ack 1, win 15544, length 0
15:14:00.221104 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:14:01.812248 IP 10.103.0.13.36516 > 211.151.12.194.80: Flags [R], seq 4138819012, win 0, length 0
15:14:02.148288 IP 10.103.0.13.36516 > 211.151.12.194.80: Flags [R], seq 4138819012, win 0, length 0
15:14:04.689262 IP 10.103.0.13.49566 > 42.62.94.2.5222: Flags [FP.], seq 2474684826:2474684842, ack 565692991, win 7300, length 16
有些数据包未能正常伪装,iptables命令和配置都是正确的。 |
|