![ethernet testing with raspberry pi ethernet testing with raspberry pi](https://rpi-magazines.s3-eu-west-1.amazonaws.com/magpi/legacy-assets/2019/06/2019-06-21-15_40_11-Window.png)
Iptables -A FORWARD -i eth0 -o usbnet0 -m state -state RELATED,ESTABLISHED -m limit -limit 10/sec -j ACCEPT The easiest way to use that extension is on the NAT rule, to prevent how many connections per second can be NATted. One is a simple extension, called limit, that limits how often a rule will match per second (per hour, per day, etc.). There are many extensions to iptables ( man iptables-extensions). There are various ways of traffic shaping on Linux for advanced purposes, but really, I just want something simple - anything that will stop this from being useful in a DDoS.
![ethernet testing with raspberry pi ethernet testing with raspberry pi](https://hackster.imgix.net/uploads/attachments/958969/1_3LKQg3xYXt6lMhPeT9ANJg.jpeg)
In my setup, the isolated devices may be used to execute DDoS attacks. Instead, I log them to an external USB flash drive. Since this is an RPi class device, I probably don't want to log the packets to the SD card. I suppose I should just run this during startup, detached as a demon, but I"m too lazy. Tcpdump -i eth0 -G 3600 -w 'cameradome-%Y%m%d-%H.pcap'īTW, since I need to leave this process running in the background when I log off, I run this under a screen session. Then, when I expose it to the Internet to get infected, I want to monitor all the traffic going into and out of it.īecause the log files can get big, I'll wan to rotate the log files. I'll want to monitor what traffic it sends out to the Internet when I turn it on. Now that I've I've isolated my test device, I'll want to monitor it. In other words, the two mappings I've done are: On my home Internet gateway, I do the reverse, mapping Internet-visible Telnet port 23 to port 50001 on my RPi firwall. Therefore, on my firewall router, I've mapped port 50001 to port 23 on the target victim device.
![ethernet testing with raspberry pi ethernet testing with raspberry pi](https://raspberrypiprojects.com/wp-content/uploads/2020/11/4-Gbps-Ethernet-on-the-Raspberry-Pi-Compute-Module-4.jpg)
I'd rather have a brittle configuration that'll easily fail rather than allow hackers into my local network. However, in case of accidents, this is unsafe. I could therefore write firewall rules that just changes the IP address. In other words, I want to forward Telnet on port 23 from the Internet to this device. One question is whether you use the same port number. The second step is to use IP tables to forward those ports to the target device. First, I need to configure my home router to forward ports to this RPi router. Now that I have my victim device safely on an isolated network, with outbound access to the Internet, I need to forward ports from the Internet to the victim machine. But, I can still log into the gateway device from my local network. Logging into the test machine I can confirm that I can ping my local subnet before this firewall rule, but not after. Note that I use the -I directive here, to insert the dropping rule before the forwarding rules configured above. Therefore, the rule needs to be placed on the eth0 interface, and not generically in the stack or on the usbnet0 interface. However, this rule needs to be done so that I can still reach the router/firewall machine from my subnet. Therefore, I need to add a firewall rule that prevents them from accessing my own subnet. I want my isolated devices to get to the Internet, but I don't want them to be able to access my internal network.