Can a machine(physical or virtual) accept and process UDP packets with a different IP address coming from a known device?

Question

Before everything, thanks for reading the next question.

I have script,(ipUDPspoof.rb), which is a client/server script in Ruby (you choose the parameter 1 to be server and 0 to be client, at initialization...for example "sudo ruby sandbox.rb 1" to initialize the server) that will create and send/receive RAW packets in UDP protocol, with different IP addresses (different source and different destination address).

I tested this script locally and it works. The client sends UDP packets to the server(with an IP address destination different of the server address). Server receives and sends the packet back to the client (with an IP address destination different of the client ). The client received the packet. =) (Note! that in .rb script I do:

@socket.setsockopt(Socket::SOL_SOCKET, Socket::SO_BINDTODEVICE, 'lo')

However if I test between to machines (in this case between two virtual machines running Ubuntu,using VirtualBox) it DOESN'T work :(

Both VMs are network attached to a NAT adapter (to access to external network) and to an Host-only adapter, with the following configuration:

IPv4 Address: 192.169.56.1
IPvV4 Mask: 255.255.255.0
and the DHCP Server:
  Server Address:192.168.56.100
  Server Mask: 255.255.255.0
  Lower addr: 192.168.56.101
  Upper addr: 192.168.56.254

So we have the following configuration:

VM1:
eth2      Link encap:Ethernet  HWaddr 08:00:27:49:ed:67
          inet addr:192.168.56.101  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe49:ed67/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:218 errors:0 dropped:0 overruns:0 frame:0
          TX packets:119 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:39517 (39.5 KB)  TX bytes:18680 (18.6 KB)

VM2:
eth2      Link encap:Ethernet  HWaddr 08:00:27:af:b7:49
          inet addr:192.168.56.102  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feaf:b749/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:168 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:29459 (29.4 KB)  TX bytes:19725 (19.7 KB)

So the first thing I do is to change the ruby script:

@socket.setsockopt(Socket::SOL_SOCKET, Socket::SO_BINDTODEVICE, 'eth2')

Next I (and I don't know if it's right) check and change the IP route table to this, on both VMs:

>>route --s
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.56.0    0.0.0.0         255.255.255.0   U     1      0        0 eth2

>>sudo route del default eth0
>>sudo route add default gw 192.168.56.1 eth2

>>route --s
0.0.0.0         192.168.56.1    0.0.0.0         UG    0      0        0 eth2
10.0.2.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.56.0    0.0.0.0         255.255.255.0   U     1      0        0 eth2

In this case I define the gateway to 192.168.56.1

After reading a lot of blogs of IP spoofing / iptables / arptables and a lot more.. I've made a script (and applied to both VMs) to change some variables, parameters and rules in order to my virtual machines accept packages from unknown IP addresses, which is the following:

#Changing /proc/sys/net/ variables

 echo 1 > /proc/sys/net/ipv4/ip_forward
 echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
 echo 1 > /proc/sys/net/ipv4/ip_dynaddr

 echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
 echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
 echo 0 > /proc/sys/net/ipv4/conf/all/arp_filter
 echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
 echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
 echo 1 > /proc/sys/net/ipv4/conf/all/arp_notify
 echo 1 > /proc/sys/net/ipv4/conf/all/arp_accept
 echo 0 > /proc/sys/net/ipv4/conf/all/bootp_relay
 echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

 echo 1 > /proc/sys/net/ipv4/conf/eth2/forwarding
 echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter
 echo 0 > /proc/sys/net/ipv4/conf/eth2/arp_filter
 echo 0 > /proc/sys/net/ipv4/conf/eth2/arp_announce
 echo 0 > /proc/sys/net/ipv4/conf/eth2/arp_ignore
 echo 1 > /proc/sys/net/ipv4/conf/eth2/arp_notify
 echo 1 > /proc/sys/net/ipv4/conf/eth2/arp_accept
 echo 0 > /proc/sys/net/ipv4/conf/eth2/bootp_relay
 echo 1 > /proc/sys/net/ipv4/conf/eth2/log_martians

sudo echo 1 > /proc/sys/net/ipv4/conf/default/forwarding
sudo echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
sudo echo 0 > /proc/sys/net/ipv4/conf/default/arp_filter
sudo echo 0 > /proc/sys/net/ipv4/conf/default/arp_announce
sudo echo 0 > /proc/sys/net/ipv4/conf/default/arp_ignore
sudo echo 1 > /proc/sys/net/ipv4/conf/default/arp_notify
sudo echo 1 > /proc/sys/net/ipv4/conf/default/arp_accept
sudo echo 0 > /proc/sys/net/ipv4/conf/default/bootp_relay
sudo echo 1 > /proc/sys/net/ipv4/conf/default/log_martians

#Ip tables
 iptables -L -n -v

#Cleaning/Zeros/Flushing IP Tables:
 iptables -t filter -F
 iptables -t filter -X
 iptables -t nat -F
 iptables -t nat -X
 iptables -t mangle -F
 iptables -t mangle -X

 iptables -t filter -Z INPUT
 iptables -t filter -Z OUTPUT
 iptables -t filter -Z FORWARD
 iptables -t nat -Z PREROUTING
 iptables -t nat -Z POSTROUTING
 iptables -t nat -Z OUTPUT
 iptables -t mangle -Z INPUT
 iptables -t mangle -Z OUTPUT
 iptables -t mangle -Z FORWARD

#Setting Policies
#Table filter
 iptables -t filter -P INPUT ACCEPT
 iptables -t filter -P OUTPUT ACCEPT
 iptables -t filter -P FORWARD DROP
#Table nat
 iptables -t nat -P PREROUTING ACCEPT
 iptables -t nat -P OUTPUT ACCEPT
 iptables -t nat -P POSTROUTING ACCEPT
#Table mangle
 iptables -t mangle -P PREROUTING ACCEPT
 iptables -t mangle -P POSTROUTING ACCEPT
 iptables -t mangle -P OUTPUT ACCEPT

#Chain's rules

#before routing
 iptables -t raw -A PREROUTING -i eth2 -p udp -j ACCEPT
 iptables -t mangle -A PREROUTING -i eth2 -p udp  -j ACCEPT
 iptables -t nat -A PREROUTING -p udp -i eth2 -j ACCEPT

#after routing decision
iptables -t mangle -A INPUT -p udp  -j ACCEPT
iptables -A INPUT -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp -i eth2 -j ACCEPT
iptables -A INPUT -j ACCEPT

#IT SHOULD BE IN LOCAL PROCESS IN THIS MOMENT!#

#OUTPUT
iptables -t raw -A OUTPUT -p udp -o eth2 -j ACCEPT
iptables -t mangle -A OUTPUT -p udp -o eth2 -j ACCEPT
iptables -t nat -A OUTPUT -p udp -o eth2 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -o eth2 -j ACCEPT
iptables -t mangle -A POSTROUTING -p udp -o eth2 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth2 -j ACCEPT

#DEBUGGING (to see in /var/log/kern.log)
modprobe ipt_LOG
iptables -t raw -A PREROUTING -p udp -j LOG --log-prefix "FW:RAW-PREROUTING->>>"
iptables -t nat -A PREROUTING -p udp -j LOG --log-prefix "FW:NAT-PREROUTING->>>"
iptables -A INPUT -p udp -j LOG --log-prefix "FW:INPUT>>>"
iptables -A OUTPUT -p udp -j LOG --log-prefix "FW:OUTPUT>>>"
iptables -t mangle -A POSTROUTING -p udp -j LOG --log-prefix "FW:MANGLE-POST:ROUTING->>>"
iptables -t raw -A OUTPUT -p udp -j LOG --log-prefix "FW:RAW-OUTPUT->>>"
iptables -t nat -A POSTROUTING -p udp -j LOG --log-prefix "FW:NAT-POST:ROUTING->>>"

#End

I created this rules based on Packet flow in Netfilter and General Networking flow gram.

After analyzing kernel.log , I see that the packages are outgoing from client to server, but neither one incomes to server.

Server (kernel.log):

<Empty>

Client (kernel.log):

Feb 22 17:40:29 rnode1-VirtualBox kernel: [16884.120010] FW:RAW-OUTPUT->>>IN= OUT=eth2 SRC=192.168.33.120 DST=192.168.33.121 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF P$
Feb 22 17:40:29 rnode1-VirtualBox kernel: [16884.120026] FW:MANGLE-POST:ROUTING->>>IN= OUT=eth2 SRC=192.168.33.120 DST=192.168.33.121 LEN=44 TOS=0x00 PREC=0x00 TTL=64 $

Then, i used WireShark to see the UDP packets flow in device (eth2) and i saw that the client sent an ARP request (asking who's that IP?) and server doesn't reply.

So I've read more and I executed the following commands, on both VMs:

ifconfig eth2 promisc
ifconfig eth2 -arp

And it doesn't work... :(

So,

> Am I doing something wrong and really stupid? 
> Or 
> Am I missing something around? 
> Or 
> Is VirtualBox's DHCP server (on Host-only adapter) blocking the packets? 
> Or 
> Is the problem before iptables? 
> Or
> What I'm trying to do is impossible?

Thanks so much in advance, I will be in debt with who can help in this little big problem.

Gonçalo

score 0 · Answer 1 · answered Feb 22 '13 at 19:03

0

Try changing the "Host-Only Adapter" on these VMs to "Internal Network". The host-only adapter only permits the VM to talk to the VirtualBox host system itself, while "internal network" permits VM-to-VM communication.

answered Feb 22 '13 at 19:03

James Sneeringer

6,755
23
27

Can a machine(physical or virtual) accept and process UDP packets with a different IP address coming from a known device?

1 Answers1