Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ch8-mget: Add iptables rules to workaround default DROP rules #105

Open
wants to merge 1 commit into
base: 1st-edition
Choose a base branch
from

Conversation

MarcioJales
Copy link

Hi!

The project of "ch8-mget" wasn't working for me. Basically, the process was hanging on the SYN_SENT TCP connection state. After some investigation, I've found 2 rules that the official documentation suggests adding for some distros: https://github.com/smoltcp-rs/smoltcp#hosted-usage-examples

I'm using Linux Mint 20.2 Cinnamon, 5.0.7, kernel 5.4.0-137-generic. After these rules were added, execution has worked as expected.

Many thanks!

@0xcrust
Copy link

0xcrust commented Feb 19, 2023

Golden.Thanks a lot. I came looking to fix this exact problem and this works like a charm

@igavrysh
Copy link

igavrysh commented Jun 30, 2023

after next script for tap-rust creation:

set +x

# to create TAP device
sudo \
    ip tuntap \
        add \
        mode tap \
        name tap-rust \
        user $USER

# to confirm that tap-rust device was added
# ip tuntap list

# allocate IP address for TAP and tell system to forward packets to it

# establish a network device called tap-rust and activates it
sudo ip link set tap-rust up

# assigns the IP address 192.168.42.100 to the device
sudo ip addr add 192.168.42.100/24 dev tap-rust

# enables internet packets to reach the source IP address mask (-s 192.168.42.100/24)
# by appending a rule (-A POSTROUTING)  that dynamically maps IP addresses to a device 
# (-j MASQUERADE)
sudo iptables \
    -t nat\
    -A POSTROUTING \
    -s 192.168.42.0/24 \
    -j MASQUERADE

# instructs the kernel to enable IPv4 packet forwarding
sudo sysctl net.ipv4.ip_forward=1

# Some distros have a default policy of DROP. This allows the traffic.
sudo iptables -A FORWARD -i tap-rust -s 192.168.42.100/24 -j ACCEPT
sudo iptables -A FORWARD -o tap-rust -d 192.168.42.100/24 -j ACCEPT

And additional logging to console, I was able to get: HTTP/1.0 301 Moved Permanently response
Log:

cargo run -- "http://www.rustinaction.com" tap-rust

    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
warning: the following packages contain code that will be rejected by a future version of Rust: smoltcp v0.6.0
note: to see what the problems were, use the option `--future-incompat-report`, or run `cargo report future-incompatibilities --id 1`
     Running `target/debug/ch8-mget 'http://www.rustinaction.com' tap-rust`
ip address response from 1.1.1.1 dns: 35.185.44.232
mac address 8e-79-0c-6d-09-2a
polling, current state: Connect
error: Malformed
socket: is_active: false, may_send: false, can_recv: false, may_recv: false
connecting
polling, current state: Request
error: Malformed
socket: is_active: true, may_send: false, can_recv: false, may_recv: false
polling, current state: Request
socket: is_active: true, may_send: false, can_recv: false, may_recv: false
polling, current state: Request
socket: is_active: true, may_send: false, can_recv: false, may_recv: false
polling, current state: Request
socket: is_active: true, may_send: false, can_recv: false, may_recv: false
polling, current state: Request
socket: is_active: true, may_send: false, can_recv: false, may_recv: false
polling, current state: Request
error: Malformed
socket: is_active: true, may_send: false, can_recv: false, may_recv: false
polling, current state: Request
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
sending request
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: true, may_recv: true
HTTP/1.0 301 Moved Permanently
content-type: text/html; charset=utf-8
location: https://www.rustinaction.com/
permissions-policy: interest-cohort=()
vary: Origin
date: Fri, 30 Jun 2023 15:21:35 GMT
content-length: 64

<a href="https://www.rustinaction.com/">Moved Permanently</a>.


polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
Unrecognized
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
Unrecognized
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
Unrecognized
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
Unrecognized
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: true
polling, current state: Response
socket: is_active: true, may_send: true, can_recv: false, may_recv: false
received complete response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants