How to block all inbound traffic from a specific Internet address or subnet using TomatoUSB router software (LINUX based)

I’m not trained in Linux, but I think I found the solution to my problem documented, but it is not working as expected. I am NOT an iptables guru, I’m learning as I go.

A Russian IP is trying to hack my network, especially an email server I have running on my network. So I have a port forward of port 25 to the mail server machine. My router is running TomatoUSB – a Linux based router I have root ssh access to.

I’ve tried this command:

 iptables -I INPUT -s 45.142.195.5 -j DROP 

And

 iptables -L -nv  

returns a lot of stuff, and now at the very beginning looks like this:

 Chain INPUT (policy DROP 9 packets, 504 bytes)   pkts bytes target     prot opt in     out     source               destination      0     0 DROP       all  --  *      *       45.142.195.5         0.0.0.0/0 

This did not stop the traffic, though, as my email server is still reporting connection attempts from this IP address, so the rule is not dropping anything.

Perhaps the INPUT chain is not where I need to add this? I’m not yet educated on the different chains yet. INPUT intuitively seemed like the right place, but because this is a NAT router, should I really have some sort of rule in the FORWARD chain that can say not to forward to anyone if this is the source address?

Seems like what I want to do should not be difficult, but I’m struggling to figure this one out so far.

Is it possible for DHCP in one network interface to assign a local IP address that overlaps with the subnet of another interface?

iface eth0 inet dhcp  iface eth1 inet static   address 192.168.1.1   netmask 255.255.255.000 

Is it possible for a host to connect to eth0 and get assigned an address that is part of eth1‘s subnet domain (anything from 192.168.1.2 to 192.168.1.255)?

What averse consequences will this have in practice and is the expected (mis-)behavior deterministic?

Is there something that can be done to prevent this while leaving the static and dhcp methods unchanged? I couldn’t find anything on the man page.

Simple subnet calculator and parser

Little background – So I have started to learn Java for the past 20 days with no prior coding/comp science experience.

My brother gave me an idea to make a subnet calc/ping tool to enhance my knowledge and mentored through this.

Just wanted to know how can I upgrade this code and if I have used proper language idioms in this code. Any ideas to simplify/features for more learning would be appreciated.

import java.util.*; import java.util.regex.Pattern; import java.math.*; import java.text.NumberFormat; import java.text.ParseException; import java.net.*;   public class example {      public static void main(String[] args) {         Scanner Scan = new Scanner(System.in);         System.out.print("Enter IP: ");         String IP;         IP = Scan.nextLine();         String Z = IP.split("\/")[1];         String Y = IP.split("\/")[0];         String[] parts = Y.split("\.");         String F1 = parts[0];         String F2 = parts[1];         String F3 = parts[2];         String F4 = parts[3];         int A = Integer.parseInt(F1);         int B = Integer.parseInt(F2);         int C = Integer.parseInt(F3);         int E = Integer.parseInt(F4);          {             System.out.println(F1 + "." + F2 + "." + F3 + "." + F4);         }         String X = (IP.substring(IP.lastIndexOf("/") + 1)); {             System.out.println(X);         }         int S = Integer.parseInt(X);         double Bits = 32;         double TotalBites = Bits - S;         double I = Math.pow(2, TotalBites);         int D = (int)(I - 2); {             System.out.println(D);         }          List < String > Hosts = new ArrayList < String > ();          if (S >= 24) {             int val = (int) TotalBites - 0;             String bitsda = stringMultiply("0", val);             String bitstoconvert = "1" + bitsda;             int decimal = Integer.parseInt(bitstoconvert, 2) - 1;             //String bits = Strings.repeat("0", val);              for (int IPF4 = E; IPF4 <= decimal; IPF4++) {                  Hosts.add(F1 + "." + F2 + "." + F3 + "." + IPF4);             }          } else          if (S >= 16) {              int val = (int) TotalBites - 8;             String bitsda = stringMultiply("0", val);             String bitstoconvert = "1" + bitsda;             int decimal = Integer.parseInt(bitstoconvert, 2) - 1;             //String bits = Strings.repeat("0", val);             for (int IPF3 = C; IPF3 <= decimal; IPF3++) {                 for (int IPF4 = E; IPF4 <= 255; IPF4++)                     Hosts.add(F1 + "." + F2 + "." + IPF3 + "." + IPF4);              }            } else          if (S >= 8) {              int val = (int) TotalBites - 16;             String bitsda = stringMultiply("0", val);             String bitstoconvert = "1" + bitsda;             int decimal = Integer.parseInt(bitstoconvert, 2) - 1;             //String bits = Strings.repeat("0", val);              for (int IPF2 = B; IPF2 <= decimal; IPF2++) {                 for (int IPF3 = C; IPF3 <= 255; IPF3++)                     for (int IPF4 = E; IPF4 <= 255; IPF4++)                         Hosts.add(F1 + "." + IPF2 + "." + IPF3 + "." + IPF4);               }         }          Hosts.forEach(host -> pingIt(host));      }      public static void pingIt(String host) {         try {             String ipAddress = host;             InetAddress inet = InetAddress.getByName(ipAddress);             System.out.println("Sending Ping Request to " + ipAddress);             if (inet.isReachable(5000)) {                 System.out.println(ipAddress + " is reachable.");             } else {                 System.out.println(ipAddress + " NOT reachable.");             }         } catch (Exception e) {             System.out.println("Exception:" + e.getMessage());         }     }       public static String stringMultiply(String s, int n) {         StringBuilder sb = new StringBuilder();         for (int i = 0; i < n; i++) {             sb.append(s);         }         return sb.toString();     } } 

Thanks.

HttpError 503, while creating subnet using GCP Python API [migrated]

Hello Everyone, Need your thoughts on an issue I am getting with a python script to create vpc and subnet.

My script is working fine when creating vpc, but next step of subnet creation is failing with error

googleapiclient.errors.HttpError: <HttpError 503 when requesting https://www.googleapis.com/compute/v1/projects/<projectname>/regions/us-east1/subnetworks?alt=json returned "Internal error. Please try again or contact Google Support. 

I am able to create subnet from UI and from rest API page.

Here is the script code I am using for subnet creation-

def create_subnet(compute, project, region, classname):      subnetname = classname     networkpath = 'projects/<projectname>/global/networks/%s' % (classname)     ipCidrRange = "10.0.0.0/16"      config = {   "name": subnetname,   "network": networkpath,   "ipCidrRange": ipCidrRange }      print('##### Print Config ##### %s' % (config))      return compute.subnetworks().insert(         project=project,         region=region,         body=config).execute()     ```  

def main(project, classname, zone, region):

compute = googleapiclient.discovery.build('compute', 'v1')  print('Creating vpc')  operation = create_vpc(compute, project, classname)  print('Creating subnet')  operation = create_subnet(compute, project, region, classname) ``` 

Thanks in advance for comments and suggestions.

Mapping to a server on a different subnet

As the title proclaims, I need help with mapping a computer to a server on a different subnet.

Ex :

Computer 1 (non-server) is on a 10.x.x.x network, with router gateway set to 10.0.0.1.

Computer 2 (server) is on a 192.168.x.x network, that is currently extended from Computer 1’s Ethernet port into a separate router. I am unsure if this needs to be said, but I have a switch off this router which runs any machine I bring in that does not have a wireless card. The IP addresses of the physically switched machines carry the 10.x.1.x notation.

The router that Computer 2 is connected to is a 10.x.x.x network, with same gateway as Computer 1 set to 10.0.0.1. I have this router configured to have a static IP of 10.0.0.100 on the main router.

What I am having a problem understanding is how I can connect from Computer 1 to the server on computer 2. I can connect when on the same WiFi as Computer 2, but if I connect to that WiFi on Computer 1, the bridge I have set up fails and there is no connectivity.

Why I am using a bridge from Computer 1 is that my current networking set up does not allow for me to add another modem/router combo in that section of the building. Bridging was the only way that I could extend the network with the supplies I had on hand.

If anyone has any idea what I can do I would greatly appreciate it!

Thanks a bunch

What is needed to secure a docker container that’s running on nodes in an AWS Private Subnet with internet access only via NAT?

I know securing a container is a big deal and a lot is needed to be done to secure a default container configuration. But having it in a private subnet should take care of a lots of risks.

So what major things does one need to start with to secure a docker container that’s running on nodes in an AWS Private Subnet with internet access only via NAT?

Connect 2 LAN networks on only 1 subnet

I’m not very good with network terminology or with network in general, so please explain it in an easy way for me.

So, I have 2 network in my house, one on the 1st floor and one on the 2nd floor, from 2 different ISP. They’re both on 192.168.1.0/24 subnet and they’re connecting a bunch of wireless routers to each room living 192.168.2.0/24, and I want to only connect the wireless routers together for easy maintenance but without the main routers interfering each other. How can I do that?

If this is a stupid question, I’m sorry but I can’t find the answer I need. Thanks!