4

is it possible to execute the command "whois" and choose the outgoing ip for the query?

I have mounted several IP's on my network interface "/etc/network/interfaces" for ssl porpuses, but would be great to use them also for querying.

And would be this possible also with IPv6?

I patched now the kernel with NAT66, but still don't know how I can set up querying through ipv6?

Thank you very much!

Improve this question

1 Answer 1

Reset to default
2

Apologies for misunderstanding the question the first time... you should use iptables to SNAT to the source address to your SSL address. I add another interface address (172.16.61.5/29) below on eth0 to simulate the same dynamics...

Sourcing IPv4 whois queries from 172.16.61.5

Before (Sniffing a query of whois -h whois.arin.net <address>):

[mpenning@Bucksnort ~]$ sudo tshark -i eth0 tcp and port 43 Running as user "root" and group "root". This could be dangerous. Capturing on eth0 0.000000 172.16.61.6 -> 199.71.0.49 TCP 55089 > nicname [SYN] Seq=0 Win=5840 Len=0

Note that my source address is 172.16.61.6...

Set my source address for all TCP traffic to tcp/43:

# Send all IPv4 whois queries from 172.16.61.5 sudo ip addr add 172.16.61.5/29 dev eth0 sudo iptables -t nat -A POSTROUTING -o eth0 -p TCP --dport 43 -j SNAT --to-source 172.16.61.5 sudo iptables -t nat -vnL

After (Sniffing a query of whois -h whois.arin.net <address>):

Now my address is 172.16.61.5... 

[mpenning@Bucksnort ~]$ sudo tshark -i eth0 tcp and port 43 Running as user "root" and group "root". This could be dangerous. Capturing on eth0 0.000000 172.16.61.5 -> 199.71.0.49 TCP 55091 > nicname [SYN] Seq=0 Win=5840 Len=0

To remove the rule from the table...

# Remove the rule... (assuming it is the first nat POSTROUTING rule...) sudo iptables -D POSTROUTING 1 -t nat

Sourcing IPv6 whois queries from 2607:fcff:1001:100:202:55ff:dead:beef

The IPv6 option requires a kernel with NAT66... see HE.net's NAT66 installation notes and Packetpushers: Thank goodness for NAT66

# IF you have an SNAT66 kernel... # Send all IPv6 whois queries from 2607:fcff:1001:100:202:55ff:dead:beef sudo ip -6 addr add 2607:fcff:1001:100:202:55ff:dead:beef/64 dev eth0 sudo ip6tables -t nat66 -A POSTROUTING -o eth0 -p TCP --dport 43 -j SNAT66 --to-source 2607:fcff:1001:100:202:55ff:dead:beef sudo ip6tables -t nat66 -vnL # Remove the rule... (assuming it is the first nat POSTROUTING rule...) sudo ip6tables -D POSTROUTING 1 -t nat66

I haven't got time to prove out the NAT66 portion right now... my research indicates that the syntax above is correct though

Improve this answer
2
  • I believe the OP wants to send the query out a specific interface address, not query a specific host. Commented Jun 7, 2012 at 13:47
  • To use the nat66 rule, you need to ensure that your whois server resolves to an ipv6 address... that is a dns problem, not an iptables problem. One easy workaround is to put a static mapping in /etc/hosts Commented Jun 15, 2012 at 12:48

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.