New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
incoming traffic source and destination not local?
hi
i am puzzled how/what/why i can see foreign incoming traffic from outside source destined to external ip's "not interface ip" from with in this dedicated server.
local ports and firewall are fine, the only explanation is server is connected within a segment with a load balancer! did anyone ever see/have such a state? The question is how to stop it?
thanks in advance for any feedback.
Comments
You can check that with iftop
yum install iftop
apt-get install iftop
i have used tools such as trafshow and i think maybe iftop, iptraf , i can see the traffic just want to know how/learn how to prevent it since traffic usage is accumulated as if it was me!
Is this within a NAT network with private IP's only?
private IP
wait ... how to find if i am in a NAT with a private IP?
edit ... silly me to ask a question like this, or maybe there is a way!
its a public ip, not NAT.
Even stuff dropped or rejected by iptables will count towards your traffic, you should set it to use an IP like 192.168 so it can only talk to your webserver?
can you please explain how to do that? much thankful
Are you using a VPS or dedicated servers for this? Say you had three backend servers running your web application, and one front end server running a load balancer like haproxy.
The next thing to think about is if your backend servers need internet access for anything, and if your applications also need internet access (say wordpress updates, gravatar, API's for stuff), and what internet access other non web applications (such as apt-get) need.
You should then set up your front end load balancer that connects to the internet with two network cards (or use one but you don't get proper isolation). One network card connects to the internet, and will get incoming traffic towards your website, and the other network card is configured with a private RFC1918 IP address and connects to your back end servers also configured with private IP's.
On your webserver you then either set it up with NAT using iptables so your backend servers can access the internet, but any incoming traffic to your public IP range won't reach them. You could also set up a HTTP proxy server and DNS server that your backend servers can use as an alternative to NAT.
You configure the private servers with the same private RFC1918 IP range as your webserver's 2nd interface, and setup/install your software. Then put the private IP's of all your backend servers into your load balancer's config so the public facing server so requests to the load balancer then go through!
A better but more expensive way to set this up would be using a proper router to do the NAT and not the front end load balancer, and having more than one load balancer! There is a ton of different ways to do this, but that's what I've setup in the past, You can also do this very easily with a KVM provider that has private network, as you can just disable the public interface and SSH in from another server on the internal network.
@linuxthefish
hi first much thanks for your time to write the above... i will go thoroughly.
what i have is a standalone dedicated server no services installed except fro cockpit dashboard... but even with a clean "fresh" install i can see this traffic.
my aim is to understand why am i getting source/destination traffic when its not mine!