4

is it possible to execute the command "whois" and choose the outgoing ip for the query?

I have mounted several IP's on my network interface "/etc/network/interfaces" for ssl porpuses, but would be great to use them also for querying.

And would be this possible also with IPv6?

I patched now the kernel with NAT66, but still don't know how I can set up querying through ipv6?

Thank you very much!

heuri
  • 113
  • 1
  • 2
  • 7

1 Answers1

2

Apologies for misunderstanding the question the first time... you should use iptables to SNAT to the source address to your SSL address. I add another interface address (172.16.61.5/29) below on eth0 to simulate the same dynamics...

Sourcing IPv4 whois queries from 172.16.61.5

Before (Sniffing a query of whois -h whois.arin.net <address>):

[mpenning@Bucksnort ~]$ sudo tshark -i eth0 tcp and port 43
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000 172.16.61.6 -> 199.71.0.49  TCP 55089 > nicname [SYN] Seq=0 Win=5840 Len=0

Note that my source address is 172.16.61.6...

Set my source address for all TCP traffic to tcp/43:

# Send all IPv4 whois queries from 172.16.61.5
sudo ip addr add 172.16.61.5/29 dev eth0
sudo iptables -t nat -A POSTROUTING -o eth0 -p TCP --dport 43 -j SNAT --to-source 172.16.61.5
sudo iptables -t nat -vnL

After (Sniffing a query of whois -h whois.arin.net <address>):

Now my address is 172.16.61.5... 

[mpenning@Bucksnort ~]$ sudo tshark -i eth0 tcp and port 43
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
  0.000000 172.16.61.5 -> 199.71.0.49  TCP 55091 > nicname [SYN] Seq=0 Win=5840 Len=0

To remove the rule from the table...

# Remove the rule... (assuming it is the first nat POSTROUTING rule...)
sudo iptables -D POSTROUTING 1 -t nat

Sourcing IPv6 whois queries from 2607:fcff:1001:100:202:55ff:dead:beef

The IPv6 option requires a kernel with NAT66... see HE.net's NAT66 installation notes and Packetpushers: Thank goodness for NAT66

# IF you have an SNAT66 kernel...
#     Send all IPv6 whois queries from 2607:fcff:1001:100:202:55ff:dead:beef
sudo ip -6 addr add 2607:fcff:1001:100:202:55ff:dead:beef/64 dev eth0
sudo ip6tables -t nat66 -A POSTROUTING -o eth0 -p TCP --dport 43 -j SNAT66 --to-source 2607:fcff:1001:100:202:55ff:dead:beef
sudo ip6tables -t nat66 -vnL
# Remove the rule... (assuming it is the first nat POSTROUTING rule...)
sudo ip6tables -D POSTROUTING 1 -t nat66

I haven't got time to prove out the NAT66 portion right now... my research indicates that the syntax above is correct though

Mike Pennington
  • 2,452
  • 4
  • 31
  • 40
  • I believe the OP wants to send the query out a specific interface address, not query a specific host. – George M Jun 07 '12 at 13:47
  • To use the nat66 rule, you need to ensure that your whois server resolves to an ipv6 address... that is a dns problem, not an iptables problem. One easy workaround is to put a static mapping in /etc/hosts – Mike Pennington Jun 15 '12 at 12:48