Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent connecting local ip address range #3542

Closed
Dreamworks-dev opened this issue Jul 1, 2024 · 2 comments
Closed

Prevent connecting local ip address range #3542

Dreamworks-dev opened this issue Jul 1, 2024 · 2 comments
Labels
bug Something isn't working external Issues created by non node team members

Comments

@Dreamworks-dev
Copy link

Celestia Node version

v0.12.1

OS

ubuntu22.04

Install tools

docker

Others

No response

Steps to reproduce it

I started running the manta pacific replica node in dedicated server about 3 months ago. I used the powervps as a provider. And deploying manta pacific replica node requires the celestia node integration. It worked well until now, but recently I received the email about the netscan detected in the server. How can I prevent that celestia node try to connect private ip?

Expected result

I want celestia node connects to the only public ip address.

Actual result

Now it sometimes tries to connect the private ip address.

Relevant log output

No response

Notes

No response
@Dreamworks-dev Dreamworks-dev added the bug Something isn't working label Jul 1, 2024
@github-actions github-actions bot added the external Issues created by non node team members label Jul 1, 2024
@Wondertan
Copy link
Member

I received the email about the netscan detected in the server. How can I prevent that celestia node try to connect private ip?

Hello. To help, we need a bit more information. How is netscan related to the problem? What private IPs does it connect to?

@Dreamworks-dev
Copy link
Author

Hello. To help, we need a bit more information. How is netscan related to the problem? What private IPs does it connect to?

PowerVPS Provider doesn't approve the netscan. So my dedicated server is restricted.
Here are local IPs that celestia node try to connect:
10.0.0.4 2121 78 TCP
10.0.0.4 2121 78 TCP
10.0.0.4 2121 78 TCP
10.0.50.75 2121 78 TCP
10.0.50.75 2121 78 TCP
10.0.50.75 2121 78 TCP
10.1.60.110 2121 78 TCP
10.1.60.110 2121 78 TCP
10.1.60.110 2121 78 TCP
10.1.100.152 2121 78 TCP
10.1.100.152 2121 78 TCP
10.1.100.152 2121 78 TCP
10.4.20.171 2121 78 TCP
10.4.20.171 2121 78 TCP
10.4.20.171 2121 78 TCP
10.8.4.116 2121 78 TCP
10.8.4.116 2121 78 TCP
10.8.4.116 2121 78 TCP
10.9.0.176 2121 78 TCP
10.9.0.176 2121 78 TCP
10.9.0.176 2121 78 TCP
10.9.3.11 2121 78 TCP
10.9.3.11 2121 78 TCP
10.9.3.11 2121 78 TCP
10.12.193.163 2121 78 TCP
10.12.193.163 2121 78 TCP
10.12.193.163 2121 78 TCP
10.12.194.180 2121 78 TCP
10.12.194.180 2121 78 TCP
10.12.194.180 2121 78 TCP
10.12.200.122 2121 78 TCP
10.12.200.122 2121 78 TCP
10.12.200.122 2121 78 TCP
10.12.200.223 2121 78 TCP
10.12.200.223 2121 78 TCP
10.12.200.223 2121 78 TCP
10.12.206.3 2121 78 TCP
10.12.206.3 2121 78 TCP
10.12.206.3 2121 78 TCP
10.12.208.44 2121 78 TCP
10.12.208.44 2121 78 TCP
10.12.208.44 2121 78 TCP
10.12.210.52 2121 78 TCP
10.12.210.52 2121 78 TCP
10.12.210.52 2121 78 TCP
10.12.210.107 2121 78 TCP
10.12.210.107 2121 78 TCP
10.12.210.107 2121 78 TCP
10.12.210.245 2121 78 TCP
10.12.210.245 2121 78 TCP
10.12.210.245 2121 78 TCP
10.12.213.199 2121 78 TCP
10.12.213.199 2121 78 TCP
10.12.213.199 2121 78 TCP
10.12.224.115 2121 78 TCP
10.12.224.115 2121 78 TCP
10.12.224.115 2121 78 TCP
10.12.225.5 2121 78 TCP
10.12.225.5 2121 78 TCP
10.12.225.5 2121 78 TCP
10.12.228.25 2121 78 TCP
10.12.228.25 2121 78 TCP
10.12.228.25 2121 78 TCP
10.12.229.154 2121 78 TCP
10.12.229.154 2121 78 TCP
10.12.229.154 2121 78 TCP
10.12.231.155 2121 78 TCP
10.12.231.155 2121 78 TCP
10.12.231.155 2121 78 TCP
10.12.231.236 2121 78 TCP
10.12.231.236 2121 78 TCP
10.12.231.236 2121 78 TCP
10.12.232.157 2121 78 TCP
10.12.232.157 2121 78 TCP
10.12.232.157 2121 78 TCP
10.12.234.139 2121 78 TCP
10.12.234.139 2121 78 TCP
10.12.234.139 2121 78 TCP
10.42.2.58 2121 78 TCP
10.42.2.58 2121 78 TCP
10.42.2.58 2121 78 TCP
10.42.3.171 2121 78 TCP
10.42.3.171 2121 78 TCP
10.42.3.171 2121 78 TCP
10.42.9.44 2121 78 TCP
10.42.9.44 2121 78 TCP
10.42.9.44 2121 78 TCP
10.42.12.134 2121 78 TCP
10.42.12.134 2121 78 TCP
10.42.12.134 2121 78 TCP
10.42.15.169 2121 78 TCP
10.42.15.169 2121 78 TCP
10.42.15.169 2121 78 TCP
10.42.18.65 2121 78 TCP
10.42.18.106 2121 78 TCP
10.42.18.106 2121 78 TCP
10.42.18.106 2121 78 TCP
10.72.0.13 2121 78 TCP
10.72.0.13 2121 78 TCP
10.72.0.13 2121 78 TCP
10.72.0.20 2121 78 TCP
10.72.0.20 2121 78 TCP
10.72.0.20 2121 78 TCP
10.72.1.2 2121 78 TCP
10.72.1.2 2121 78 TCP
10.72.1.2 2121 78 TCP
10.72.1.8 2121 78 TCP
10.72.1.8 2121 78 TCP
10.72.1.8 2121 78 TCP
10.72.1.9 2121 78 TCP
10.72.1.9 2121 78 TCP
10.72.1.9 2121 78 TCP
10.72.1.15 2121 78 TCP
10.72.1.15 2121 78 TCP
10.72.1.15 2121 78 TCP
10.72.1.229 2121 78 TCP
10.72.1.229 2121 78 TCP
10.72.1.229 2121 78 TCP
10.72.2.3 2121 78 TCP
10.72.2.3 2121 78 TCP
10.72.2.3 2121 78 TCP
10.72.2.4 2121 78 TCP
10.72.2.4 2121 78 TCP
10.72.2.4 2121 78 TCP
10.72.3.4 2121 78 TCP
10.72.3.4 2121 78 TCP
10.72.3.4 2121 78 TCP
10.72.3.10 2121 78 TCP
10.72.3.10 2121 78 TCP
10.72.3.10 2121 78 TCP
10.72.4.7 2121 78 TCP
10.72.4.7 2121 78 TCP
10.72.4.7 2121 78 TCP
10.72.4.16 2121 78 TCP
10.72.4.16 2121 78 TCP
10.72.4.16 2121 78 TCP
10.72.5.7 2121 78 TCP
10.72.5.7 2121 78 TCP
10.72.5.7 2121 78 TCP
10.72.5.8 2121 78 TCP
10.72.5.8 2121 78 TCP
10.72.5.8 2121 78 TCP
10.72.5.11 2121 78 TCP
10.72.5.11 2121 78 TCP
10.72.5.11 2121 78 TCP
10.72.6.14 2121 78 TCP
10.72.6.14 2121 78 TCP
10.72.6.14 2121 78 TCP
10.72.8.2 2121 78 TCP
10.72.8.2 2121 78 TCP
10.72.8.2 2121 78 TCP
10.72.8.3 2121 78 TCP
10.72.8.3 2121 78 TCP
10.72.8.3 2121 78 TCP
10.72.8.4 2121 78 TCP
10.72.8.4 2121 78 TCP
10.72.8.4 2121 78 TCP
10.72.8.6 2121 78 TCP
10.72.8.6 2121 78 TCP
10.72.8.6 2121 78 TCP
10.72.8.7 2121 78 TCP
10.72.8.7 2121 78 TCP
10.72.8.7 2121 78 TCP
10.72.8.8 2121 78 TCP
10.72.8.8 2121 78 TCP
10.72.8.8 2121 78 TCP
10.72.8.16 2121 78 TCP
10.72.8.16 2121 78 TCP
10.72.8.16 2121 78 TCP
10.72.9.7 2121 78 TCP
10.72.9.7 2121 78 TCP
10.72.9.7 2121 78 TCP
10.72.9.29 2121 78 TCP
10.72.9.29 2121 78 TCP
10.72.9.29 2121 78 TCP
10.72.9.31 2121 78 TCP
10.72.9.31 2121 78 TCP
10.72.9.31 2121 78 TCP
10.72.10.19 2121 78 TCP
10.72.10.19 2121 78 TCP
10.72.10.19 2121 78 TCP
10.72.12.12 2121 78 TCP
10.72.12.12 2121 78 TCP
10.72.12.12 2121 78 TCP
10.72.13.3 2121 78 TCP
10.72.13.3 2121 78 TCP
10.72.13.3 2121 78 TCP
10.72.13.4 2121 78 TCP
10.72.13.4 2121 78 TCP
10.72.13.4 2121 78 TCP
10.72.13.6 2121 78 TCP
10.72.13.6 2121 78 TCP
10.72.13.6 2121 78 TCP
10.72.13.12 2121 78 TCP
10.72.13.12 2121 78 TCP
10.72.13.12 2121 78 TCP
10.72.13.15 2121 78 TCP
10.72.13.15 2121 78 TCP
10.72.13.15 2121 78 TCP
10.72.13.17 2121 78 TCP
10.72.13.17 2121 78 TCP
10.72.13.17 2121 78 TCP
10.72.14.7 2121 78 TCP
10.72.14.7 2121 78 TCP
10.72.14.7 2121 78 TCP
10.72.14.12 2121 78 TCP
10.72.14.12 2121 78 TCP
10.72.14.12 2121 78 TCP
10.72.15.4 2121 78 TCP
10.72.15.4 2121 78 TCP
10.72.15.4 2121 78 TCP
10.72.16.3 2121 78 TCP
10.72.16.3 2121 78 TCP
10.72.16.3 2121 78 TCP
10.72.16.4 2121 78 TCP
10.72.16.4 2121 78 TCP
10.72.16.4 2121 78 TCP
10.72.16.5 2121 78 TCP
10.72.16.5 2121 78 TCP
10.72.16.5 2121 78 TCP
10.72.16.7 2121 78 TCP
10.72.16.7 2121 78 TCP
10.72.16.10 2121 78 TCP
10.72.16.10 2121 78 TCP
10.72.16.16 2121 78 TCP
10.72.16.16 2121 78 TCP
10.72.16.17 2121 78 TCP
10.72.16.17 2121 78 TCP
10.72.16.25 2121 78 TCP
10.72.16.25 2121 78 TCP
10.72.16.29 2121 78 TCP
10.72.16.29 2121 78 TCP
10.72.17.3 2121 78 TCP
10.72.17.3 2121 78 TCP
10.72.17.5 2121 78 TCP
10.72.17.5 2121 78 TCP
10.72.18.234 2121 78 TCP
10.72.18.234 2121 78 TCP
10.72.18.234 2121 78 TCP
10.76.107.9 2121 78 TCP
10.76.107.9 2121 78 TCP
10.76.107.9 2121 78 TCP
10.100.2.4 2121 78 TCP
10.100.2.4 2121 78 TCP
10.100.2.4 2121 78 TCP
10.100.120.17 2121 78 TCP
10.100.120.17 2121 78 TCP
10.100.120.17 2121 78 TCP
10.105.75.79 2121 78 TCP
10.105.75.79 2121 78 TCP
10.105.75.79 2121 78 TCP
10.120.10.143 2121 78 TCP
10.120.10.143 2121 78 TCP
10.120.10.143 2121 78 TCP
10.148.0.24 2121 78 TCP
10.148.0.24 2121 78 TCP
10.148.0.24 2121 78 TCP
10.156.0.11 2121 78 TCP
10.156.0.11 2121 78 TCP
10.156.0.11 2121 78 TCP
10.168.0.2 2121 78 TCP
10.168.0.2 2121 78 TCP
10.168.0.2 2121 78 TCP
172.18.0.3 2121 78 TCP
172.18.0.3 2121 78 TCP
172.18.0.3 2121 78 TCP
172.18.0.4 2121 78 TCP
172.18.0.4 2121 78 TCP
172.18.0.4 2121 78 TCP
172.18.0.6 2121 78 TCP
172.18.0.6 2121 78 TCP
172.18.0.6 2121 78 TCP
172.20.0.2 2121 78 TCP
172.20.0.2 2121 78 TCP
172.20.0.2 2121 78 TCP
172.21.0.3 2121 78 TCP
172.21.0.3 2121 78 TCP
172.21.0.3 2121 78 TCP
172.25.91.235 2121 78 TCP
172.25.91.235 2121 78 TCP
172.27.0.2 2121 78 TCP
172.27.0.2 2121 78 TCP
172.27.0.2 2121 78 TCP
172.31.8.176 2121 78 TCP
172.31.8.176 2121 78 TCP
172.31.8.176 2121 78 TCP
172.31.37.127 2121 78 TCP
172.31.37.127 2121 78 TCP
172.31.37.127 2121 78 TCP
192.168.0.14 2121 78 TCP
192.168.0.14 2121 78 TCP
192.168.0.14 2121 78 TCP
192.168.0.106 2121 78 TCP
192.168.0.106 2121 78 TCP
192.168.0.106 2121 78 TCP
192.168.1.2 24256 78 TCP
192.168.1.2 24256 78 TCP
192.168.1.2 24256 78 TCP
192.168.8.152 2121 78 TCP
192.168.8.152 2121 78 TCP
192.168.8.152 2121 78 TCP
192.168.16.2 2121 78 TCP
192.168.16.2 2121 78 TCP
192.168.16.2 2121 78 TCP

And support team suggest me:
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -d 100.64.0.0/10 -j DROP
iptables -A OUTPUT -d 169.254.0.0/16 -j DROP

iptables -A FORWARD -d 172.16.0.0/12 -j DROP
iptables -A FORWARD -d 10.0.0.0/8 -j DROP
iptables -A FORWARD -d 192.168.0.0/16 -j DROP
iptables -A FORWARD -d 100.64.0.0/10 -j DROP
iptables -A FORWARD -d 169.254.0.0/16 -j DROP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working external Issues created by non node team members
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Wondertan @Dreamworks-dev