Forward FIN packets to Docker container
by mirawara from LinuxQuestions.org on (#6D3C1)
Hi,
I'm encountering an issue with forwarding packets from the host to a Docker container. Specifically, I have Snort running inside the container, and I want to detect FIN scans by forwarding FIN packets from the host to the container.
I've tried various approaches, including setting up iptables rules for forwarding packets, but the packets still get dropped before reaching the container. I think they are dropped in 'raw prerouting' because of the connection state tracking.
It's worth mentioning that if I perform an nmap scan using the container's IP address, the forwarding works correctly. However, when I use the host's IP address, the packets are not forwarded. So, I'm not able to detect external port scanning.
A solution could be to use network_mode='host' but I prefer to find workarounds to keep the network namespace separate.
Thanks in advance.
I'm encountering an issue with forwarding packets from the host to a Docker container. Specifically, I have Snort running inside the container, and I want to detect FIN scans by forwarding FIN packets from the host to the container.
I've tried various approaches, including setting up iptables rules for forwarding packets, but the packets still get dropped before reaching the container. I think they are dropped in 'raw prerouting' because of the connection state tracking.
It's worth mentioning that if I perform an nmap scan using the container's IP address, the forwarding works correctly. However, when I use the host's IP address, the packets are not forwarded. So, I'm not able to detect external port scanning.
A solution could be to use network_mode='host' but I prefer to find workarounds to keep the network namespace separate.
Thanks in advance.