how to simulate network problems with iptables

how to simulate network problems with iptables

Post by erwi » Wed, 14 May 2008 23:19:14



To test an Application that communicates over UDP Multicast I would
like to filter out some packets using iptables. However, when I
specify a rule to DROP the packets on send, the application gets an
"Operation not permitted" error. What I would like to achieve is that
the packet gets silently dropped, without the application on the local
machine getting an immediate error.
 
 
 

how to simulate network problems with iptables

Post by goarill » Thu, 15 May 2008 05:50:21



> To test an Application that communicates over UDP Multicast I would
> like to filter out some packets using iptables. However, when I
> specify a rule to DROP the packets on send, the application gets an
> "Operation not permitted" error. What I would like to achieve is that
> the packet gets silently dropped, without the application on the local
> machine getting an immediate error.

put a box up in between the host and the rest of the network

 
 
 

how to simulate network problems with iptables

Post by erwi » Thu, 15 May 2008 15:54:48


that's no option for me, in my case the box is multiply redundant on
several switches,  I have no easy access to the network infrastructure
(nor even to the physical box).- that's why I would like to do it with
filtering locally on the box.



> > To test an Application that communicates over UDP Multicast I would
> > like to filter out some packets using iptables. However, when I
> > specify a rule to DROP the packets on send, the application gets an
> > "Operation not permitted" error. What I would like to achieve is that
> > the packet gets silently dropped, without the application on the local
> > machine getting an immediate error.

> put a box up in between the host and the rest of the network

 
 
 

how to simulate network problems with iptables

Post by Pascal Hambour » Fri, 16 May 2008 01:00:18


Hello,

erwin a crit :

Quote:> To test an Application that communicates over UDP Multicast I would
> like to filter out some packets using iptables. However, when I
> specify a rule to DROP the packets on send, the application gets an
> "Operation not permitted" error. What I would like to achieve is that
> the packet gets silently dropped, without the application on the local
> machine getting an immediate error.

At worst if it's not loopback traffic you can use the MARK target with
advanced routing to route discarded packets through a dummy interface.
 
 
 

1. How to use IPTABLES to simulate major network outages for testing purposes?

Greetings all,

I work with a large distributed system that makes heavy use of TCP/IP.
 For example, from a command system we could expect around 900 TCP/IP
connections to remote nodes.

I would like to simulate all of those 900 TCP/IP connections dropping
at the same time.  I.e., I would like RST packets to be sent to the
command system at the same time.

It has been suggested to just pull the cables to this command system
but I don't think that will suffice.  The command system is a NT 4.0
box, and I believe the connections would require keep-alive timeouts
to occur before dropping.  I'm more interested in a major network
event occurring.

So, I've placed a Linux firewall running Red Hat 8 in between the
command system and the rest of the world.  My next step is to figure
out a way to use that system to drop all the connections for me.

Thanks all!

2. Announce: WZCE-3.0N released

3. Simulating large networks with TAP and bridging

4. Packets getting lost w/ IP Masq?

5. simulating limited network bandwidth?

6. Trapping Keystrokes

7. Port/package to simulate bad networking

8. Starting Apache & MySQL

9. Simulate network failure

10. To simulate a network of several hosts

11. Simulated Network Driver

12. How to simulate retransmission and congestion control at isolated network?

13. Urgent Question: I need to simulate heavy network traffic to test new server