[CentOS] block port forwarding?

Thu Feb 25 12:17:36 UTC 2010
Jorge Fábregas <jorge.fabregas at gmail.com>

On Thursday 25 February 2010 07:36:50 Roland RoLaNd wrote:
> lately i've noticed that lots of traffic being produced by the servers ..
> is there a way to know whose using port forwarding to my server so they
>  access the internet ?

I don't know why you use the term "port forwarding".  If I understand you 
correctly., and having said  that ip forwarding isn't turned on, you suspect 
someone is using your 2 servers to gain access to the internet"?  The only 
thing I can think of...they might be using your servers as a SOCKS proxy.   
For this , there needs to be some way to connect to these serves (SSH? 
etc...).   

Log in to these servers and do a "netstat -ntap" so you can see the 
established connections and track what programs are responsible for these.  If 
anyone is connected to your machines (from the local network) you'll see it 
there too.  Of course, I'm assuming your machines were not tampered with (that 
is, all the binaries are intact :)


Best regards,
Jorge

p.d. you can try wireshark (network sniffer)...