| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Comments:
<0> what about undernet?
<1> friend of mine used to run several movie-trading channels... they all left for efnet I think
<2> When groups can't come together for 6 months, they defend existance by moving somewhere safer.
<3> true
<4> undernet is listed as 4th
<0> wow
<0> what about efnet
<4> Undernet is about 120,000 users
<2> wow. yeah.dalnet is 30k.
<4> Efnet is listed 3rd
<0> whats #1
<4> about 80,000 users currently
<3> Stats are wrong.
<4> #1 is Quakenet
<5> undernet allows file trading?
<6> has anyone ever got a problem on nfs whereby mounting is done perfectly but then we get a permission denied on browsing the shared folder after mounting?
<3> DALnet has more than 6236 users :)
<4> http://irc.netsplit.de/networks/top100.php
<4> All stats are here
<3> ./lusers
<3> They're wrong
<1> -StatServ- Current Users : 33227
<2> nxhelp: Yeah. the uids and gids move across.
<2> nsxhelp:So if you're uid 1000 on one server, and 1010 on server two, and nfs mount from server 1 to server 2, you loose access to your own files.
<2> nxhelp: Thats what things like ldap fix.
<1> mmmm, ldap
<6> jblack_> good suggestion, i'll check again
<6> though, i remapped the all stuff
<2> unfortunately, ldap isn't very comfortable to use. Its awkard, difficult to implement well, and (used to?) be buggy as hell.
<6> but i'll check again
<1> I wish there was a good gui tool for it
<2> Yeah. It could be so much more.
<4> openldap is really an annoyance
<2> afaik, openldap is the only free ldap server.
<2> free, as in free software.
<4> Red Hat has bought some commercial LDAP application. I do not know if they made it free software
<4> lemme check
<4> hello nxhelp
<7> Hi Simpleguy
<1> Off topic, but if anyone knows about Unity Express.. please pm me
<8> hi
<1> Hello mykky
<8> help me please?
<1> with?
<9> It would be so much nicer if people knew we were not psychics.
<8> i download debian with bitorrent, how chek if the iso i fine?
<9> You'll have to get the md5sum or sha1sum, as well.
<1> You'll have to check the md5 sum
<8> ok
<8> thanks
<1> The debian site should have the md5sum listed
<8> so much
<1> then you just "md5sum your.iso" and see if they match
<2> tafayp
<9> I always use Linux/iptables to make a NAT router. Is there a way to use iptables without making it NAT?
<2> yeah. don't enable nat. :)
<9> @#$%
<10> p3nguin : yeah, just don't enable ip forwarding
<9> That's not helpful.
<2> Its the right answer.
<9> I still need it to be a router and p*** traffic from one network to another.
<9> I'm not saying it's the wrong answer. It just doesn't help me to get to my goal.
<9> If I don't masquerade and use ip forwarding I don't know how to p*** traffic.
<11> Could someone please ***ist me in getting Fedora Core 5 to forward port UDP 500 and Protocol 50 to my 03 server for VPN?
<11> I'm using iptables.
<2> All you need to do is enable ip_forward, not enable masquerade, setup the routing table, and tell the other machines to have a route to that machine for that network.
<9> Okay. I think I understand that.
<3> you don't have to have NAT to apply firewall rules.
<3> you have INPUT OUTPUT and FORWARD tables. your rules would most likely be on the FORWARD table.
<3> and if you're doing nat correctly, your firewall rules go on the FORWARD table anyway.
<3> nat rules in -t nat, access control rules in FORWARD.
<9> Rather than the PREROUTING and POSTROUTING, right?
<3> yes
<9> Leaf_: You're using NAT in your firewall?
<9> hmm
<12> alright .. whos gots lots of experience with nix systems
<9> Ask the real question.
<13> HE DOES!
<12> Ive narrowed it down to two os's .. Im either going to use FreeBSD or Fedora. Purpose web dev mainly.
<13> LucidGuy ; This is #Linux. We're going to tell you to run linux.
<13> DUH!
<9> I guess it comes down to: do you want Linux or not-Linux?
<1> a conundrum indeed
<1> FreeBSD is not linux... so that's out
<9> Leaf_: You're using NAT in your firewall?
<1> but, Fedora is crap...
<11> Yes.
<12> haha .. I know its not. But its the inbetween Linux and Unix .. in my opinion
<14> LucidGuy fedora is more of a distribution than an os
<11> I have ip forwarding working fine for the other boxes getting to the internet I just can't get someone loggin into the VPN from the outside.
<11> It's not being routed correctly. *sigh*
<9> Leaf_: You mentioned you need UDP and protocol 50... but UDP is protocol 17.
<9> Leaf_: What exactly do you need to forward?
<11> I thought it was UDP 500 and protocol 50 for IKE and IPSec
<11> TCP 1723 and UDP 500 for PPTP.
<11> I have tried both ways with no luck.
<9> Protocol 50 is ESP.
<11> Right, it's needed for this to work, correct?
<9> We can route whatever you want, but it would be best if we know exactly what we're doing. :)
<9> I don't run VPN, so I can't say about that.
<3> jblack: may I have a word with you in private please?
<9> Let's set up some iptables rules for what you have asked for.
<6> guys, will doing a "cp source dest" keep all the attributes, ownerships etc.. ? or do i have to "cp -p /source dest" ??
<11> I'm using FC5 as a firewall. I need to have it forward what's needed for L2TP/IPSec to my 03 server for VPN.
<9> iptables -t nat -I PREROUTING -p udp --dport 500 -j DNAT --to 172.16.0.11:500
<2> lacroix:I guess
<9> iptables -I FORWARD -p udp -d 172.16.0.11 --dport 500 -j ACCEPT
<2> ya know where to shoot
<9> Leaf_: Those two examples will send UDP port 500 through the NAT to 172.16.0.11.
<11> This is what I have at the moment.
<9> Okay, so then we need proto 50, right?
<11> iptables -t nat -A PREROUTING -p udp --destination-port 500 -j DNAT --to-destination 10.40.56.19:500
<11> I forgot to type the -d 10.40.56.19 part but it's there also. =D
<11> How do you route a protocol?
<9> What about iptables -t nat -I PREROUTING -p 50 -j DNAT --to 172.16.0.11
<9> and iptables -I FORWARD -p 50 -d 172.16.0.11 -j ACCEPT
<9> Will iptables accept those if you input them?
<11> No, I do not have that in there. One moment while I input it.
<9> That _should_ route the entire esp protocol to the internal address.
<9> Actually, I know iptables v1.3.3 will accept both of those lines as input.
<11> I'm having someone test it at the moment.
<9> Great.
<11> It accepted the command and put it into the NAT so hopefully it will work!
<11> This has been kicking my *** for the past day. hehe
<9> Make sure you use the nat PREROUTING and the filter FORWARD rules for both items.
<9> It won't work with only one line from each.
<9> Leaf_: You did, right?
<11> For the udp port you posted two lines with prerouting and none for forward.
<11> For protocol 50 you had one of both.
<9> scroll up
<9> See it now?
<11> Ahh yes.
<11> I have made the change. =x
<11> I am having it tested again. The error: Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
<11> was received last time.
<9> Using the two example lines for each type of routing you wanted to do, you should be able to route any ports or a whole protocol to the internal machine. Finding out which ports and/or protocols to route might be the hard part. :)
<11> Well atleast I was on the correct path with UDP 500 and Protocol 50. =D I just wasn't sure how to route a protocol, only TCP or UDP.
<11> hopefully this will work and I can move on.
<9> Heh, just use the protocol number after -p. You can use -p 6 for TCP and -p 17 for UDP if you like.
<11> Hmm
<11> Error 792: The L2TP connection attempt failed because security negotiation timed out.
<11> That's the error that was just received.
<2> general call: we have any adbots that have snuck through?
<9> I wish I had personal experience with this configuration so I could give you better direction to a resolution.
<9> jblack: I haven't seen anyone saying, "nickname, please don't message me."
<11> May I paste a 4 line nat table?
Return to
#linux
or
Go to some related
logs:
#india
#kl
Peaceful Snow + Chat-world
#india
c++ winsock2.h redefinition issues
wizekid
ping prangin mall
#allnitecafe
#chat-world
#chat-world
|
|