| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Comments:
<0> May I paste a 4 line nat table?
<0> Don't want to get kicked for flooding. =D
<1> Leaf_: Would you mind pasting it at pastebin.ca, so that we can see it without hitting the channel?
<2> I would prefer to use pastebin.ca for more than 2 lines.
<0> okay.
<2> Thanks.
<0> http://pastebin.ca/115556
<0> That's what my table is showing. It should be working, right? =x
<1> I don't understand that represnetation.
<1> can you do an iptables -L ?
<2> Only if you also have the filter FORWARD rules to match the nat rules.
<0> I have: iptables -I FORWARD -p udp -d 10.40.56.19 --dport 500 -j ACCEPT
<2> For each port you want to route through the firewall you must have a rule on the PREROUTING chain for the nat table and a corresponding rule on the FORWARD chain of the filter table.
<0> and: iptables -I FORWARD -p 50 -d 10.40.56.19 -j ACCEPT
<2> Can you put the entire output from "iptables -vnL;iptables -t nat -vnL" on the pastebin?
<1> simmy: ping
<0> http://pastebin.ca/115561
<1> Leaf_: that looks wrong to me.
<0> I'll brb, have a new modem being installed. Uhg.
<0> I'll return in 10-15 minuets.
<0> Sorry guys.
<1> Ok.
<1> No problem.
<1> p3nguin: You have ime for a call later?
<2> jblack: I believe so.
<1> awesome
<1> I'm looking forward to that. I want to tell you via voice that you've been proving yourself to be a great op.
<1> also, nivek, you have time for same?
<3> heh
<3> I have 3 phones sitting here
<1> I have a big mouth, but not 3 lines big. :)
<2> haha
<3> but beware.. I'm working on the IVR right now...
<1> intravenious reimbursement?
<3> the auto-attendent
<1> It doesn't have to be now, or even today.
<1> doesn't have to be, if you insist. I just like to hear the voice behind the keys from time to time.
<3> whenever's fine... just letting you know if something weird happened that would be the reason
<3> plus.. now you've got the #
<1> I do?
<1> ahh. notice.
<4> jblack: Pong
<1> general note to the world - notices go on my window 1 with no notification. So I often don't see them for hours, or days at a time
<3> ahh
<2> same here
<1> simmy: Hows your time going? lac and I are meeting, and you're invited
<4> mine both open in the same window.
<2> I usually see the number 1 lights up shaded and I'll look over there.
<4> um... I have to return a phone call. But I can type. :)
<1> Ok.
<1> She's off in caffeine land right now.
<4> heh. I was thinking of doing the same, actually.
<1> Sure. She's been gone for a while, so I think she has to grow the beans.
<4> yes. I shall. I'll be back in a minute. Then I'll join ya in meeting-land.
<1> k
<1> nivek: I hit you in msg
<2> Why is it so difficult to have two real internet connections on a Linux router/firewall using masquerading to a single internal segment?
<5> What are you trying to do, load balance?
<2> Yes.
<5> I've never tried that, why isn't it easy?
<2> I have several howtos for using iproute2 but they don't work.
<5> Arr
<2> I don't know. It just doesn't work for me.
<2> I can program the iproute2 table to send traffic out of conntection 1 or 2 but I cannot get traffic in on both.
<2> I also cannot get some machines to use connection1 and others to use connection2.
<6> p3nguin : I don't understand. you want a multi-homed system? a LAN connected via 2 different internet connections, using both?
<2> selter: http://lartc.org/howto/lartc.rpdb.multiple-links.html
<3> whoah
<3> COOL
<2> selter: http://lartc.org/howto/lartc.loadshare.html
<2> I'm trying to incorporate either of those configurations.
<6> p3nguin : well it's not easy in windows either, it's an inherently complex problem
<6> p3nguin : and it's not m***ively difficult
<2> However, I cannot get either configuration to work as described.
<7> p3nguin: i'll help you in a moment
<2> I can get them to work *sorta*
<7> dont use iproute though
<2> which is just not good enough for me.
<7> you can do it with iptables forward chain
<4> redbull gives you wiiiiiiinnnnnnnngS!
<7> and its not hard its easy once you know and understand how chains are processed
<6> p3nguin : just two normal internet connections, you don't have a box on the other side?
<7> p3nguin: have to go help an end user will help you when back
<2> selter: Two cable modems - one Linux router/firewall - 10 LAN machines..
<6> p3nguin : if the ilnux machine is router/firewall you can use iptables to mark incoming packets for a particular route
<7> p3nguin: easy
<7> be back in a bit
<6> p3nguin : similar to our uni house last year, except we had 3 internet connections
<2> If I had commercial equipment it would be simple.
<0> Alright, sorry about that.
<6> p3nguin :it's not difficult with linux, it's just that what you can do is very powerful
<0> You were saying that something didn't look right in the code?
<6> p3nguin : how do you want to split access, we did it by port number
<2> selter: I was going to use predefined machines using one connection and others on the other connection.
<2> THere's another page I was using but I can't find it.
<8> you know, I had that load balancing issue with Linux
<5> "all my machines get the fast connection, all their machines get the slow one"
<8> there was too much to fiddle and patch
<8> It was much much easier done with OpenBSD's pf
<6> p3nguin : well that would be very easy, but not the best use of both connections
<2> I like your suggestion of port numbers.
<8> policy routing?
<6> p3nguin : you can use one connection for bulk traffic for all, another for interactive stuff etc
<8> marking packets with iptables and then routing them via iproute2 tables
<2> I wanted all my incoming smtp and http traffic to come in on connection2. The bulk of the outgoing traffic would be on connection1. However, we can do it anyway you think is good.
<2> I had three NICs in the Linux box and two cable modems, so I wanted to take advantage of the hardware.
<6> p3nguin: you can do that yes
<2> Today we will have to work in theory because I dis***embled the hardware. I will be re***embling it if I can learn the theory of making this work.
<6> p3nguin : if you're using susefirewall2 there's an option to add extra rules, you need that
<2> I'll be using Smoothwall.
<2> Or I'll switch to IPCop if that will support the requirements better.
<6> p3nguin : basically you add additional rules to "MARK" packets that match your criteria with a number
<6> p3nguin : then you add rules to route packets marked with certain numbers with the appropriate routing table
<8> http://www.tldp.org/PRIVOXY-FORCE/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
<8> This is the one I used
<6> p3nguin : hmm well I've not used either, but as long as they provide a facility to load additional custom iptables rules it shouldn't be a problem
<2> http://lartc.org/howto/lartc.rpdb.html
<8> its the one selter is refering to
<8> whoops
<2> selter: That link is the other scenario.
<8> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
<8> This is the real link
<6> p3nguin : I used SuSEfirewall2
<6> p3nguin : not like that
<4> ouch....
<4> Please excuse this disruption in service while we perform not-so-scheduled maintenance.
<4> We now return you to your regularly-scheduled #linux.
<3> wait for it.... wait for it...
<3> aha!
<2> I guess I could do that at night when the channel is inactive.
<2> It actually took 38 seconds for it to come in.
<9> Shalom everyone !
<6> Bye guys
<6> p3nguin :give me a moment i'll try and write something for you
<10> if httpd.conf is ok and filesystem perms are ok (even set to 777 down thru) - why would I keep getting a 403 Forbiddon hitting this test webdir?
<10> nothing I do changes it
<10> christ
<4> blakespot : check the DENY rules in your httpd.conf. That'd throw a 403 even if the filesystem permissions were accurate.
<4> also look at your log file. It'll usually tell you why permission was denied.
<10> they're the same as the httpd.conf of our server that
<10> 's running fine
<0> http://pastebin.ca/115610 That's new table now.. Is it looking correct now?
<11> blake: see your error log
<0> blueshark is sending crap messages, just to let you guys know.
<10> i commented them out - when i left the error log definitions in the apache config, i got a log error on screen in addition to the 403...
<11> blake: I suggest that you read what the error says
<8> blakespot, make sure there is no .htaccess in the directory
<10> no .htaccess
Return to
#linux
or
Go to some related
logs:
#india
kirisaki bus
hussam.com
#allnitecafe
#linux
#india
planetfaw
pei pei cheras
mengintai dari tirai kamar
asctime php
|
|