| |
| |
| |
|
Page: 1 2 3
Comments:
<0> even the temperature of our serverroom
<1> nice
<1> this sounds really good
<0> yeah
<0> all you need to do is configure snmpo
<0> -o
<0> and possibly make some scripts (i bet theres some in cacti forums)
<1> i see
<0> if you want iptables graphs
<1> http://cetus.andy.blyler.cc/cacti/graph_view.php?action=tree&tree_id=1&leaf_id=7 || this user has important graphs. :) i'll wait with graps for now, but i am looking for batter report like linux does itself in var/log files... for example Time . Date . VICTOM: IP >>> ONE OF MY 4. IPS . Number of packets ... etc.
<1> any ideas rza ?
<1> :)
<0> hmm
<0> fwanalog - firewall log-file report generator (using analog)
<0> fwlogwatch - Firewall log analyzer
<0> wflogs - The modular firewall log analyzer of the WallFire project
<0> quick apt-cache search
<1> i see
<0> i prefer graphs over reports
<1> yes true but i need to collect ips that ping me during the ddos so out of that i know who is ddosing server
<0> use snort?
<1> hm
<1> never heared about it
<0> snort - Flexible Network Intrusion Detection System
<0> it has ddos rules
<1> i see
<0> you can even use snort to block ips with iptables
<0> i use snort in our lan
<0> the lan is divided in small segments
<0> which are isolated with firewalls
<0> and if theres virus traffic in those segments the ips get instantly blocked
<1> i see
<1> well i wouldn't like that snort overtakes my iptables
<0> it doesnt
<1> just to report me and than i would fix that
<0> the iptables parts need extra coding / patches
<1> oh cool than
<1> so you preffer snort ?
<0> basic snort is just reports
<0> let me show you
<1> ok
<0> http://pastebin.com/639702
<1> looks nice
<0> you can also easily make your own rules
<0> if needed
<1> good
<1> is it hard to install it ?
<0> which distro?
<1> slackware
<0> shouldnt be hard
<0> in debian its just apt-get install snort
<1> ok
<0> :)
<1> ;)
<1> lucky ;)
<1> i'll check if slapt-get has this package ;)
<1> pts/1 root@codeplanet:/etc/bind/p
<1> > 0 13:54:18 540 # slapt-get --search snort
<1> no luck ;)
<1> ha! i have it rza
<1> http://www.linuxpackages.net/search_view.php?by=name&name=snort&ver=10.2
<1> :)
<0> hjehe
<1> ;)
<2> hi anyone here
<1> rza is there anything special that has to be configured now after installion of this snort?
<0> you can specify which rules you use
<0> in snort.conf
<1> ok
<3> I'm new to ipables, and im getting an error i dont understand. whenever i try to restore a rules set, i get line xx failed, where xx refers to the COMMIT line of the *filter section. There are no errors for any of the lines i have added, it just fails on commit. can anyone help me work out why this is?
<4> optimism_: an error on commit means there is an error above
<3> is there anyway to find out what the above error is?
<4> try removing all the rules and see if it still happens
<4> or run the script one line at a time
<3> ive added three rules of my own. without the three, itll succeed, but all three rules come from a sample tutorial thing
<4> what are the rules?
<3> ok this is the one thats breaking it:
<3> -A INPUT -m state --state NEW -m tcp --dport 22 -j ACCEPT
<4> it needs a -p tcp
<3> so it does. proof that i can in fact, not read
<3> thanks :)
<4> np
<1> rza it seems it is all already configured like it should be... do i need to run something special now to make it workable ?
<3> danieldg: theres no error in the config, but with the rules in place, the ssh port isnt open properly. incoming requests are timing out
<4> optimism_: do you have a --state RELATED,ESTABLISHED -j ACCEPT rule?
<3> no :( ill go add it
<4> needs -m state in there too
<3> theres on in the sample, ill go copy it
<3> thanks </sheepish>
<3> how does this "$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE" translate to something i can put in my saved file from iptables-save? restore doesnt like the -t nat option?
<4> optimism_: it goes in the *nat section
<4> run the command and to an iptables-save to see
<3> ah right
<3> im still such a newb at this :(
<4> well, you have to start somewhere ;)
<3> :)
<3> now, to boot the laptop and test the forwarding
<5> Hi! I' m just trying to use simply this rule: iptables -A INPUT --dport 80 -j ACCEPT, but iptables says unknown arg --dport.
<5> I think i must load a module, but does anybody know which kernel module i need to load? Or is there any mistake in the syntax?
<3> iptables -A INPUT -m tcp --dport 80 -j ACCEPT ?
<3> iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT ?
<3> the latter i think
<6> zzz: What you want is: iptables -A INPUT -p tcp --dport 80 -j ACCEPT
<3> ooh close :P
<6> -m is for a match
<6> and not a match for a protocoll
<6> -m state .... for connection tracking etc.
<3> oh i see
<4> adding -m tcp works too, it's just not needed
<4> (--dport is part of the tcp match)
<3> while you're here, do you know what rules are needed to allow incoming dns requests?
<6> danieldg: Dont tell them to write weird rules :D
<5> optimism_: sorry, i just tried out, and tried to figure out why i need to use -p and -m tcp... .
<6> optimism_: What dns rules?
<6> Zones transfers or dns queries?
<5> i mean only -p needed.
<6> zzz: Yes, you don't need -m if you don't want to match additional matches
<3> WoodyWoodpecker: im not sure. the box with iptables im configuring is also running bind, and atm, a client on the network cant use bind
<6> optimism_: Then you need udp/53
<3> ty :)
<6> optimism_: Only use tcp/53 for zones transfers
<5> WoodyWoodpecker: yes, but why should i use -p if i use --dport? For example if i want to allow it for udp and tcp, then should i write 2 rules?
<6> optimism_: $IPT -A INPUT -i <interface> -p udp --sport 1024: --dport 53 -j ACCEPT
<4> WoodyWoodpecker: er, why do you include the --sport 1024:?
<6> zzz: Yes, but you could do this too: $IPT -A INPUT -p ! icmp --dport 53 -j ACCEPT
<4> I don't think that rule works
<6> danieldg: well, its just me ... Security issue.
<3> WoodyWoodpecker: do all requests source from port 1024 rhwn?
<6> I didn't try, but it should
<3> then*
<4> WoodyWoodpecker: the --sport 1024: is bad for DNS since some servers send with sport=53
<6> optimism_: Yes, they should. Note, that < 1024 are registered protocols only. A user with a browser uses > 1024
<6> danieldg: Well he said users can't access bind
<3> oh is 1024: a range specifier with no top limit?
<6> danieldg: -p ! icmp works
<4> WoodyWoodpecker: not on my system, just tested
<6> 1024: mean 1024:65535
<3> can you or two conditions together, is --sport 53 or --sport 1024: ?
<6> danieldg: man iptables tells so
<4> WoodyWoodpecker: then it must be wrong
<6> optimism_: Yes, you can add both togetter ^^
<6> danieldg: I didn't try
<4> WoodyWoodpecker: I can't find that in my manpage
<6> danieldg: line 129
<6> In the Parameter section
<4> WoodyWoodpecker: the -p, --protocol [!] protocol section?
<4> WoodyWoodpecker: that does not say you can use --dport if you say ! icmp
<6> danieldg: No, but icmp doesn't use a port, so I ***umed so
<6> danieldg: Yes, that section
<3> WoodyWoodpecker: sorry, how can i specify multiple source ports? it wont let me have multiple --sport items, and it wont take --sport 53,1024:
<4> optimism_: use -m multiport --sports 53,1024: or just omit it
Return to
#iptables
or
Go to some related
logs:
key gezmods
ped_disk_new raid0
Packaman Bremen
#perl
#bind
#centos
#osdev
#php
#lisp
crassworm
|
|