| |
| |
| |
|
Page: 1 2
Comments:
<0> rob0?
<1> i fell off
<1> did you write something rob0
<1> ?
<0> anyone here ?
<2> i am
<0> ok
<0> my firewall is blocking icmp pings, i forgot how to disable this so pings will be enabled again
<0> could you help me please?
<3> i would guess you need a -A INPUT, -p icmp, a -m match on the type of icmp message (not sure how to do that yet) and a -j ACCEPT. am i close? :P
<4> yes; the iptables manpage can fill in the details of how to match (--icmp-type iirc). That rule will also need to be before any DROP or REJECT rules that match pings
<3> im learning :P
<0> ;)
<3> if i set a rule to deny all outgoing icmp, except ping, will this break a later rule which rejects with an icmp message?
<3> crap,. i think i just locked myself out of everything
<5> ;)
<3> bah, my drop all remaining traffic lines kill nat, dns, ping :(
<6> hi all
<6> can anyone tell me what is wrong with this rule ?
<6> iptables -t nat -A PREROUTING -s 10.30.142.12 -p tcp --dport 80 -j DNAT --to 10.
<6> 30.143.1:80
<6> sos :/?
<6> sorry me lost connection
<6> did * here read my request?
<7> agrrrrrr
<7> kidan troublesome with my connection
<7> can any1 give me a hand here ?
<7> iptables -t nat -A PREROUTING -s 10.30.142.12 -p tcp --dport 80 -j DNAT --to 10.30.143.1:80 about that rule
<7> hello 123 any1 here please give a signal of life
<8> debiankid1: You tell US what's wrong with it. What was it supposed to do? What is it doing instead? Maybe you're blocking it in the filter table?
<7> rob0 thats the error
<7> iptables -t nat -A PREROUTING -s 10.30.142.12 -p tcp --dport 80 -j DNAT --to 10.30.143.1:80
<7> when i try to run http://10.30.142.12:80 nothing happends
<8> -s means source IP
<7> how the rule should be writed?
<7> rob0 ??
<8> What you have is "HTTP packets from 10.30.142.12 [hitting any local interface's IP] should have the destination changed to 10.30.143.1".
<8> See /topic, "having NAT issues?"
<7> rob0 aha=?
<9> anyone around that's familiar w/ ssh tunneling?
<7> rob0 d you think i can resolve that reading ?
<7> rog0 is iptables -A PREROUTING -d as i read ther
<8> [707th]whitey: I have done it, but not much.
<8> debiankid1: I don't understand the last 2 lines you wrote.
<9> rob0, may I pm you
<9> nm
<9> basically I have a box on my univ campus that is behind a firewall... outgoing connections for the most part aren't monitored, but to have an incoming connection to it from OUTSIDE the network, I have to use the cisco vpn client... I'd like to ssh port forward back to myself from a box off campus... i've tried ssh -R 7777:my.ip.inside:21 user@my.host.outside
<7> rob0 im reading the page
<9> so I can ftp to my inside box from anywhere outside, via the box outside
<7> rob0 iptables -t nat -A PREROUTING -p tcp -d 10.30.142.12 --dport 80 -j DNAT --to-destination 10.30.143.1:80
<7> grrr
<7> i dont understand :(
<7> rob0 i read the doc and i addes this to my iptables
<7> c
<7> iptables -t nat -A PREROUTING -p tcp -d 10.30.142.12 --dport 80 -j DNAT --to-destination 10.30.14
<7> iptables -t nat -A PREROUTING --dst $INET_IP -p tcp --dport 80 -j DNAT \--to-destination $HTTP_IP
<8> Holy moley! It's still in my .bash_history ... has been years since I did the ssh tunneling!
<7> 10.30.143.1:80
<8> Oh I don't know about tunneling ftp in ssh ... the very thought of that makes my head hurt :)
<8> [707th]whitey: try -L
<8> that's what I used.
<9> i have =[
<8> from .bash_history: ssh -Nfc blowfish -L 1119:localhost:119 rob0@remote
<9> -L sets up a tunnel TO the OUTSIDE from my comp in the INSIDE, i believe... binds a port on the LOCAL machine
<9> opposed to remote
<7> rob0 and i , what about me ?
<8> that was for NNTP obviously
<10> Hello. I am trying to allow an IPv4 address access to a specific port using IPTables, and the IP address like nn.nn.nn.309 . "iptables" doesn't like anything more than 255 with a mask of 32, and I can't find another mask that will be accepted. Could anyone please help me? I think I'll understand fundamentals better after I learn what is at work here.
<10> Right now I'm putting nnn.nn.n.309/32 and I'm gettting "host/network `nnn.nn.n.309' not found".
<8> Um, philverb_w ... IPv4 only goes up to 0xFF per quad ... 255
<10> So my 309 number is IPv6 (with which I basically have no experience.
<10> )?
<8> no
<8> it's not ipv6 ... it's not IP at all?
<10> Oh.
<10> Jeez.
<10> Sorry, man.
<8> debiankid1: you're missing some fundamental piece of the puzzle and I can only guess at what it might be.
<10> They guy (a developer) mistyped 209 as 309.
<8> haha
<10> I'm really sorry.
<8> :) np
<10> "Stupid question" soufflet!
<8> Maybe it was typed on April 1.
<9> actually rob0 I've tried both -R and -L and neither seem to work
<7> rob0 ok im out 4 today , gived up
<8> [707th]whitey: can you tunnel an easier protocol?
<9> i'll try ssh
<8> with ssh you could do scp, too.
<9> that's what a compsci prof told me earlier
<8> Wow, a professor knew that? Must be a good school! ;)
<9> b/c i was explaining it to him... he was like... what, you tryin to rape the campus/our depts bandwidth?
<9> doesn't look like ssh is working either
<9> actually, when I ssh the machine that I bound port 7777 to, it wants my login on IT, as opposed to the machine that it's sposed to be tunneling to
<11> hi folx
<12> hi
<13> how can i stop iptables service in debian ?
<14> its not a service
<13> okey.
<13> rza : Then i want to stop iptables working. how can i do that please
<14> iptables -F && iptables -F -t nat
<14> and set all policies to accept
<13> in redhat we used to use /sbin/services iptables restart. is there anything like that for debian.
<14> check what that script does
<13> sure.. i got your saying.
<13> thank you.
<15> RE
<16> how can i add a host to internet to a LAN waht is the iptables coomand
<16> what is the DNAT command
<16> iptables -s ip -d ip -j DNAT ??
<16> o wamnt to forward a host from the lan
<16> to the internet
<4> describe your setuation better
<4> that's probably SNAT
<4> just match on the source IP
<4> and you need to put it in POSTROUTING chain of the nat table
<16> yes maybe SNAT i forgto
<16> i did one once
<16> how to ad an ip from lan using iptables to the gateway server
<16> what is the SNAT coomand i forgot
<17> Is there any way to limit the number of connections/per ip/per hour ? (in order to prevent flood attack on a php script for example)
<8> yes -m recent or -m limit can do that.
<18> or -m connlimit, with some patch-o-matic help
<19> I am using a VPS running fc2 - with a custom kernel presumably designed for the VPS... I ran lokkit to create a default firewall ruleset...
<19> iptables won't take any rule with 'state' in it
<19> so the default ruleset won't work
<19> however, rules without 'state' in it work fine
<19> my problem is that, without RELATED traffic being accepted, I can't connect to anything from my system; I can only accept connections on ports that I leave open..
<19> i.e. I can't add the "RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" line
<3> missing kernel module?
<19> likely...
<19> but I wouldn't know which module to load
<3> me neither
<19> is there a way to make iptables do what that line says without using lines that include states?
<15> RE
<19> RE?
<3> regex?
<17> rob0: how can I make a rule per IP with -m limit ?
<19> that's just great... insmod ipt_state does absolutely nothing...
<20> devios: That is a stupid way that Rawplayer always uses to say "I am back again". And that in about 20 chans
<15> lol
<15> i love the responses
<3> JulienH: check the docs but ive seen -m limit --limit 3/minute --limit-burst 10
<19> WoodyWoodpecker is a bit hostile, eh? though your "RE" certainly deserves a hostile response, now that I know what it is
<20> devios: If you are working and only helping guys on IRC and when ever somebody posts something you try to go there quick to help someone that ****s if it is just "RE" in ~20 chans.
<19> hahahhaa I'm with ya
<20> Rawplayer: Please stop that ...
<20> devios: It is not that I need to help, it is that I want to help ...
<19> heh
Return to
#iptables
or
Go to some related
logs:
needs unknow symbol module_refcount
Diana Significate
_dl_tls_get_addr_soft linux
PHP_MODNAME
twisted popen
kubunty java
gentoo equerry
gentoo-wiki localtime
gam-server umount
Karma Goldfish
|
|