| |
| |
| |
|
Page: 1 2
Comments:
<0> heh
<1> Rawplayer: please turn it off.
<2> turn what off?
<2> i just type /foreach channel RE
<2> but i get the point ;)
<1> Rawplayer: then please don't do that.
<1> on channels you're not active on, people don't care.
<3> hello
<3> i need help
<3> i want to allow traffic to warszawa.pl and subdomains
<3> and if there is script inside site, allow it to connect to other sites
<3> how to get it?
<2> ?
<4> NAT question: What does the REDIRECT target do with INPUT packets?
<5> INPUT is in filter. REDIRECT can only be used in nat / PREROUTING. Do you mean what do the REDIRECT packets look like when they get to filter / INPUT?
<5> They would have the primary IP of the interface by which they arrived.
<4> I mean do packets destined for the host runing iptables get handled by PREROUTING?
<4> what happens?
<4> er
<4> s/PREROUTING/REDIRECT/
<4> oh
<4> wait.
<4> nat/PREROUTING is before filter/INPUT
<4> dur.
<5> In nat / PREROUTING the destination IP is changed to that of the incoming interface.
<5> (with -j REDIRECT)
<4> right, i somehow forgot.
<4> doesn't redirect also provide some way for the app reciving the packet to determine the original IP address and port?
<5> ryan`: I think to do that you'd have to use connmark or ctstate ... it's not integrated into ipt_REDIRECT, no.
<4> rob0, squid does it
<6> ryan`: squid does it by examining the request
<5> Yeah I was wondering about that
<4> but it works for HTTP/1.0 requests with squid.
<4> which do not supply a hostname
<7> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; echo 1 > /proc/sys/net/ipv4/ip_forward
<7> What is wrong with that?
<6> allowing everything in FORWARD?
<7> I have two nics in my desktop...and my desktop connects to the internet via eth1(I type dhclient eth1 after boot) and I have another computer connected to my eth0 card, how can I give that other computer access to the internet through my two nic card machine?
<7> danieldg: I dunno
<7> danieldg: Whatever the default settings are for debian/testing/iptables
<1> then your eth0 should be eth0
<1> err eth1
<7> ok
<7> debian:/home/jim# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE; echo 1 > /proc/sys/net/ipv4/ip_forward
<7> debian:/home/jim#
<7> Is changed it just now.
<7> trappist: It still doesn't work.
<1> you do have to allow the traffic in the FORWARD chain as danieldg said.
<6> debian's default is accept all, though
<7> How can I see if eth0 is working?
<7> I just formatted with debian, I did "dhclient eth1" to connect to the internet, then irssi -c irc.freenode.net then "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; echo 1 > /proc/sys/net/ipv4/ip_forward"
<6> then you did it with eth1, right?
<7> I'm on the two nic box now, connected to freenode via eth1
<7> But I can't get the box that is plugged into eth0 to work(the box with only one nic)
<6> jim__: what IPs do eth0, eth1, and otherbox have?
<7> http://pastebin.com/642836
<7> That is the box with two nics, the box with one nic outputs nothing from ifconfig
<6> jim__: well, that's the problem; eth0 has no IP
<6> ip addr add 10.0.0.1/24 dev eth0
<6> then set the other box to 10.0.0.2 with 10.0.0.1 as its gateway
<7> danieldg: If I setup a dhcp server will that work?
<6> yes
<6> but for one computer it's much easier to do it manually
<5> Don't forget to check the Ethernet transport layer ... make sure you have link lights and proper cabling (i.e., a crossover cable if connected directly.)
<8> rob0 here ?
<7> I need a crossover cable?
<6> jim__: yes, unless you have a hub or switch in between the computers
<7> How do I set ips? like 10.0.0.1?
<5> 20:40 < danieldg> ip addr add 10.0.0.1/24 dev eth0
<7> I just type that as root?
Return to
#iptables
or
Go to some related
logs:
#web
php undefine +a function -file -unlink
jesuashok
www.gnome look.com
stop gameguard
#physics
file_get_contents other domains
#fedora
aim: error while loading shared libraries: libstdc++-libc6.1-1.so.2:
#fedora
|
|