| |
| |
| |
|
Page: 1 2
Comments:
<0> or man ifconfig
<1> yes
<2> did you see my fw yesteday rob0 ?
<3> I type that on the box with two nics?
<1> ifconfig(8) works but ip(8) is the way of the future ... if you're just starting out, you should learn ip.
<1> you need to have 10.0.0.2/24 on the other box.
<1> blackshell, I think I did.
<3> http://pastebin.com/642900
<2> rob0 what could block pings?
<1> jim__: iproute2 probably.
<1> (to install)
<4> jim__: apt-get install iproute
<0> (ifconfig would have been there)
<1> True. But I'm still trying to unlearn ifconfig/route. :)
<0> that's still a useful thing to know about IMHO, if you want to be able to play with *nix and not only linux
<1> Not that jim__ will ever need it, but ip(8) can do many things that ifconfig/route cannot, like multiple routing tables and rules.
<1> Yes, good point.
<0> but I see iproute utility cool as it provide a uniform syntax over several tools, and probably because the underlayer seems to me more elegant (using netlink services)
<2> > 0 22:29:10 479 # nmap -sS 193.77.124.252
<2> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-04-05 23:14 CEST
<2> Failed to lookup subnet/netmask for device (eth1): eth1: no IPv4 address ***igned
<2> QUITTING!
<2> how to solve this ?
<4> ***ign eth1 an IP?
<0> or spoof one maybe ?
<2> yes
<2> danieldg
<2> but
<0> -S <IP_Address> (Spoof source address)
<0> In some circumstances, Nmap may not be able to determine your source address ( Nmap will tell you if this is the
<2> if i ***ign eth1 ip
<0> case). In this situation, use -S with the IP address of the interface you wish to send packets through.
<2> i mean
<0> read the man dude
<2> pppoe disconects
<0> tons of usefull stuff, nmap's one is pretty cool
<4> is pppoe going over eth1?
<2> yes
<2> danieldg yes
<4> blackshell: well, you need to get nmap to send the packets over the pppoe interface. I've never used pppoe, so I don't know how
<2> i see
<2> but how would i give ip to that network card?
<4> you don't
<2> hm
<2> but as i remember
<1> I suppose PPPoE is similar to bridging, where the Ethernet hands off to a virtualized IP layer. You give the NIC an IP address of 0.0.0.0/0. Then typically the ppp0 interface would be the one with the default route.
<2> it workd for me in the past
<1> <== has done bridging but not PPPoE
<2> well pppoe is the things that connects over one network card to internet
<2> ppp0 Link encap:Point-to-Point Protocol
<2> inet addr:193.77.124.245 P-t-P:213.250.19.90 Mask:255.255.255.255
<2> eth1 Link encap:Ethernet HWaddr 00:06:29:B3:DF:6C
<2> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
<1> 213.250.19.90 is the peer, is it reachable? Oh you said you're blocking pings.
<1> http://www.netfilter.org/documentation/HOWTO//networking-concepts-HOWTO.html might be useful reading.
<2> yes
<2> but blocking incoming pings
<2> not outgoing
<1> See the icmp section in the man page.
<2> ok
<5> anyone here very familiar w/ SSH tunneling? (talked to rob already)
<4> [707th]whitey: what do you want to know?
<5> basically I have a box on my univ campus that is behind a firewall... outgoing connections for the most part aren't monitored, but to have an incoming connection to it from OUTSIDE the network, I have to use the cisco vpn client... I'd like to ssh port forward back to it from a box off campus... i've tried ssh -R/L 7777:my.ip.inside:21 user@my.host.outside
<5> i've also tried forwarding ssh
<4> are you connecting from my.host.outside?
<4> or from other.host.outside?
<5> other.host.outside
<5> to my.host.outside
<5> and trying to tunnel to my.ip.inside
<4> ok, then you need to use -R *:7777:my.ip.inside:21
<4> and apparently my.host.outside needs to have the GatewayPorts option enabled
<4> (man ssh)
<6> hi all
<7> hello
<7> could somebody please explain the error message "Warning: weird character in interface `venet0:0' (No aliases, :, ! or *)." to me?
<7> i receive that when i use "venet0:0" as interface in my iptables rules
<4> you can't do that
<7> :(
<4> you have to use vmnet0, and maybe match on the address
<7> its a virtual server that uses this virtual ethernet device
<1> (or, using vlan interfaces, see vconfig(8))
<7> venet0 alone is bound to 127.0.0.1, not my external IP
<7> and venet0:0 is a vlan interface
<1> what is venet? Never heard of it.
<7> as i said, its a virtual server
<8> hey guys
<8> i have a real quick question. Can iptables filter/sort based on hostname as well as ips or only based on ip being connected to?
<4> only on IP
<8> hello and thank you again danieldg :)
<4> you're welcome
<9> `/j 2
<10> how can i drop traffic to *proxy.aol.com*
<10> whatis teh rule to drop traffic iptables -i eth0 host -J drop or something
<11> hi
<5> any1 around?
<12> Hi, i just changed the iptables log levels but. after that i cant ping any system and no system can ping my system whats wrong ?
<13> Prudhvi: that interesting
<13> how much are you trying to log ?
<13> www.pastbin.com please
<13> lol
<13> www.pastebin.com please
<12> hard__ware, the log level initially was set to debug i changed it to info thats it
<13> justa making sure '
<13> still pastebin either your iptables -nvL output or iptables rules
<12> hard__ware, thats a remote system. i cant login now :(
<13> great ... did you re-apply the settings on the fly ?
<12> hard__ware re-apply ?
<13> did you just change the single rule manually using iptables binary ... or did you re-apply or restart the rules ?
<12> hard__ware, i manually changed the rule and then restarted the box.
<13> i see ... is it via a iptables atomic save file ?
<13> or its a scripted firewall of sorts
<12> hard__ware, i did iptables -R OUTPUT -j LOG --log-level info
<13> ok, but how does you firewall work ...
<13> via a iptables-restore file ?
<13> becasue you said you rebooted it
<12> hard__ware i dont know that
<13> how was the firewall setup ?
<13> via a Gui or CLi
<12> hard__ware CLI
<13> originally ... not recently
<12> it is a default Debian Instlation
<13> if so ... you either should be using a save file like so .... /etc/sysconfig/iptables
<13> ok ... i see
<13> hmmm i dont use debian ... its most likely got a iptables-restore/save file
<12> hard__ware ok
<13> if so , edit it (when you get access) and add all of your applicable Rules to that File ...
<12> hard__ware, Yes i am doing it :)
<13> or if you like ... you could always use a script =) ... http://hwfirewall.sf.net ;-)
<13> good stuuf Prudhvi:
<12> Ok, i`ll give that script a shot
<13> i used to use debian ... back when ipchains was hip =P
<13> prefer slack these days =)
<12> hard__ware slackware ?
<12> any thing special in Slackware.?
<13> nah not really , that kinda why i really like it ...
<13> nothing really there @ all compared to most distro's these days
<13> so it makes a great stable base to build on
<12> hard__ware i know a guy who works in Redhat. But yet prefer running only Slackware and Debian
<13> im sure
<13> =) that would be easy
<13> i install redhat for my customers every week
<13> dont mean i use it entirely myself
<13> =)
<12> personaly i feel RH ****s
<13> lol , it has it strong points
<13> and defently its downsides
<12> the thing is they are using the Community Support and making $$ out of it
<12> thats how the FEDORA porject is Born
<13> but everyone must admit , ist not like redhat doesnt give back
<13> looks @ all of there very tallented Programmers pumping work in the Linux 2.6 project
<12> hard__ware gave back as in ? what did it really gave back.
Return to
#iptables
or
Go to some related
logs:
+replace +regexpression +manual
gentoo utemper blocking libs apps
#perl
#gentoo
#php
installing kmod-fglrx
kpowermanager
#suse
exit X ubuntu
drop out of your pack daddy? nethack
|
|