| |
| |
| |
|
Comments:
<0> hello, i do a big mistake:
<0> iptables -I INPUT -p tcp --dport 1:65500 -j DROP
<0> iptables -A INPUT -p tcp --dport 1:65500 -j DROP
<0> any posibility to connect on udp ?
<0> or ...other method
<1> yes, with that rule, you can connect on UDP
<0> how ?
<1> what udp service do you have open?
<0> ALL
<1> but do you have a daemon listening on one?
<0> what ? (noob here)
<1> ok, the answer is probably no
<0> yes...
<1> what are you trying to do?
<0> i have problem with flood i found a firewall and i paste all "rules" and is stop after that 2 "rules"
<1> were you connected via ssh?
<0> yes...
<1> well, you just locked yourself out
<0> i know.. :((
<0> no UDP posibility ?
<1> no, not unless you've set something up
<1> can you reboot the machine?
<0> no...that i'm thinking
<0> how can i reboot...
<0> but is 01:25 here
<0> and i can't go where is that comp :(
<1> and there's nobody there either, right?
<0> no...i cand open that building
<0> i need a key
<0> and...i can't go there without permision and lonley
<2> hi
<2> anyone knows how to block downstream traffic only on one interface allowing it on others?
<1> iptables -A INPUT -i eth1 -j DROP
<2> would that drop eth1?
<1> yes
<2> I don't want that.. I need to keep ppp0 up, but prevent it from allowing downstream traffic through it as it
<2> I use proxy to route traffic through dvb0_0 instead
<1> that's what this would do
<2> and ppp0 only for upload
<1> drop all traffic coming in through eth1
<2> oh I see..
<2> but not drop traffic coming out, upload?
<1> right
<2> thanks danieldg, it seems that worked but it also seems that for some reason dvb0 cannot work without some ppp0 downstream..
<1> what is dvb0?
<2> satelite card for satadsl internet, only downstream
<2> and I use ppp0 (which is a GPRS modem) for upstream
<2> but since some downstream traffic tends to leak to ppp0 as well, wasting bandwidth I wanted to prevent that by blocking it.. but it seems I mustn't block all of it
<1> do the interfaces have different IPs?
<2> yes
<2> I'm using proxy to route downstream through dvb ones
<2> brb
<3> Does iptables open up more ports when requested by another session on a different port, eg SIP port 5060 needs RTP ports open but RPT ports arent declared, would iptables open these RTP ports if a ESTABLISHED,RELATED clause is put in
<3> ?
<4> IIRC iptables cant track sip sessions
<3> so if rtp ports havnt been put into iptables directly it wont open them up for SIP dynamicly?
<4> right
<3> just making sure, I'm getting conflicting info here
<3> from some other ppl, thought i would come to the 'source'
<5> good morning
<6> I've installed the debian package for iptables, but it doesn't install any default config, nor does it actually start. There's an oldinitdscript that says: Did I mention "do not use it" already? Oh well.
<6> So should I be using something else?
<7> Hi
<8> hi
<9> I need to create an iptables rule to internet<->linux gw<->WIN2k to connecto to win2k using linux gw ip address instead of internet ip address. how do i do that ?
<10> how can I redirect a packet and still have the original destination host and port at the ulog entry ?
<11> Can i ask someone to just tell me whats the command to make iptables allow all, like it wasnt runned, i don't know iptables i need it for something else but firewall.
<1> werneck: log before you redirect
<1> quote: I have a script to do a full clear at http://daniel.6dns.org/info/iptables/empty - you might just be able to use iptables -F to clear if you haven't set policies or NAT rules
<11> thx
<10> danieldg: ok... thanks
<10> ed to do some manipulation on packets before they leave the network... the box performing it is on 192.168.1.254, the gateway at 192.168.1.1... I changed a windows box to use it as the gateway, but I can't figure out how to forward the packets
<12> werneck: you'll need to SNAT/MASQUERADE the outgoing packets; make sure you have forwarding turned on in the kernel also
<12> echo 1 > /proc/sys/net/ipv4/ip_forward
<10> robw810: ok...
<10> what's wrong with this rule ? iptables -t nat -A PREROUTING -p TCP --dport 80 --to-destination 192.168.1.254:8002
<10> ops... I missed -j DNAT
<12> werneck: got it?
<10> yes, I got it... thanks
<12> np
<11> I need someone who would set my iptables so i could limit connections for a user - in return i give a free 100mbit shell account with ftp, ssh and web access
<13> quote, why not use a nice gui and do it yourself e.g. firestarter
<13> and use some proxy to filter web content
<11> i need it in one hour
<11> there's no time for me to learn bout iptables
<13> sorry, i'm still a noob at this
<14> there's no time for me to learn bout iptables
<14> ;(
<13> kwowt, maybe try that offer in #debian or #linux, there are some smart guys there and there is activity in the chanel
<6> kwowt: linwiz is a web-based form and works nicely for simple setups .. it asks you basic questions about what you want to accept. Try using it, and if any question is confusing, ask about THAT here .. http://www.lowth.com/LinWiz/1.09/
<6> Sorry .. didn't realise you were the previous requestor too .. linwiz wont help you limit connections on a per-user basis
<6> Though I've seen plenty of tools around that add IPs to /etc/hosts.deny based on activity in log files
<15> Any professional probably has more shell accounts than s/he needs. :)
Return to
#iptables
or
Go to some related
logs:
#css
#css
qemu debian std-vga
libssh xubuntu
#perl
purty mouth slang
#fedora
#ldap
xfce-session xdm
#lisp
|
|