| |
| |
| |
|
Page: 1 2 3
Comments:
<0> hi, can you help me to block messenger please...some information ?
<1> it's hard. you need to block the ports and IPs it uses
<0> how?
<0> some information?
<0> i can with squid too ?
<1> which how? how to find the ports it uses?
<0> 1863, but it's insufficent
<1> using squid, I think you can block messenger.msn.com or something, and also block port 80 to that IP range
<1> I haven't done it; google might have more info
<0> um
<2> algum trabalha com iptables em modo statefull?
<1> english?
<2> i speak
<1> can you repeat your question in english?
<2> did you work with iptables statefull mode?
<1> I've used it, yes
<2> ok
<2> i want to work with p***ive ftp
<2> behind my firewall
<1> load ip_nat_ftp and ip_conntrack_ftp
<2> i know how to do this, but i dont know if i open my network with my rules
<2> see my rules
<1> so it works, you are just wondering about security?
<2> $IPTABLES -A FORWARD -p tcp -s $NET_EXT -d $SERVER --dport 21 -m state
<2> --state NEW -j ACCEPT
<2> $IPTABLES -A FORWARD -p tcp -d $NET_EXT -s $SERVER --sport 21 -m state
<2> --state ESTABLISHED -j ACCEPT
<2> #$IPTABLES -A FORWARD -p tcp -s $NET_EXT -d $SERVER -m state --state
<2> NEW,ESTABLISHED -j ACCEPT
<2> $IPTABLES -A FORWARD -p tcp -d $NET_EXT -s $SERVER -m state --state
<2> ESTABLISHED,RELATED -j ACCEPT
<2> the rules below are in my firewall
<2> danieldg
<1> ?
<2> did you see my rules?
<1> yes
<2> are ok?
<1> you need to accept RELATED going into the server
<1> instead of NEW
<1> 3rd line should be $IPTABLES -A FORWARD -p tcp -s $NET_EXT -d $SERVER -m state --state ESTABLISHED,RELATED -j ACCEPT
<2> but and the new conections from internet to the my ftp server?
<2> ah, ok
<2> i understand
<2> thanks danieldg
<2> thanks all
<3> mi
<4> rza , you around?
<4> what should be my nat rules if my clients are running outlook?
<1> I don't think it needs anything special for outlook
<4> danieldg, im using this box as a firewall ,proxy
<4> int interface is eth0 , ext interface is eth1 .. it connects over pppoe
<4> for an adsl connection
<4> im using dansguardian and squid over 8080
<5> yes
<4> rza, i tried the iptables rules , im still not able to get outlook to connect to the mail server
<4> should paste you my tcpdump logs?
<4> except for outlook everythings running smooth
<5> hmm
<5> imap or pop3?
<4> rza, pop3
<6> hi
<6> latest kernel, fresh compiled -> iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT || iptables: Unknown error 4294967295
<6> never had that before
<6> anyone a hint ?
<4> rza, can i msg you in private
<6> sigh
<4> The ext interface is eth1, connects over ppp
<4> in the rules ive specified the external interface as eth1
<4> am i doing something wrong?
<7> if i put this rules, i get kicked out from my server, why is that? if my ip is 192.168.0.40
<7> iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -s 192.168.0.0/24 -j ACCEPT
<7> iptables -A INPUT -p tcp -m tcp -j REJECT
<1> you're not accepting the ESTABLISHED connections
<8> that's should be obvious, socram ... danieldg beat me to it :)
<7> i've got this: ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED in the Chain RH-Firewall-1-INPUT
<1> and RH-Firewall-1-INPUT is called before the rules you inserted?
<8> Rules are checked in order.
<8> And for heaven's sake, GET RID of that RH/Fedora firewall.
<4> danieldg, may i msg you
<1> why not say whatever it is in the channel?
<4> danieldg, ive got abt 15 pc's connected through a linux box running dansg,
<4> what should my rules be for them to be able to use outlook without problems
<4> iptable rules*
<1> what are they using outlook for? IMAP?
<7> do you encourage to use this kinda rules with state matches?
<4> danieldg, they are using pop3
<1> socram: I wouldn't use --state NEW; I would accept RELATED,ESTABLISHED and drop INVALID at the start, then the rest will be NEW
<4> danieldg, im sorry but im new to this
<4> correct me if im wrong
<1> nytr8: ok, are you filtering outgoing traffic?
<4> danieldg, so far the only rule set is for a transparent proxy
<4> nothing else
<1> then it should allow it by default
<4> danieldg, where can i paste some tcpdump logs that'll give you an idea
<4> cuz currently it dosent let outlook connect
<1> pastebin
<7> if i put 1st one rule Accepting all conn to port 22 an then one rule rejecting all conn to all ports, the 1st rule is overwritten by the 2nd?
<1> no, rules are checked in order
<4> danieldg, http://pastebin.com/587052
<1> DNS problems
<1> is 192.168.0.2 running a DNS server?
<4> danieldg, no i dont have a dns server on the network ...i think i have to forward the requests to my isp's dns server .
<4> am i right?
<1> well, 192.168.0.1 thinks 192.168.0.2 has a DNS server, and that's the problem. Yes, you should have 192.168.0.1 use you ISP's DNS server
<4> danieldg, how do i set it to use my isp's dns
<4> any iptable rules ?
<1> no, it's not iptables
<9> set the client, or in the dhcp server
<1> what OS is 192.168.0.1?
<4> 98
<1> the DHCP server would be the easiest
<4> danieldg, which way can i set up 192.168.0.2 to resolve the dns requests?
<1> install a DNS server on it
<1> I'd just tell 192.168.0.1 not to ask 192.168.0.2 though
<4> danieldg, how?
<1> something in the TCP/IP properties
<1> haven't used 98 in a long time, don't know exactly where
<4> danieldg, the gateway setting?
<1> no
<1> DNS server
<4> oh.
<4> danieldg, ive set the dns server settings, still no luck with outlook
<4> ill paste logs in a min.
<4> danieldg, i think its jsut not able to locate the dns server even though ive specified it in the settingd
<4> danieldg, http://pastebin.com/587123
<1> is that DNS server working?
<4> danieldg, it was set before i could put the linux box in between , and yes it worked
<1> also, is it mail.vsnl.net.com ?
<1> oh, never mind
<1> outlook's being "helpful"
<4> how should i know linuxbox is forwarding the dns requests to the server?
<4> danieldg, windows was always "helpful"
<1> do a tcpdump on the external interface, see what's going out
<4> k.
<4> danieldg, im not seeing any dns queries from the winbox
<4> over ppp0
<4> does this have anything to do with iptables?
<1> it might, if you're blocking them with iptables
<1> do you have any DROP or REJCET rules?
<4> danieldg, i did a iptables -t nat -F , -X -F
<4> everything to clear all the rules
<1> is ip_forward 1?
<4> atm yes.
<4> should i turn it off?
<1> no, it should be 1
<4> k
<4> well
<1> do you have an SNAT or MASQUERADE rule?
<4> danieldg, atm no ive flushed tem all
<4> them*
<1> you need one
Return to
#iptables
or
Go to some related
logs:
gnoomeeting
#css
toshiba satellite m60 dma cdrom install linux
#css
#linux
#ubuntu
ubuntu TEW 226PC
#linux
#math
tvtime i/o error : permission denied
|
|