| |
| |
| |
|
Page: 1 2 3 4
Comments:
<0> NOTRACK and UNTRACKED are new to me. Something else for me to read on...
<0> netfilter.org says that raw is in testing. I wonder if it is wise for me to use it...
<1> I've never noticed any problems with it
<2> danieldg: what si your website?
<1> daniel.6dns.org
<2> thank you
<2> danieldg: i need a good tool that makes it EASY for me to admin IPtables
<2> can you help me?
<0> robw810/danieldg: Thanks for looking at my script. I have integrated the changes.
<1> junix|work: hmm, sounds like you want one of the frontends to iptables?
<2> danieldg: i guess, the frontends seem to ****, if i could have a scirpt that asks me what i want open and closed trhat would be better, or maybe what services i want to be able to have accessed from the outside and from specific IPs
<1> I was thinking of making a script like that, but haven't had time
<2> i understand
<2> if i knew how, i would, but i'm always tired by the time i get home from work
<3> junix|work: fred87 (slamd64 maintainer) has something called kiptablesgenerator that may do what you want
<2> is it easy?
<2> and is it available for Debian?
<3> junix|work: well, it's a kde frontend basically, and it should compile on any nix
<3> er, linux rather
<3> It's not as flexible as writing a script yourself, but it covers the basics
<2> ok
<2> are there screenshots?
<2> danieldg: does iptables block serial connections? ie serial console?
<1> I'm pretty sure it doesn't
<3> http://developer.berlios.de/projects/kiptg/
<2> i like that, its uses the KISS method!
<3> Of course it does - slamd64 is based on Slackware -- the epitome of KISS
<3> :-)
<2> hahahahahaha
<2> ok
<2> i like slack
<2> its a very nice distro
<2> but that's about it
<2> ;-)
<3> yeah yeah
<4> The "ip" in "iptables" stands for "Internet Protocol", so no, that would not affect a serial console.
<2> thanks
<3> That falls within the purview of physical security imho
<5> chau gente, nos vemos
<6> anyone in here familiar with redhat's iptables methods?
<6> i dont understand it
<6> im very new to iptables
<6> i can copy rules and i understand most of them
<6> but i dont get why they would want to do it their own way
<6> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
<6> like
<6> RH-Firewall-1-INPUT
<6> what is that?
<1> it's a chain that is jumped to from input
<1> I'd just flush the rules and make a clean ruleset
<1> without the stupid RH-Firewall sutff
<6> really
<6> im not gonna run into trouble with that down the road?
<1> I don't think so
<6> ok
<6> i can always save it for later i guess
<1> unless you use a frontend the expects the rules to be in those userchains, but I don't know of any that do
<1> yeah, you can easily back it up too
<7> hi all
<8> im having some trouble getting nat to work...does anyone have a basic sample script i can look at?
<1> I have some: http://daniel.6dns.org/info/iptables/
<8> thanks a ton
<8> :OUTPUT ACCEPT [0:0]
<8> vs
<8> :OUTPUT ACCEPT [12:1580]
<8> what is the difference with that?
<1> just the counters
<1> that's what the [] are for
<8> right
<8> so that just means that the rule has been in place for a little while?
<8> so that shouldnt match up and should always be 0:0 in the main config file?
<1> it doesn't really matter, unless you're using the counters for something
<1> I just have it set to 0:0 because that's a good default
<8> ok
<8> i cant get my nat to work for some reason
<1> is ip_forward 1?
<8> lemme try a bare minimum config
<8> lemme check
<8> thats in /proc/sys/ ?
<1> /proc/sys/net/ipv4/ip_forward
<8> ahh
<8> its 0
<1> that's why :)
<8> ok
<8> what service do i need to restart to re-read that file?
<1> none
<1> it's part of the kernel
<8> crap
<8> oh
<8> reboot?
<1> no
<8> (its still nto working)
<1> that file is now 1?
<8> yes
<8> it was 0 though
<1> right. changes are immediate
<1> do you have the LAN set up correctly?
<8> eth0 is connected to the cablemodem and it pulled a dhcp ip
<8> eth1 has 10.10.0.1 with 255.255.255.0
<8> my windows box is on 10.10.0.2
<8> 255.255.255.0
<1> everything can ping each other?
<8> ohhh
<8> lemme check my gateway
<8> AHA
<8> it was the gateway
<1> works now?
<8> yeah
<8> man
<8> crazy how some extra help finds the loopholes you overloock
<8> ok
<8> how do i get it to forward dns traffic?
<8> or run a dns proxy somehow?
<8> open port 53?
<1> do you want to run a DNS server?
<1> I'd just tell the Windows computer the IP of the ISP's DNS server
<8> i think that ip changes alot
<8> i have to run bind to do that?
<8> i cant just have iptables p*** traffic to resolve?
<1> well, there are other DNS servers that will just forward
<1> you could do it with iptables, but then you have to change the iptables script every time the DNS IP changes
<8> oh
<8> yeah teh --to-destination thing?
<1> if you're going to do that, just set it up in DHCP
<1> that's the "right" way to do it
<8> how do you do it?
<1> hmm, I don't have a DHCP server installed anymore, can't find my config file
<1> I think there's some way to get it to forward the DNS servers
<8> ok
<8> ill investigate
<1> and the DNS servers really shouldn't change that often (or ever)
<8> thanks a ton for your help though
<8> you saved me tons of prodding
<1> yw
<8> yeah
<8> im just kinda skeptical
<8> they only give me 1 dns server ip
<8> i ***ume its load balanced or something somehow
<8> but its just iffy
<7> hi all
<6> echo "1" > /proc/sys/net/ipv4/ip_forward
<6> i ran that
<6> and ip_forward worked
<6> then i restarted
<6> and it reverted back to 0
<6> how do i force it to stay set?
<9> how do i map a port in iptables?
<9> nm
<10> hi all.. i need a help to setup an environment with iptables + freeswan/openswan (ipsec)
<10> my side of vpn has a internal address 192.168.0.x and the other side only accept packets from 172.20.1.100 (not a real ip address, but an alias). How can i nat this packet to enter in the tunnel with the ip source 172.xx.x and make its return ok
Return to
#iptables
or
Go to some related
logs:
#linuxhelp
#ubuntu
#debian
gentoo-sources compared vanilla sources
dlink dwl-g520+ ubuntu autodetect
#asm
ubuntu open display named
hlds_run -game cstrike -console memory
gentoo install telnet
Python usleep
|
|