| |
| |
| |
|
Page: 1 2 3 4
Comments:
<0> -j REJECT
<1> yes
<0> ok
<0> thanks
<0> hmm
<0> hahaha
<0> obviously im doing work on the home router :)
<0> i tried a iptables-restore
<0> but that showed filtered
<0> so i restarted the service
<0> but its still filtered
<0> i want to hide this filtered state and have iptables send the reject packets
<0> so scanners dont detect it
<2> so scanners don't detect what?
<0> 138/tcp filtered netbios-dgm
<0> 139/tcp filtered netbios-ssn
<2> filtered means it's getting nothing back. I'm not sure what you're looking to accomplish.
<0> right
<0> normally when a port isnt open or service isnt open, the stack sends a reject packet back
<0> i just want portscanners to not even show those ports as filtered
<0> i want them to not even be listed
<2> oh, you don't want a scanner to know you've got a firewall?
<0> right
<0> i just want it silent
<0> quiet
<0> hidden
<2> they won't not be listed. nmap will say open, filtered or closed if it scans it.
<0> oh
<0> it cant mimic a closed port?
<0> what if i routed those ports to a closed port?
<2> sure, with --reject, but then it'll say closed.
<2> err with -j REJECT
<0> right
<3> not good for spoofing your pressence
<3> =)
<3> -J REJECT will show anyone port scanning you that you are rejecting connectings
<3> so showing you are there
<3> -j DROP
<3> you could be there or you could just be a nulled ip
<0> yeah i just swaped them out for drops
<0> oh ok
<0> also,
<2> otoh if you have any open ports there's not much point trying to pretend you're not there
<3> indeed
<0> should i drop external traffic from the internet with 192.168.*, 10.*, 172.16.* ?
<3> i still tend to use DROP anyway
<0> hmm
<0> i cant figure out what the problem is with my rules
<0> any instance where i forwarded a port to my internal lan,
<0> i cannot p*** traffic out on that port
<0> like
<0> i forwarded 3389 to my windows box for remote desktop
<0> but i cannot remote desktop out using that port from that windows box...
<0> did i forget to do something
<0> ?
<1> AlivesWrk: did you want to post your rules? iptables-save output preferred
<0> ok ill do that
<0> pastebin?
<1> sure
<0> http://pastebin.com/589737
<1> looks correct; you are trying to rdesktop in?
<0> yes
<0> that works
<0> but
<0> i cant rdesktop out
<1> oh
<0> also, on port 5190 (which aol uses to connect) i cant get out
<1> in the PREROUTING rules, add a -i eth0
<0> im thinking im missing some directive somewhere?
<0> oh
<1> you're re-NATing the outgoing connections
<0> should i add -i eth0 -i eth1 ?
<0> oh
<0> oooohhhh
<0> brilliant
<0> beautiful!
<0> that worked
<0> danieldg: you have really helped me a ton man
<0> i really appreciate it
<0> yesterday this time i knew nothing about iptables
<0> now i am somewhat familiar
<0> its a really cool program
Return to
#iptables
or
Go to some related
logs:
#python
grub loader error21
#linux
cxacru.deb
third root haskell
#perl
openembedded Unable to determine version for kernel headers
#gcc
#perl
#oe
|
|