| |
| |
| |
|
Page: 1 2 3 4
Comments:
<0> ftp/smtp/pop3/imap shouldn't be showing up...
<0> I even added 'iptables -I INPUT -p tcp --dport service -j DROP' for each
<0> a least if I understand it correctly, it should not able to detect a service on that port
<0> The services are not accessible, it just hangs when I try telnet xxx.xxx.xxx.xxx 25 for example
<1> Not knowing your ruleset nor where you're scanning from leaves me at a bit of a disadvantage.
<0> would dumping itables -L -v --line-numbers to a file suffice?
<0> iptables*
<0> or iptables-save?
<1> iptables-save might help, yes
<0> http://140.193.8.10/~xous/iptables-save
<0> ppp0 is my internet interface, and eth0 is my local network
<1> Looks like those first 3 rules in INPUT should drop FTP, SMTP and POP3, yes.
<1> Upstream proxying of those services would seem unlikely ...
<0> nothing shows up in tcpdump -i ppp0 port 25
<0> when I attempt to connect :/
<1> -A dst-local-network -d 192.168.2.0/255.255.255.0 -o eth0 -j ACCEPT
<1> People who do OUTPUT filtering get what they deserve :)
<0> O.o?
<1> well, where are you scanning from?
<0> a computer on a externel network
<0> at my university ;)
<1> umanitoba.ca
<0> yeah... and I'm scanning my residential connection
<1> So your scan is definitely coming in ppp0?
<0> yeah.
<1> do you control the PPP peer?
<0> if you want the address to do it yourself...
<0> the peer no (if I understand what your asking)
<2> hello, i am trying to drop an outbound port 25, that should just be iptables -A OUTPUT -p tcp --dport 25 -j DROP
<1> the peer ... the "p-t-p:" address in "ifconfig ppp0". Probably the default gateway address, too.
<0> yeah, the no, I do not control it.
<2> however that doesnt seem to work
<0> my adsl modem is a briding device
<1> m1ha5: depends what you mean by outbound, and what rules might precede that.
<0> bridging
<2> none. thats the only rule, outbound meaning any remote host port 25 connections from the localhost
<0> rob0: if you'd like to scan it yourself, I'll notice you the address
<1> xousbot: I can do that if you want, sure.
<1> m1ha5: from the machine with that rule, try to telnet to my port 25 (/whois rob0).
<2> thanks.. it works..
<0> hehe.. he left quick
<1> IRC is great for getting quick answers (if someone happens to be around that is), but it's not a good way to learn the basics of things. And most people I see here don't seem to know the basics.
<0> I try to leave asking for help as a last resort
<1> good
<0> much easier to fix things again that way
<1> All I can guess for you is that your PPP peer is doing something strange.
<1> or the ADSL modem ...
<0> hrm... I figured I was either rooted, the services were working below iptables, or nmap was screwed up
<0> but I can't remember the last time I scanned my self
<1> ah, being rooted is a possibility, yes.
<0> I re-emerged chkrootkit and then ran it
<1> Running any apache/php content?
<0> it didn't say anything..
<0> yeah, just messing with it
<1> proves nothing, chkrootkit
<0> have mambo and dragonfly
<0> and a few other web applications running
<1> Being Gentoo makes it a bit harder to compare against a known clean install.
<0> yeah... but I wanted to learn
<1> unless you made a backup and can read it on another system
<0> nope, I'm a little lazy and when I built the system did not have the forsight to use anything like tripwire
<1> do you have mc installed? Was it there from early on (before the possibility of being rooted)?
<1> I once used mc on a rooted system and I could see the rootkit.
<0> mc?
<3> Hi folks !
<1> `echo zp | rot13`
<0> command not found
<3> i'm playing with iptables to set some QoS on my network, i want to set prioritys to traffic depending on witch host it comes from
<0> before I started messing with postfix I only had auth/http/ssh running
<3> all docs i can find explain how to set limits to traffic, but not how to just set prioritys
<3> can someone point me to a good doc or how-to ?
<0> hrm... guess I'll find a live cd, if I don't get teh same results with the live cd, I'm either rooted, the kernel is doing something weird, or I have some very strange setting enabled.
<4> how can i make something like this work:
<4> #-A FORWARD -s 10.10.0.2 -p tcp -m multiport --dport 53,80,222,443,5190,995,465,50000,2710 -j ACCEPT
<4> #-A FORWARD -s 10.10.0.2 -p tcp -m tcp -j DROP
<5> does anyone know if it is possible to redirect based on domain name?
<5> does anyone know if its possible to redirect based on the domain name something is going to?
<5> this is a quiet channel..
<1> The fool pops in and quits within 10 minutes!!
<6> heh
<6> lots of irc channels move slower than most peopel think ;)
<1> I guess he doesn't understand any more about IRC than he does about iptables.
<6> grr.
<6> i'm hoping that moving to 2.6.16 will cause this wierd NAT issue to jsut dissapear
<1> oh man
<6> hee.
<6> i'm tired of 2.4.31
<1> I'm having good luck with 2.6.15.
<6> yeah i notied they merged in mppe which is kinda fun
<6> heh
<1> Still the SIP thing?
<6> *nod*
<6> the DNAT and SNAT rules are both set correctly
<6> but it's wierd how =just= the SIP traffic skips past the NAT
<1> ACCEPT the nat'ed packets in filter / FORWARD?
<6> yup
<6> the thing is i tcpdump on my internet interface
<6> and i see the packets going to my VOIP provider
<6> but with the LAN ip on them :/
<6> so the SNAT doesnt' take
<1> bbl
<7> l
<7> oops
<0> rob0: are you still around?
<0> anyway, it seems that those ports only show up from a scan on the university computer I was using
<0> on another residential connection (same isp, different city) it does not show any of the ports that shouldn't have shown up :/
<0> university must be doing some weird filtering on those ports :|
<0> anyway, thanks for all the help before :D.
<0> next weekend I think I'll rebuild the os anyway and set it up properly.
<1> SMTP redirection makes sense, but FTP? POP3?
<4> rob0: im still having iptables trouble
<4> i cant successfully block ports
<4> #-A FORWARD -s 10.10.0.20 -p tcp -m multiport --dport 80,443,5190 -j ACCEPT
<4> #-A FORWARD -s 10.10.0.20 -j DROP
<4> that should only allow .20 to access ports 80,443,5190 right?
<1> iptable-save/iptables-restore files use "#" as a comment character. Also, if you have an earlier rule which matches and accepts, your DROP rule won't be hit.
<4> right theyre commented because they werent working
<4> the problem is that its dropping *
<4> i need it to not drop those 3 ports and allow them out
<1> Does 10.10.0.20 use email? It might need out on other ports.
<4> webmail
<4> but i cant get .20 out on anything
<4> im trying to specify which ports are allowed out
<1> it can't resolve names :)
<4> so 53 too?
<1> it CAN get out, but it won't know where to go.
<4> well
<4> it can
<4> because thats done on this box too
<4> as an input rule
<1> it's using you as nameserver?
<4> yes
<4> a dns proxy
<4> dnsmasq
<4> it does that and dhcp
<1> -j LOG is your friend. Toss in a -j LOG before the DROP and see what hits it.
<1> <-- off to bed
<5> hey I dont know if this is the right place, but someone here might know where is, .. I am looking for a way to host multiple sites on my box, but the catch is I want seperate v-servers, but I only have one external ip, so the question is, does anyone have any idea how I could differenctiate trafic coming in on port 80,443,22... etc as going to different domains and then send them to seperate vservers as a result?
<8> is it possible to do "port triggering" with iptables?
<9> hello guys. I'm getting quite big SMTP flood nowadays, and started using this rule: iptables -A INPUT -i eth0 -p tcp --dport 25 --syn -m state --state NEW -m recent --update --seconds 15 -j drop
<9> it is quite good thing to hold down the traffic, but I would something like --limit-burst, eg incerase the penalty if the IP is trying more and more. Someone could help me in this?
<10> hello
<10> how do i open an port ?
<10> anyone alive ?
<11> }MatriX{: of course there are =P
<11> }MatriX{: what os distro ?
<10> tell me i want to open port : 6667 for example
<10> linux
Return to
#iptables
or
Go to some related
logs:
wpa_supplicant xubuntu
#python
installing appache in fedora
#fedora
#perl
slack libmp3lame
#suse
#gaim
#linux
unmask kdebase-meta
|
|