| |
| |
| |
|
Page: 1 2 3
Comments:
<0> This page is for Apache 1.3 users. If you use Apache 2.0, see the Apache 2.0 version of mod_limitipconn.
<1> Thee is one?
<0> http://dominia.org/djao/limitipconn.html
<0> read the page, luke
<0> so, you havent researched the issue well
<0> :)
<1> thank you
<1> and not as well as I should ahve no
<1> apparently
<1> but search the apache mods for it under 2.0 ;)
<0> http://cband.linux.pl/
<0> also check that
<1> It didn't come up for me, closest I found was bw share
<0> google
<0> i googled from ten seconds and found two modules
<1> google sent me to more 1.3 things, I guess I didn't phrase my search query
<1> right
<1> thanks tho.
<0> does that tell about my superior googling skills or your lack of research?
<0> we might never get answer to that..
<0> :)
<1> :P
<1> I'll go with your superios googling skills
<0> "apache2 limit connections per ip"
<0> that was my query in google
<1> kk thanks. :)
<0> no problem
<1> :)
<1> one last time thanks rza
<0> no problem
<0> thats what im here for
<2> Oooh... ipset looks incredibly useful.
<3> i'm trying to get iptables to allow p***ive ftp, and from what i can read, i need to allow two ports. but in the exaple i read, the comand had a destination parameter to only one ip, but i have 40 pc's who want access to ftp, so what would that command look like? iptables -t nat -A PREROUTING -p tcp --dport 1045 -j DNAT --to-destination 0/0 ? That doesnt work...
<3> i think destination needs to be the gateway...
<3> anyways, 10x
<3> bye
<4> hi
<4> does anyone know a good webinterface programm for iptables ?=
<4> to view the logs
<5> want to make a nat box, i got eth0 where my clients are, and eth1 where i got my internet connection with a valid ip. what do i've gotta do?
<5> eth1 should be the only way out to the internet, right?
<5> do i've to do some redirect rules or some routing rules besides the snat?
<6> hi all, my school server (debian) is protected by a firewall (not administrated by me). I would like to have direct access to my mysql server, but the port is blocked by the firewall
<6> is it possible to set up port forwarding rules on that linux machine because e.g. irc (6667) is allowed
<7> can't you use ssh port-forwarding ?
<6> e.g. that a mysql client connects to the irc-port of the server running mysql, which is then redirected to the mysql port
<6> no, my users want to use a windows program
<7> what about putty ?
<6> ok, i see, i will try
<6> but anyway, it interests me: is it possible?
<7> btw you don't really give details about your network topology, or I'm too tired trying to guess it
<6> ok, sorry
<6> here you are: debian server with public ip
<6> name it IP_INET (ip of the internet device)
<6> the firewall is located on the internet provider side
<6> mysql 3306 is blocked
<6> but i could run a irc server on port 6667
<6> my only question is: is it possible to redirect a connection arriving on a linux computer on port A to port 3306 on the same computer and redirecting the answer in a way that for the client problem it seems to come from port A from that machine
<6> s/problem/program/
<7> target REDIRECT seems to do the deed
<7> if you got root access on the gate
<7> erm forget the last one
<6> ah, REDIRECT, i tried it with SNAT and DNAT and got it only partially working (saw to answer of mysql, but immediatley got bad handshake)
<6> well, i tried it with redirect, but got bad handshake as well.
<7> what does it mean ?
<7> any logs ?
<6> my rule: iptables -t nat -A PREROUTING -p tcp -i $DEV_INET -d $IP_INET --dport 6667 -j REDIRECT --to-ports 3306
<7> so you got root acces on the debian school server ?
<6> sorry, need to be more clear: to test the connection, i tried to connect from a client linux machine with telnet server-ip 6667
<6> yes
<6> but not on the provider's firewall, only on the local firewall of the server running mysql
<6> which has a pulib ip
<6> public ip
<7> (mysqld)---(internet)---(fw)---(debian gate)---(mysql client)
<7> is that it ?
<6> mysqld running on school linux server with iptables and public ip --- dsl to provider --- provider's firewall that blocks 3306 --- mysql client
<7> oki
<6> so, the problem with redirect is that it does not change the reply packets from mysqld ?!
<7> you can check that easily, but I think it does a good job
<7> (yes it does, checked)
<6> which one? redirect or snat/dnat?
<7> redirect is working fine
<7> your client will speak with tcp/3306 without any problem
<7> erm
<7> 6667
<6> ok, I tried: iptables -t nat -A PREROUTING -p tcp -i $DEV_INET -d $IP_INET --dport 6667 -j REDIRECT --to-ports 3306
<7> test it with mysql --port=6667
<6> no, no, mysql must be running on port 3306 (used for local applications), but must also be available on port 6667 for internet clients
<6> ah, my mistake
<7> (client side)
<6> i thought you typed mysqld --port=6667
<6> matth_, thank you very much, it seems to work indeed (only need to adjust mysql users permission to connect from the outside)
<7> yep (seen that too)
<7> on my setup ;)
<6> matth_, interesting is: when I type on the client: telnet mysqlserver-ip 6667
<6> matth_, i get a "Bad handshake" after the server response
<7> I don't know what you are expecting doing a raw telnet, at least seeing the port is open, but after that... that's binary so...
<7> on my setup I got a mysql banner, and a timeout after .... ~6sec
<6> ok, it works, i changed the user's permissions, thanks!!!
<7> np
<6> cu, gotta go, thanks
<8> hello All
<9> Hello. I would like to set up my wireless network so that when users try to get out, they are p***ed to a web site where they must agree to the terms before being able to go anywhere. I was wondering if anyone can point me in he right direction?
<8> I'm new in IPTABLES, and I want to know where can I find the actives rules
<10> iptables -L
<5> iptables -nvL gives you a nicer look...
<8> but don't exist a text file?
<9> in your config it would
<8> please, explain me better?
<11> aliesky, iptables-save(8)
<9> I understand that I should create an outbound filter that forwards them to my web server, and then have a script on the web server to add them to the ACL. But I don't know what its called in iptables
<11> hakejam: that's not a trivial task.
<12> Hi, I'm using ipsets, and it appears as if I do iptables -v -n -x -m set -L input --set accounting src,dst it doesn't print the packet count of specific ip addresses in an ipset, but just the entire set... anyone know how I can get it to tell me the packets of a particular IP in an ipset?
<9> rob0: you know where I can find something to help me get started?
<11> Did you try searching freshmeat?
<8> when I run iptables-save where are save it?
<8> in /etc?
<9> rob0: I don't know what I am searching for
<9> just outbound filtering? ACLs in iptables?
<9> heh, i think I just answered my own question
<11> Not OUTPUT, it's FORWARD
<11> actually I think you'd do this in nat/POSTROUTING
<11> Don't SNAT your non-authenticated clients out.
<8> Hey I can't find the IPTABLES in /etc/init.d
<8> I use Debian
<7> that's not expected
<8> How can I rejecy all incomings connections from any IP to any port?
<13> iptables -A INPUT -j DROP I think
<14> as I can stop offensives UDP Flood? I am becoming crazy
<15> I'm using a debian stable machine and am using a script "firehol" to create an iptables firewall. Works great but all of iptables output is being sent to standard output. How can I get this to go to /dev/null ? or a log file, or just stop it?
<11> That's a shell issue, not an iptables one. "script > /dev/null 2>&1"
<15> sorry to be a pest but the script is being started from init, from my default runlevels, how can I get it to start the script with the > /dev/null 2>&1
<11> Okay, that's an OS issue. Not knowing your distro, I don't know.
<15> debian stable 2.4 kernel
<16> edit the script?
<15> i'm trying, but I'm pretty new at this, thanks for the suggestions though
<17> do you mean the logs are getting echoed to the console?
<17> if so, that's a syslog config issue, or you could use a different --log-level in your log rules
<15> yeah, that's what it looks like
<15> i'll look into that thanks
<17> or, even better, you could -j ULOG instead of LOG
<17> <3 ulog
<13> ulog is nice
<15> yeah, everything that is getting sent to /var/log/syslog is coming out on standart output, only when I'm not in a gui though
<15> where would I change the log level
<15> somewhere in /etc/ i'm ***uming
<13> hmmm
<13> sounds to me like something isn't backgrounding correctly
<17> syslog can be configured to echo certain loglevels to the console. I occasionally get messages about non-fatal hardware failures on my console, and sometimes it does the same thing with iptables logs.
<18> RH systems it's sysctl.conf to stop logging to the console I have kernel.printk = 2 3 1 7 to stop loging to the console this might help if i understnad you correctly http://lists.samba.org/archive/linux/2002-January/001726.html
Return to
#iptables
or
Go to some related
logs:
syengry, sourceforge
#gentoo
divx/xvid + ubuntu
hwo to upgrade debian kernel
curl unable to set private key file
Class::DBIX Contextualfetch Class::DBI error
IO Multiplexing
site:www.quotesdb.info gentoo emergePackageError
#linux
ssh_exchange_identification: Connection closed by remote host squid
|
|