| |
| |
| |
|
Page: 1 2 3
Comments:
<0> hey folks, I'm having a bit of trouble getting a range of IP's allowed. I'm attempting to do it via the command "iptables -A INPUT -p tcp -m iprange --src-range x.x.x.x-x.x.x.y -j ACCEPT" but it isn't recognizing the use of src-range. Any ideas? Thanks!
<1> what error are you getting?
<0> danieldg: "No chain/target match by that name"
<0> it's being caused by the use of --src-range, as taking it out corrects the issue
<1> try iptables -m iprange -h
<1> does that mention --src-range correctly?
<0> yes
<0> --src-range ip-ip Match source IP in the specified range
<0> (I already lookedi t up in man)
<1> you have the kernel module?
<0> I remember installing it, but I'll double-check..
<0> oh, right. I didn't install it; it's supposed to be built into the iptables module, which I installed
<0> entering "iptables -A INPUT -p tcp -m iprange -s someIP -j ACCEPT" and not using --src-range tells me that I must use src-range or dst-range, but when I do so, it does not accept it
<0> figured it out; it ISN'T built in in older kernels...
<2> hi
<2> wussup
<2> hello?
<1> well, everyone's asleep or something ;)
<2> I see
<2> I am on dire need for a firewall set up guidance
<2> :(
<1> well, you could ask and see if anyone wakes up
<2> what's a utterly minimal iptables to set up? I don't need nothing fancy at the moment just access to normal stuff, irssi firefox portage, amsn skype...
<2> the think is that I am clueless and If at least I have something working I could learn from there
<2> on
<1> http://daniel.6dns.org/info/iptables/
<2> and the confusing thing is that it seems that there are needed to types of files /etc/ini.t/firewall and /etc/conf.d/firewall
<1> (my site) it has a minimal script
<2> danieldg: which one is it?
<1> http://daniel.6dns.org/info/iptables/minimal
<2> there are a bunch of stuff
<1> down in the "Examples" section...
<2> wow, THATS minimal
<2> :
<2> )
<2> :)
<1> well, you said minimal ;)
<2> now... where do i put that?
<1> what does your /etc/conf.d/firewall look like?
<1> if it has a *filter, just put this there
<2> yeah that's perfectly fine... the thing is that the guides out there go at great lengh and become too complex for a neeb
<2> let me see
<2> danieldg: should I just erase what's in there and copy the minimal?
<1> sure. back it up if you want
<2> lol... I think I copied something extremely odd from Gentoo infrastructure... not even for a user
<1> but it might not be loaded right if it's not expecting this kind of file
<2> what kinda file
<1> this is an iptables-save ruleset, which is usually used to save and restore iptables rules on a reboot
<1> I haven't used gentoo, but I think that's correct for that file
<2> I see that your website has a lot of info... should I use it in order to learn about iptables and set up a robust firewall?
<1> maybe, although I'd recommend reading a tutorial for that - the one in the topic is good
<1> I just set up a bunch of examples of some simple situations
<2> in portuguese?
<1> no
<1> it's in english
<1> they want it translated into portugese
<2> now... what do I do with /etc/init.d/firewall?
<1> what is it?
<2> Gentoo apparently has /etc/init.d/firewall as well
<1> well, I don't know where gentoo restores its iptables ruleset
<2> what does that exactly mean? that it needs to restore the ruleset? Where is the ruleset supposed to be?
<1> some init script needs to load the ruleset
<1> That might be the job of /etc/init.d/firewall or /etc/init.d/iptables
<1> I load it in /etc/network/interfaces (use Debian)
<2> mm... ok i am asking in #gentoo on how to use this minimal set up
<1> if you need to, just chmod +x it and use it as an init script
<2> my iptables has something like this ---> http://pastebin.com/595797 should I use your's instead?
<2> apparently I have to put it in /etc/init.d/iptables
<3> Why would a block on 72.30.0.0/24 allow 72.30.133.25 to get through?
<1> nonam33: ah. looks good, just put the file where ${iptables_save} points
<1> setuid: because it's not in the subnet that you blocked?
<3> danieldg: What CIDR do I need here?
<3> /16?
<1> yes
<2> danieldg: it doesn't seem to pointing anywhere
<2> entoo on how to use this minimal set up
<2> http://pastebin.com/595797
<1> run iptables-restore thatfile, then run /etc/init.d/iptables save
<1> that's probably the easiest way to get it into the right file
<2> ok iptables-restore hanged so I ctrl+c then I run the latter to which I got this answer --> * Saving iptables state ... [ ok ]
<1> iptables-restore needs a filename or a file on stdin
<1> it shouldn't hang
<2> mm.. which one would that be? Your minimal iptables?
<1> yes
<2> aha
<2> so it's there though in /etc/conf.d/firewall
<2> why does it hang?
<1> did you run 'iptables-restore /etc/conf.d/firewall' ?
<2> wait I didn't chmod it
<1> don't need to
<3> danieldg: thanks
<2> aaahh I didn't do the whole thing
<2> let me try again
<2> ok now it returned
<2> ok now it looks fine
<2> when you said that it has to restore upon each time it reboots... what exactly means? Do I have to do something manually?
<1> no, that init script will restore it on reboot
<2> aha... /etc/init.d/iptables ??
<2> and what you gave me was the firewall right?
<1> yes
<2> ok
<2> danieldg: did I forget chmod -x somewhere?
<1> it doesn't matter now
<2> danieldg: like this ---> http://pastebin.com/595814
<1> looks good
<2> danieldg: apparently the thing is not started though
<2> /etc/init.d/iptables status * status: stopped
<1> doesn't matter
<2> really? is up and running?
<1> iptables isn't a service, it's a table in the kernel.
<1> you just showed that it's working
<2> ok apparently now like this /etc/init.d/iptables start * Loading iptables state and starting firewall ... [ ok ]
<1> iptables -L output shouldn't be any different, right?
<2> danieldg: this is what's showing now http://pastebin.com/595818
<1> yeah, that's the same
<2> ok
<2> mm.. so it's up and runnig :)
<2> so now when I am editing or making more robust which is the one I am supposed to change /etc/init.d/iptables or /etc/conf.d/firewall ??
<1> don't change /etc/init.d/iptables
<1> look at /etc/conf.d/firewall now - has it changed?
<2> nopw
<2> nope
<2> looks the same
<1> hmm, I don't know where it stored the firewall then
<2> what do you mean... oh here /var/lib/iptables/rules-save
<2> they told me
<1> oh
<1> just put scripts there
<1> don't touch /etc/conf.d/firewall - in fact, maybe restore it, I'm not sure what it's for
<2> danieldg: that's where I put your minimal firewall
<1> and it got copied into /var/lib/iptables/rules-save, right? (with different comments)
<2> yeah.. didn't hang this time
<2> danieldg: do I need a frontend to see how iptables is running? should I check the one's you reccomend on your website?
<1> no, a frontend is just for making a ruleset
<1> iptables -vL is all you need to see how it operates
<2> ok
<2> I think you helped me in the first step, now I have to learn it more and start applying thing right?
<4> hello every one
<5> Hi, is there any chance I could get some help with this?
<5> Mind answering my question?
<5> And hey L|NUX
<5> Anyway I'll toss it out there.
<5> I've got Debian installed and acting as a bridge using bridge-utils, now it seems to be working so I am ***uming this is like a routing problem. I just can't ping my gateway from my desktop (desktop -> switch -> wireless bridge -> gateway (dhcp server) )
<5> I can ping my desktop from the bridge and my bridge from the desktop, I can ping my gateway from my bridge but can't ping my gateway from my desktop like I said and I can't ping my desktop from any other computers on the lan.
<5> Heh
<5> Any ideas why?
<4> i need some help
<6> d3-fault: is CONFIG_BRIDGE_NETFILTER set?
<5> let me check
<5> yes
Return to
#iptables
or
Go to some related
logs:
dpkg: ../../src/packages.c:191: process_queue: Assertion `dependtry <= 4'
xvinfo + Unable to open display + mplayer
what is a hectogram?
wlan0 does not exist gentoo
ethtool smoothwall
wrieress
#web
knoppix qtparted UNIONFS busy umount
artsmessage cpu overload, aborting
ubuntu krfb reboot
|
|