| |
| |
| |
|
Page: 1 2 3
Comments:
<0> Thanks
<0> :)
<1> yeah I figured it might come down to /etc/hosts
<0> :)
<2> helo ?
<2> hmm
<2> help ..
<2> :(
<3> re
<4> iptables -A INPUT -s * -d 127.0.0.1 -j DROP i dare anyone to insert that command
<5> in what directory?
<4> insert /me slaps himself
<4> i dare anyone to run that command
<6> hmm
<5> any reason? it's not proper syntax...
<6> is it possible to forward traffic with iptables and also process it on the target machine
<5> process it how?
<4> danieldg, its still gonna work
<4> it did on a friends box anyways
<6> i mean machine a connects machine c and the traffic is forwarded to machine b also
<5> XandriX: no it won't
<5> rza: maybe using --tee with -j ROUTE? not sure what you want it to do
<4> danieldg, explain
<5> XandriX: did you escape the * or did you let the shell do substitution?
<4> let the shell
<5> then it depends on what files are in the current directory
<5> oh, and it still won't do anything if you have other rules
<4> he had none
<4> and had a file containing ip adresses
<5> it would just be the filename. Anyway, what happened? It would just block communication with localhost, which causes some annoying problems
<4> yes
<7> danieldg: how resources consumptive are these rules?
<7> danieldg: if I were to split my machine into a bunch of VMs using xen, should I be able to nat maybe 6 through a single "Intarweb-facing" host?
<5> I think so
<7> alrighty. I've been noticing a lot of network lag recently...
<7> I'm curious where it's originating...
<7> maybe it's just that I've got four people using what was just being used by me. and 10 or so other folks :)
<7> I'm thinking of moving my box to a colo building walking distance from my house...
<1> iptables v1.3.5: host/network `*' not found
<1> (That's what I get running "iptables -A INPUT -s * -d 127.0.0.1 -j DROP" in an empty directory.)
<8> rob0: the * gets shell-expanded
<8> rob0: omit the "-s *"
<8> rob0: leaving out the source is the same as stating "from all sources"
<1> Thank you, I am well aware of that, I was replying to someone else.
<9> hi
<10> salut, JoelG.
<9> maxine, hi
<10> hey, JoelG.
<9> jejejeje
<9> i have a problem
<1> maxine: who are you?
<10> i am the bot?
<9> boot
<9> alguien habla espaol?
<1> And poor JoelG thought this was a friendly channel :)
<1> Not much on Spanish, but I can read iptables. :)
<9> how iptabless forward pop
<9> jejejej
<9> english very bad
<9> rob0, thanks
<3> OMG! PONIES!
<11> where?
<3> in mij pants
<12> Im looking to setup my box so that it can only be accsessed by ssh from 2 ips, and drop all others, now i think i got it, but i dont want to end up shutting myself out too.
<13> Is there somewhere I can go to get logs from this channel?
<13> I got help yesterday and I can't remember a command.
<13> http://pastebin.com/711826 (this is ifconfig output from a box with two nics... boxa/eth0 is connected to the internet[I'm talking to you through eth0]..and I do "dhclient eth0" when the two nic box starts, and I set a boxa/eth1 as static(10.0.0.1)...Now boxa/eth0 is connected to the internet...boxa/eth1 is connected to a switch(all my cables are straight cat5e)...
<13> Now I have boxb/eth0 ... which I typed as root on this box... "ip addr add 10.0.0.2/24 dev eth0" and I did "ifconfig eth0 up" and "ifup eth0" ...
<13> boxb/eth0 is also connected to the switch...and I want boxb/eth0 to connect to the internet through boxa
<13> When I do "ifup eth0" on boxb...it just hangs for a long time...so I control c it...and do "ping 10.0.0.1" on boxb...and it says network can't be reached
<1> I met Bob Dole once. Shook his one hand and said I had relished every opportunity I had to vote against him. :)
<1> But I think he's a funny guy.
<1> What have you done so far, Bob?
<1> aweidlich: numerous ways to do that. What did you try?
<13> rob0: What I said so far.
<13> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ; echo 1 > /proc/sys/net/ipv4/ip_forward
<13> And I did that...(as root on boxa)
<13> I think I need to do the route command on boxb...but I can't figure out the syntax after reading the man page a few times
<13> route add default gw 10.0.0.1 is what I need to type on boxb...let me try that.
<1> yes, you need to tell it that 10.0.0.1 is its default gateway. What OS is the 10.0.0.2, ah Linux I guess.
<1> that would do it
<1> ip route add default via 10.0.0.1
<13> **** yet
<13> yea*
<13> it works
<13> wow, I've never gotten this to work...I'm so happy.
<1> :)
<13> Now I can filter traffic to the network...and use iptables/snort
<13> 10.0.0.2 is RHEL AS 4
<13> 10.0.0.1 is Debian GNU/Linux etch
<13> 10.0.0.1 > 10.0.0.2
<1> OK, well each of those has its own ways of configuring networks, you really should look at the distro docs to do things "right."
<13> yea, I wish they all used /etc/network/interfaces
<1> I think there are files in /etc/sysconfig/network usually.
<13> RHEL AS 4 doesn't have that.
<13> And some boxes don't have ip...they only have ifconfig
<1> They all have it if it's installed. :) IMO it's worth the trouble to get it.
<1> (Of course iproute2 is Linux-specific, whereas route(8) and ifconfig(8) have a more standard interface across other Unices.)
<13> yea, I have a cl*** full of PIII machines I can **** around with all summer.
<13> So I thought I would try and learn non-windows networking...and mess around with SNORT and clustering stuff
<1> You'll want a DHCP server to help manage things. It's easier than manually setting routes and static IPs.
<1> Snort doesn't much interest me.
<13> Well it's kind of nice in a larger network.
<13> If you have thousands of machines.
<13> And there is some windows exploit/virus
<13> If you can create/get a hash and put it in SNORT's block rules...then you can protect your network significantly better.
<13> but it's not foolproof
<13> I dunno anything about it really...but I'm interested.
<1> Ah, maybe that explains my disinterest. I don't care to get into Windows security ... an oxymoron!
<13> yea, I wish I didn't care...but other people use windows...and I have to help them.
<13> So this helps me help them.
<13> I've been using debian for a few years now, without using windows at all...I just never had more then one machine...so I couldn't play with networking.
<13> But now I have 30 machines...I'm excited...I put solaris 10 on one, gentoo on another. opendarwin is being installed atm...I have RHEL as4, debian, freebsd, openbsd, and dragonfly
<13> I'm looking for other interesting os's to put on...(free[beer])...but I can't think of any good ones.
<1> Oh my! No networking! That was why I got started in GNU/Linux in the first place.
<14> heh you can play with networking with one physical machine using virtual ones
<13> yea, but my machine is too slow.
<1> true, user-mode Linux is tons of fun.
<1> How slow is slow? How much ram?
<13> I run ion3, no gnome/kde even. I don't have the mem/cpu resources.
<13> 64 megs of RAM and 400mhz processor
<1> RAM is tight, but CPU is plenty for UML.
<1> anyway ... I'd suggest picking a distro you like and learn it well, rather than looking at all of them.
<1> I specialize, almost all Slackware.
<1> I never really saw a need to shop around.
<13> rob0: I know Debian GNU/Linux well.
<13> rob0: I'm not shopping around, I've been using this few a long time now.
<13> I'm just installing differents oses to learn some of the basics and figure out how to install packages/admin them
<13> Which dhcp server should I choose out of all those that debian has... http://pastebin.com/711938 ?
<1> I use ISC dhcpd, but dnsmasq might be a good choice too. Easier to manage anyway.
<15> Hi, If I use "-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT" in my firewall, this effectively *cancels* my firewall, right ??
<5> pretty much. It doesn't touch INVALID packets though
<15> oh thnx, finally I get a reply from #iptables :)
<15> So, the bad part is the 'NEW', right?
<5> yes, usually you will want to filter all NEW packets
<15> Thanks a lot. One other thing, I am trouble shooting a server which works great all day long, but sometimes (5 minutes or so), it doesnt respond to any connections, not even LAN pings!!! Any idea what might be causing that ?
<5> any other activity on the server at the time (very high system load maybe?)
<15> acually, it's not my own server. This is the first thing I thought of too ... CPU load .. anything else to check for ?? (How would you debug this!)
<5> maybe excessive hard drive load or something. First step to debugging is to be able to trigger it
<15> so excessive load, can actually drop reply to LAN pings, or just delay them ?
<5> I wouldn't think it would do so, but it might be possible.
<15> hmmm .. do you know of any tool that would run all day on the server to monitor loads & such and record/report them?
<14> simple shell script ?
<5> sure. I ***ume you've already checked syslog during that time?
<15> ah! yeah I can do that
<15> danieldg: yeah .. nothing at all
<14> snmp/mrtg ?
<15> don't have much experience with these, though I should ..
<15> what would mrtg be able to monitor ??
<14> whatever you can provide to it with snmp
Return to
#iptables
or
Go to some related
logs:
times new roman openoffice yum install
python+goal difference
xubuntu averatec
#gaim
assembled from 2 drives and 1 spare - not enough to start the array
fc5 yum is broken
#math
windowmaker frameless
libnet ldap perl NOT Debian
#qemu
|
|