| |
| |
| |
|
Page: 1 2 3
Comments:
<0> Hum
<0> i usually do it at Windows...using a proxy...like wingate or analogx
<0> but at Linux, i can do it with squid...and iptables i think
<0> but i dont know how
<0> h3h3
<1> You want a SOCK5 proxy? No, I'm pretty sure iptables can't handle that.
<0> HTTP , POP3, SMTP ..just it
<0> i think i can do it
<0> but i would like to know if someone have done it
<1> I don't understand why you want a proxy. It doesn't make logical sense.
<0> yes
<1> You have INTERNET <-> FIREWALL/ROUTER <-> Internal machines. The firewall/router just needs to have NAT enabled for the internal machines to access everything on the Internet.
<0> its just for study
<0> i wont use it ;p
<0> i know
<0> but i would like to know how2do it
<1> You can't have just one port. There would be no way for iptables to figure out where to send the packet, either.
<1> iptables can do transparent proxying, OR it can do port forwarding, but it can't do both to the same packet. There just isn't enough information in an IP header to do that.
<1> If you have an iptables box out on the net (1.2.3.4) and a client (2.3.4.5) connects to it at port 6588, from port (any port), then all that iptables knows is the two IP addresses and the two port numbers. Now, the destination port could be encoded in the source port, but there would be no way to encode the destination IP address.
<0> let me read what u wrote
<0> hummmm
<0> i've got it
<0> so it mean that must use a proxy like squid
<0> it means*
<1> You can't proxy it at the IP level -- at best, you could tunnel it, but iptables doesn't handle tunneling. So, yes, you need some kind of proxy.
<0> hehe
<0> man
<0> thaaaaaaaaks 4 the patience ;) ai2097
<1> Sure.
<0> =)
<0> how u cant see, i'm a newbie....yet =D
<2> I'm trying to set up a linux machine as a gateway for my other machine, yet I'm unable to ping through it..
<2> Can anyone help me out? :)
<2> output from ifconfig, iwconfig and route is here: http://channels.debian.net/paste/2049
<3> weedar: what is your iptables config?
<2> Nielsen, what file are you referring to? (sorry for the slow reply, I was in the shower)
<3> weedar: if you run iptables-save what output does it give you?
<2> Nielsen, http://channels.debian.net/paste/2050
<3> err... is wlan0 your internet connection?
<2> yes it is Nielsen
<2> It should still be possible to share it?
<3> yeah
<3> weedar: you might want to turn off the DROP lines, untill you get it working
<2> Nielsen, I'll do that =)
<3> the trick would be to remove your restrictions untill you find the fules you need for forwarding to work, then add the restrictions around it, while testing
<2> I'm trying to set up iptables to use a debian machine as a gateway, but when trying to ping the outside from another machine I get 100% packet loss - even though I have no DROP-rules at all
<3> weedar: try this: echo 1 > /proc/sys/net/ipv4/ip_forward
<2> Nielsen, it's already set. I'm unable to see what's preventing me from pinging the outside
<3> i got no idea
<2> Thanks anyway :) (you've been the most helpful yet)
<3> try clearing it, then adding the masq rule only
<3> or check if the gateway can ping whatever host you want the client to ping
<2> I've tried pinging from the gateway, that works
<2> dumb question, but how do I erase the entire iptable ruleset?
<3> iptables -F
<4> MI
<2> of course, I actually knew that *feels stupid*
<5> anybody got any recommendations for a 2+ port gigabit nic card?
<3> i saw a broadcom card a few months ago...
<3> gigabit, 4x
<5> where?
<3> hold on, let me look again
<3> i found a 3Com Gigabit Fiber-SX Server NIC
<3> ah here is something HP NC150T - PCI - EN, Fast EN, Gigabit EN - 10Base-T, 100Base-TX, 1000Base-T - 4 ports
<3> http://h18004.www1.hp.com/products/quickspecs/12056_na/12056_na.html
<2> any reason why "iptables -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o wlan0 -j MASQUERADE" results in "No chain/target/match"-error?
<6> weedar: you need a -t nat; there is no POSTROUTING in -t filter
<7> l0l0l this place is more crowded then i would have tought
<2> Ah, thank you danieldg =)
<7> .. i have two ethernet controllers, and i would like to move all azureus traffic (port 27489 or something) over eth1
<7> and the rest over eth0, how can i accomplish this?
<6> you might be able to DNAT to certain IPs, but that sound like someting more for routing
<6> eth0 and eth1 are both links to the internet?
<2> Ah, how annoying. I read something very pertinent to routing bittorrent just a few hours ago - but I can't remember what :/
<7> danieldg: yes
<2> main2: main iptables and search for ipp2p - I think it's somewhat what you're looking for
<6> main2: you might be able to do what you want with routing, maybe by using the MARK target; see the howto on lartc.org
<6> ipp2p is mainly for detectiong P2P stuff, so it might be useful here, but it sounds like you already know the port
<6> *detecting
<2> Indeed it is, my bad
<7> using MARK target.. hmm lets see -> doesnt seem to be easy..
<6> I think what you want can be done just with iproute
<2> I'm unable to ping from my computer via my iptables-using Debian box - Can anyone take a peek at my iptable config? http://pastebin.com/598395
<2> I'm able to ssh from my computer to this "gateway", but ping gives me a destination unreachable error
<6> weedar: you are trying to ping to the internet from a host being NATed by this debian box?
<2> danieldg, I guess that could be the reason..But I'm unable to see what I've done wrong..Even if I have read various IPtables howtos and faqs
<2> What do you suggest?
<6> weedar: well, I'm just trying to firgure out what you are trying first
<6> check if ip_forward is 1
<2> it is
<6> anything showing up in the log?
<2> what log?
<6> look at dmesg
<6> you're logging stuff with that config
<2> nothing show up in dmesg
<2> *shows
<2> Hm, that's odd
<2> But still, I'm unable to find a fault with the ruleset
<6> I can't find any problems with the ruleset either
<2> Well, at least it's not just me then =)
<2> if it's worth anything, the command I try from my computer is "ping -I eth0 www.vg.no"
<2> I'm specifying the use of eth0, because wlan0 is the currently-used interface for internet-access on this machine
<2> But I don't see how that should have anything to do with anything. Especially since all that means is that /etc/resolv.conf actually contains the correct dns-adress
<6> does it work without the -I?
<2> well, yes, but then it uses the wlan0 interface
<6> why don't you want it to do that?
<2> because the wlan0 interface (on this computer) is unstable
<2> so in theory I don't need to set up the debian box as a gateway, but I want to learn
<6> you need to set up your routes correctly then
<2> But I can't see what's wrong
<2> And if you can't either then...there's no hope?
<6> no, I think the problem is not with iptables, it's with the routes
<2> Here's the output of "route" -> http://pastebin.com/598430
<2> I would think that last line routes all outgoing packages via 192,168,2,1 (which is the router that the debian machine is connected to via wlan0)
<6> yes
<2> I'm running out of options as to what the issue can be
<6> the packets you send out eth0 aren't being forwarded to the internet
<2> but why don't they get logged
<2> hm
<6> because they don't even reach the computer
<2> but I don't see how, as I'm able to ping the debian machine with the command "ping -I eth0 192.168.0.1"
<6> yes, because it's on the local network
<6> you don't have a gateway for the internet via that interface
<2> but on my computer's /etc/network/interfaces I have under eth0 - gateway 192.168.0.1
<2> which is the IP-adress of the debian machine
<6> it's not configured in your routes
<2> on _my_ computer?
<6> isn't that the one that http://pastebin.com/598430 is from?
<2> no that's the debian one
<2> the gateway
<6> ok, sorry, got them confused
<2> I should have been more clear, so it's actually my fault =)
<6> what does your route table look like?
<2> on the client computer(THIS computer), http://pastebin.com/598453
<2> ah, the line before the last one is probably the culprit
<2> don't you think? It's referring to the client computer's IP (192.168.0.2) instead of the debian machine (192.168.0.1)
<6> one of the last 2 lines is probably wrong
<2> I'll try removing and see how that works out
<2> I really miss route's manpage included examples of how to remove routes..
<6> ip r d http://pastebin.com/598453
<6> oops
<6> try ip r d 0.0.0.0 via 192.168.0.1 dev eth0
<2> That results in "RTNETLINK answers: No such process"
<6> oh, try 0.0.0.0/0
<2> good news: It worked. Bad news: I didn't catch the typo, I should have remove the x.x.x.2 rule instead
<2> as 192.168.0.1 is the IP of the debian machine (the gateway)
<6> oh, just use ip r a 0.0.0.0/0 via 192.168.0.1 dev eth0
<6> then delete the other one
<2> RTNETLINK answers: File exists
<6> ah, you already have a default route...
Return to
#iptables
or
Go to some related
logs:
ubuntu dotdeb move to dapper
#lisp
#fedora
#centos
videolan RHEL4
la commande timport
emerge kstartupconfig
#web
cannot allocate resouce region 4 pci
#ubuntu
|
|