| |
| |
| |
|
Comments:
<0> I'm trying to extend a firewall script I hacked together a few years ago to do port forwarding.
<0> I can open the port without any problem, but I can't seem to forward the port.
<0> http://pastebin.com/598782
<0> Lines 104 & 105 is what I've been playing with.
<1> Well, that fix did not work. :(
<2> Hello
<2> I was wondering what would be the best setup for a server that will be hosting web services
<2> I only have one router to sit it behind
<2> and I don't have a separate pc for a dmz
<2> any ideas?
<3> how can i tell if my kernel has support for qos?
<4> Morning everyone. I have a public/static IP and I'd like to forward a port to one of my internal machine. How can I do that?
<5> Is it posible to block all the trafick to a specific IP except the echo (ping) replay?
<6> hid3: read documentation, then ask a more specific question please ;)
<6> heka: yes it is possible
<5> Nielsen: can you point me to some howto`s to make that?
<6> here's a hint: -d <ip address> -p icmp -j DROP
<5> Nielsen: let me try it!
<5> that must be like this: iptables -A output -d 193.111.197.150 -p icmp -j DROP , am I right?
<5> 193.111.197.150 = the IP I want to block :)
<5> Nielsen: after adding that rule Im getting ping: sendmsg: Operation not permitted when trying to ping
<5> I want to allow the ping replay and block all the rest of trafic
<7> heka:
<7> do you want to block ping requests from local machine to 193.111.197.150 ?
<7> if you want to prevent ip 193.111.197.150 from pinging you then its iptables -A INPUT -d 193.111.197.150 -p icmp -j DROP
<5> I want to allow the ping request from localmachine to 193.111.197.150 and block all the rest of trafic
<7> then why are iptables -A output -d 193.111.197.150 -p icmp -j DROP doing that?
<7> that blocks ping requests from local machine to that ip
<7> are you sure you just dont want to block icmp replies to that machine? or do you have some specific reason to prevent your user(s) to ping that machine?
<5> because Nielsen told me!
<7> nielsen told you to block pinging that ip?
<5> rza: I want to allow the users to ping that IP but deny them tu use any service on that IP
<7> then you want somethin like this
<7> iptables -A OUTPUT -d 193.111.197.150 -p !icmp -j DROP
<7> translates to "block everything else but icmp"
<5> rza: that must be OK!
<5> rza: let me try
<8> hello ive make a firewall script and now i want test it can somebody tell me how i can do it
<7> debianubs: what do you want to test?
<5> rza: that`s what i wanted, thank you man
<7> from some remote machine do "nmap youriphere"
<8> how secure it is ive already used the symantec test ad now i want try another
<7> give me your ip
<7> ill port scan you
<8> mom
<6> rza: ah my darn keyboard.. didnt get the ! in the line i gave him
<6> thats what i get for typing fast
<7> of course it didnt
<6> the mighty errors of a simple char
<9> Is it correct that conntrack matches on mark, so if I change the mark, conntrack won't match?
<7> hmm, i think the connection will stay in tracking tables
<7> not sure thou
<9> I have the problem with ftp, specifically
<7> please state the nature of your computational emergency
<9> My iptables mark the incoming packets with mark 1, and the outgoing packets aren't market
<9> Marked, even
<9> For most things this works, return packets from the outside are allowed in
<9> But for ftp only the control connection is allowed, ip_conntrack_ftp never seems to match the data connection
<7> hmmm
<9> And my theory is that it's because I use mark
<7> put your rules online
<9> http://pastebin.com/599467
Return to
#iptables
or
Go to some related
logs:
gentoo [Errno 30]
1and1 php5 htaccess utf8 .ini
#web
recompile linux microtouch HID
Enjoyi.com
error konqueror application/octet-stream root
nvidia ubuntu server
#web
substack alaska
ubuntu cant open display
|
|