| |
| |
| |
|
Page: 1 2
Comments:
<0> hello
<1> hi
<1> I'm looking for help : google isn't my friend anymore
<1> hum
<1> the fact are :
<1> I've an ircd (6667)
<1> a friend can only connect on 8080
<1> so I'd like to use iptable to make a *link* beetween 8080 and 6667
<1> but I've not been able to do :(
<2> REDIRECT on the ircd machine, or DNAT on a router upstream from it.
<1> router > I cant redirect from a port to an other with mine
<1> "REDIRECT on the irc machine" > what do you mean ?
<2> I mean the REDIRECT target as described in "man iptables".
<1> http://www.linuxforums.org/forum/linux-newbie/1029-iptable-redirect.html << I found that but didnt wok "bad argument 6667"
<2> My crystal ball can't guess what command you typed.
<1> sorry
<1> hum
<1> iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/16 -dport 8080 -j REDIRECT --to-port 6667
<1> bad argument 8080
<1> (i inverted 8080 and 6667 (shame))
<3> hey rob0
<1> iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 8080 -j REDIRECT -to-port 6667 returns me exactly the same error :(
<4> is there a way to follow logs of what iptables is doing?
<4> where does iptables log its info?
<4> !faq
<4> this channel needs a bot.
<4> ping -b
<4> lilo: mind if I put a bot in here?
<5> yes
<4> simonrvn: a'ight
<4> simonrvn: could I get a url to a faq?
<1> i've found :)
<5> /var/log/messages; /var/log/WhateverYourSyslogdIsConfiguredFor; /var/log/WhateverUlogdIsFonfiguredForIfUsingulogd
<1> iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-ports 6667 :D
<5> www.netfilter.org
<4> simonrvn: thank you!
<5> cj: i'd consent to a bot if trappist and ticallion consented to one. we haven't really discussed it. also i think it would depend on what kind of bot
<4> anyone know off the top of your head how to create a new log level?
<4> simonrvn: do you know purl?
<5> purl, in #BotPark? vaguely familiar with it. not too sure what it does but i haven't seen do nasty things
<4> no, purl from irc.perl.org's #perl
<4> go play with her for a bit. she's nice, and answers questions. for some value of nice.
<5> aah. no, never been there. only the #perl here
<4> you may feel free to review the code, but I'm a relatively trustworthy guy.
<4> ain't that true, lilo?
<5> sure
<4> I figure I can probably get the code to the bot from them. I wrote one in IRC::Perl a while ago, but I hear that the module has been deprecated/obsoleted since.
<4> I was thinking about maybe creating a context-sensative bot for #maxdb
<4> sensitive
<4> I might be able to get some hours set aside for such a task.
<5> well, until we've discussed it, it's pretty moot. but i'll ping trappist
<5> and see if i can gte hold of ticallion
<4> nah, I'll start developing for my channel, and I'll throw it on here if things sound okay for the other folks.
<4> are you one of the devs?
<5> sure, that's fine. no, just an interested party
<4> aren't we all? :)
<5> don't mind me =)
<5> heh, yeh :)
<4> do you know how to create a new syslog log-level?
<5> depends on your syslogd. and if you have any free facilities ;)
<4> just give me the line for /etc/syslogd.conf :)
<4> er, syslog.conf
<5> i'll give you an example... i'll have to dig one up, been a while since i played with sysklogd
<4> thank you, by the way
<5> you want to use local0 for this, or it's already taken?
<5> well, regardless:
<5> localX.* /var/log/ipt.log; you'll have to somehow direct your /dev/log data from iptables to there. i just use syslog-ng, and/or ulogd
<4> /dev/log data?
<4> simonrvn: is it painful to change from sysklogd to syslog-ng?
<5> not really. not on my distro, anyway. debian's default syslog-ng.conf matches the sysklogd one, so no biggie
<4> nice. I'm so glad I use sarge :)
<4> and how do you go about direct /dev/log to /var/log/ipt.log. do you have a url for a faq entry or somethign?
<4> maybe it happens when I install syslog-ng
<4> I feel old.
<2> cj: ULOG can do the direct logging you seek. Syslog-ng will basically do more detailed splitting of regular syslog() messages, so that would be a close approximation.
<6> hello my good friends
<6> I need some recommendations to start getting into the iptables, I would like to start creating my own firewalls using debian sarge 3.1 stable :)
<7> tutorial in the topic is good, albeit a bit lenghty
<6> anyone have a very "newbie oriented" iptables tutorial?
<6> danieldg, thank you I know I can always count in my nice population of IRC :)
<2> IRC is a poor substitute for knowing the basics. It's a good way to get answers to little questions once you already know the basics.
<2> Netfilter.org hosts the Packet Filtering HOWTO by Rusty, which is a good introduction too, and fun to read.
<6> rob0, nice I already print the one from oan, now I will go check that one you are talking about.
<6> rob0, and I completely agree with you i got the answers like the one you gave me, Packet Filtering HOWTO by Rusty :)
<6> but I will have fun mastering iptables
<6> I think that you can do a lot of things with iy
<6> it
<2> indeed
<6> yes
<6> rob0, thank you again, hey I was having a weird problem with an firewall linux base on rpm packages call smoothwall. have you heard about it?
<6> rob0, I think that iptables can create some kind of vpn ?? or that is something totally different?
<8> cj: I don't mind trying out a decent bot. promise not to get your feelers hurt if I don't like it, though
<2> trappist: something programmable, where we can put in answers to FAQs, would be nice.
<2> Ha, I was about to answer him.
<8> heh
<2> I like knoba, a bot on #postfix and I think some other channels too.
<8> something that points people to the topic when they wonder why their port forwarding doesn't work on the local network, and I'd be happy
<2> :)
<9> i'm reading the iptables tutorial @ http://iptables-tutorial.frozentux.net/iptables-tutorial.html and i understood that DROP just drops the packet and REJECT gives notice back....from the tutorial it seems to me that REJECT would be the better choice of the two in most circumstances as it is less likely to leave dead connections lying around...am i interpretting this correctly?
<10> vrolijk paasfeest allemaal
<10> en dikke eieren
<11> suppose i try to allow a connection to my machine that uses DROP by default for INPUT and OUTPUT (my machine also needs to answer in the same connection). Should I add a rule to OUTPUT to allow the outgoing packages or do i also cover the outgoing packages when I add a rule to INPUT that uses --ctorigsrc, --ctorigdst, --ctreplsrc and --ctrepldst of conntrack ?
<12> garo: INPUT is for INPUT only
<13> I have a very nice pipe for our company's servers but how do you all do QoS?
<11> WoodyWoodpecker: thanks
<12> SkramX: mark packages and write rules for doing qos
<13> any specifics?
<13> how do i mark packages? do you mean packets?
<13> *shrug*
<12> SkramX: try to use --set-mark
<13> hmmm.
<12> SkramX: Not really packages, more the connection
<13> so like a connection on a specific port/
<13> any good howtos/do you have an example?
<12> SkramX: Depends on your rules
<12> SkramX: Propably there are lots of good howtos, but read the manuals and try what you think is right, that way you learn more.
<14> hi, how can i redirect a certain(based on source port) udp packet through another gateway.
<14> i mean, I send udp packet, from computer A. computer B will change source address to itself, and send it to computer C. Computer C will act like a gateway, change source address to itself and send it to network.
<14> anybody?
<2> Sounds like a simple case of dual SNAT. SNAT at B, then SNAT at C. Personally I would choose to route to C and SNAT there only.
<14> thx
<14> but how do i route is default router is different?
<14> i have in route "default 128.220.228.232", but exactly packets from udp port 5211 should be routed to 10.8.0.5
<14> how can i do it?
<14> iptables -t nat -A POSTROUTING -p udp -o tap0 -j MASQUERADE -s 192.168.50.1/24 --sport 5211
<14> but if i do that on computer B, how can computer B know to exactly which gateway it should be sent?
<14> since 192.168.195.0 * 255.255.255.0 U 0 0 0 vmnet8
<14> 128.220.191.0 * 255.255.255.0 U 0 0 0 eth1
<14> 192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
<14> 10.8.0.0 * 255.255.255.0 U 0 0 0 tap0
<2> I think the " -s 192.168.50.1/24 --sport 5211" has to come before the -j .
<14> 192.168.10.0 * 255.255.255.0 U 0 0 0 ath0
<14> default 128.220.191.1 0.0.0.0 UG 0 0 0 eth1
<14> rob0: ok. i will do that
<2> did that give an error that way?
<14> mmm.. i didnt' actually try it.
<14> will try now
<2> I think you need to spend some time reading the LARTC howto.
<2> This is possibly more an iproute2 (/sbin/ip) matter than iptables/netfilter.
<14> it didn't work
<14> i read whole bunch of stuff, including that howto... spent 3 days trying to understand that.
<2> IP routing is not simple to understand. I'm still learning things.
<14> and it almost works.. that only thing is how to tell it to route it to exact gateway and not to default
<14> and i am pretty sure it can be done with iptables
<2> I think you need multiple routing tables, and an "ip rule" command to send your chosen traffic to the correct table.
<14> mm.. i will look into that.
<14> thanks, you might be right about using iproute, that is a better way ithnk
<14> think
Return to
#iptables
or
Go to some related
logs:
#web
/etc/conf.d/keymaps
nec multisync 75 ubuntu
Net Server LH4 SUSE
'XFree86-DRI missing' fc5
#linux
.xinitrc cannot execute binary file
#kernel
PC5470 Drivers
[uid].php.rar
|
|