| |
| |
| |
|
Page: 1 2
Comments:
<0> Anyone mind lending me a set of eyes?
<0> I have a rule set thats working for a couple of machines, NAT'ed, and there is one that is not working. I have a feeling its a typo im missing.
<0> anyone mind helping me out?
<1> no
<1> if we dont know the problem we cant help
<2> I've been trying to switch to a centralized user authentication with ldap, somewhere in the middle, I began having troubles with my iptables scrip have any idea what may be causing this?
<2> previously I tried a plain NIS setup(unsucessfull), but did got into trouble there, so really don't know if it started there
<2> it just hangs
<3> hi folks
<3> does anybody knows of a success story with UDP forwarding and iptables (ebtables or whatever) in the special case where we want broadcast on a specific net be forwarded to another broadcast net ?
<4> hello there. i need to block all outgoing smtp trafic from my local network which is connect to a iptables (debian based) router. i only want to allow smtp trafic to exactly one external smtp server. how can i do that?
<5> block it in forward chain
<5> iptables -A FORWARD -i $laniface -o $inetiface --destination !10.0.0.1 -p tcp --dport 25 -j DROP
<5> something like that
<6> hello
<6> is there a way to limit the number of connections to the same host?
<5> what kinda connections?
<5> theres limit-match
<5> but for example with http it isnt very smart
<7> -m connlimit
<6> limit can limit the number of packets
<6> hm
<6> connlimit is in patch-o-matic?
<6> i don't remember reading about it in the manpage
<7> it's in my man page
<6> -_-
<6> weird enough
<6> I think i have the module compiled
<6> but I don't have any reference to it in the man page
<6> rob0: can you send me the relative section via privmsg?
<7> sure
<7> 24 lines
<7> BTW I didn't/don't patch. Stock Slackware-current.
<6> rob0: neither do I
<6> I wonder why the man page doesn't have any reference to connlimit
<6> i wonder what i'm doing wrong
<6> #-------
<6> iptables -I FORWARD -s 192.168.7.0/24 -m tcp -p tcp --dport 80 -m connlimit --connlimit-above 8 --connlimit-mask 24 -j REJECT --reject-with icmp-port-unreachable
<6> iptables: No chain/target/match by that name
<6> --------
<6> can someone figure out what i'm doing wrong?
<7> $ /usr/sbin/iptables -V
<7> iptables v1.3.5
<6> 1.2.10
<7> There are 2 parts to a match extension: the netfilter drivers and the iptables libraries. You've got a recent (enough) kernel and an old iptables.
<6> i see
<1> RE
<8> I am having a problem configuring forwarding, or routes, or something. I have a computer with two network cards, one is connected to the internet, the other connected to the local network. Local clients are getting dhcp addresses and can talk to each other, but they can't seem to connect to the internet. Can anyone help?
<8> oh, the computer itself connects to the internet fine (I am on it right now).
<9> local client ip fix or ip dynamic ?
<9> fyrestrtr:
<9> ...
<10> is there a more detailed view for iptables than -n .. I can't see the interfaces ..
<10> but I want to ..
<10> all the rules look the same .. 0.0.0.0/0 to 0.0.0.0/0
<11> -v
<11> maxine: show ruleset
<12> Please post the output of "iptables-save -c" or, if that is not available, "iptables -vnL" to a pastebin such as pastebin.ca, and tell us the resulting URL. Include the network setup if it is not immediately obvious
<13> hi
<14> i have a router and want to run an openvpn client on it
<14> i need port udp 4000
<14> what iptable rule do i have to set up
<14> ?
<14> iptables -I INPUT -p udp -dport 4000 ?
<14> something like that?
<8> I finally managed to get masquerading working on my iptables :) now how do I open up ports on my system so that other computers behind my box can connect to the outside world?
<14> where is my error in that line?
<14> iptables -A INPUT -p udp -dport 4000 -j ACCEPT
<14> it says bad argument 4000 ...
<8> how do I see a listing of my current rules?
<15> fyrestrtr: iptables -L
<8> can someone help me please, I am running around in circles trying to get my connection setup.
<15> sorry fyrestrtr I have to go
<8> I am just trying to open up port 25 to the internet, but only if the sending machine is 192.168.1.12, otherwise, drop the packet. Similarly, if an incoming connection is on port 25, redirect it to 192.168.1.12, otherwise drop it.
<16> i have iptables setup with the following rules, but when I do a port scan I get tons of open ports, what's up? http://pastebin.com/720776
<9> anyone have neverwinter night ?
<17> hi i have one question 85.155.x.x = 85.155/?
<17> nobody here?
<17> tlol
<17> everyone dead
<17> ok ill talk to my self
<17> hello mario what is your problem?
<18> yeah what is ur problem
<18> lol
<17> hi 85.155.x.x = 85.155/?
<18> erm not that i remember but possibly
<17> t16?
<17> 16?
<18> i dont know how that would be formulated exemple it would be used as a ban or drop command
<18> iptables -A INPUT -s 85.155.0.0/10
<18> woops forgot the -j DROP
<18> would block anything form 85.155.0.0 to .10
<17> yes
<17> my problem is last number thar represents netmask
<18> its a netmask
<18> erm gimme a sec
<17> yes its 16
<17> http://jodies.de/ipcalc?host=192.168.0.0&mask1=16&mask2=
<18> you could try 85.155/16
<17> yes tha is it
<17> what a stupid thing beeing unable to block a user from internet by his mac adress
<18> mariooliveira, u could
<18> if u can get his mac adress
<18> :P
<18> im pretty sure that
<17> i mean i just want to allow my mac address
<18> u just want to allow ur mac adress ?
<17> someone told me the oposite mac adress block only works inside my lan
<17> yes but from a remote pc
<18> well see
<17> we could make a litle test to make sure
<18> iptables -A INPUT -s x.x.x.x -m mac --mac-source x:x:x:x:x:x -j DROP would drop it
<18> and for a specifc port
<18> $IPTABLES -A INPUT -p tcp --dport 8000 -s x.x.x.x -m mac --mac-source x:x:x:x:x:x -j ACCEPT
<18> will only accept that ip with that mac adress on that port
<17> try this ssh 82.155.204.163
<18> dyou do -j DROP
<18> or -j REJECT
<17> you probably can get in
<18> *cant
<18> i cant get it atm
<18> network error connection timed out
<17> now give me your mac adress so i can allow it
<18> erm
<18> *thinks*
<18> i forget what it is and i forget howto check what my internet mac adres is
<18> :S
<17> in a stamp on modem
<18> meaning ?
<18> sorry im tired
<17> your modem has mac visible on a stamp
<18> unless u ment this dsl-159-40.aei.ca im a bit lost and tired
<18> i am far from that modem at th emoment lol
<17> ok tanks
<18> :S
<17> help testing my firewall
<8> where does iptables store its rules?
<19> fyrestrtr: kernel memory
<8> so you are saying that I have to manually enter all the rules at system startup, via a script?
<19> fyrestrtr: yes. there is iptables-save & iptables-restore binary to ***ist you in that task
<19> fyrestrtr: most of the time, the distro you are using provide a /etc/init.d script for such
<19> exemple: /etc/init.d/iptables save
<8> ah okay, sorry for the questions peejix -- I've just spent the past 4 hours trying to setup a server as a gateway, and I am just ... lost :( Everything is working okay (forwarding, masquerading) but I cannot figure out how to add some rules to the firewall for specific ports/services.
<8> on logging, how do I append the interface for which the packet has been logged?
<19> fyrestrtr: you cannot do that using a single rule. You need a rule for each interface you want to log and use --log-prefix to specify what interface
<20> correct me if I'm wrong, but the in and out interfaces, if applicable, are in every iptables log
<17> i need someone to help me test my firewall
<8> guys, can you please have a look at this http://pastebin.com/721110 -- I don't know if I'm doing anything wrong/right. I am trying to block everything, except SMTP port.
<8> then I would like to add additional exceptions -- basic policy is, block everything, only allows those that are listed.
<17> what do you see in a webouser https://marinadecascais.no-ip.info:10000/ ???
Return to
#iptables
or
Go to some related
logs:
#sed
python unscriptable object error
#linux
#ubuntu
what ports does kopete use
linux fedora core 3,full commands
firestart install
pymatlib latex
#ubuntu
#python
|
|