| |
| |
| |
|
Comments:
<0> probably because RTFM is still seen as something of an insultive/rude term ;p
<0> rather than just saying, have you read the docs for it ;)
<1> But ... to be successful at this stuff (free software in general) you have to be ready to dig in and get your hands dirty. It cannot be handed to you on a platter, like it appears to be in Windows.
<1> ("Success" in Windows is meaningless.)
<0> indeed
<0> mail servers being a good example
<1> Mail was perhaps the most complicated thing I've learned, even more than firewalls and routing.
<0> im fairly confident with iptables now, im just not very good at the weird kinda maths involved in something like rate limiting
<1> I don't mess with rate limits. I don't think either -m limit nor -m recent do true rate limiting.
<1> But I guess you know that.
<0> they just seem to confuse.. limit involves averages so im not really sure how that plays out if not a sustained attack (but still more frequent than desired)
<1> There's also --limit-burst.
<0> the way the help reads, they seem tied/related to one another
<0> bbs
<2> hi. i want to do this rule with iptables: incoming tcp packet (port 3724) forwarding to $ip (port 37240). i tried something with dnat, but it didn't work. can anyone help me?? (my rule: iptables -t nat -a PREROUTING -p tcp -i eth0 --dport 3724 --to $ip:37240 -j DNAT)
<1> Let me guess ... $ip is on the same subnet as the original incoming interface?
<1> We get that here at least 10 times a week if not more, which is why /topic says, "having NAT issues?"
<2> no $ip is an public ip
<1> Okay, second guess: you're not ACCEPTing $ip:37240 (TCP) in FORWARD.
<2> i accept it in foward
<1> Wait, where exactly *is* $ip? Not local to you? I think we may be back to a variation on guess #1.
<2> ip = 83.149.115.138, so it's not local
<1> and 83.149.115.138 replies to the original IP, which says "WTF? I don't know you! I was talking to $orig_ip on that port! Go away and let me talk to $orig_ip!"
<1> s/orig_ip/your_ip/g
<1> So, you have to SNAT *and* DNAT that traffic. See /topic, "having NAT issues?"
<2> hmm
<2> i'll try something
<2> so i have to accept the port 3724 in the forwarding chain too?
<1> no, just the rewritten one.
<2> ok
<2> is anywhere a log file where i can search my fault?
<1> You can put in -j LOG rules, then it goes to your kernel logging.
<2> ok
<2> ok i'll try it another time... thank you for help
<2> bye
<3> hard__ware: hey
<4> does anyone know if I use DNAT to forward packets to multiple ips
<4> if one of the ips goes down or is refusing and sends an ICMP packet back, will iptables not use that ip, or will it re-route to a working ip?
<5> hi
<5> where is the log of iptables ??
<6> in /var/log/
<6> in /var/log/messages
<5> Rawplayer: thank you :)
<7> how can i get rid of this? DNAT tcp -- 0.0.0.0/0 80.219.77.180 tcp dpt:27015 to:192.168.0.40:27015
<7> why does -F not get rid of redirects?
<7> crap
<8> and god said let there be light
<9> trappist: meh. I'm sure it will be fine if folks don't like it :)
<9> thanks rob0
<10> Can anyone recommend a good set of iptables rules for a server?
<11> not enough information. it depends completely on what you're doing with the server.
<10> Just hosting some websites; I'll also have a custom TCP server running, and sshd
<11> short answer: drop everything, then specifically allow what you want allowed.
<10> thanks
Return to
#iptables
or
Go to some related
logs:
mplayer-essentials
bash neq: binary operator expected
Cannot find $EPATCH_SOURCE! xgl
guestos=openbsd
#math
#perl
#kde
#perl
#css
mechanize LocalAddr
|
|