| |
| |
| |
|
Comments:
<0> what do you use for b/w||system stats graphs? I have a mysql db which logs in X (minute) increments and want to make graphs of the data...
<1> SkramX: ntop is handy
<0> ntop doesnt do it from mysql
<0> thats real time or whatever.. inst it?
<1> SkramX: Yes
<0> yes what
<0> well..
<0> i need it to be able to get the info from MYSQL
<1> SkramX: Yes it is real time only
<1> SkramX: I'm not aware of anything that does what you want but you could script it fairly easily
<0> Im not too much of a coder
<0> heh
<0> But I shall look.
<2> hi
<2> someone has a router?
<2> does?
<2> a little honey router
<3> Hello , How can I redirect the traffic to a port on my server to a port on a server on a diferent network and make it look like it's coming from my server ?
<4> netcrash: use both SNAT and DNAT; the second link in the topic has details
<3> the problem ... 1 machine , 2 interfaces A and A:1 diferent networks... need to make that the packets that go to a server B look like they are from A:1
<4> ok, you can do that
<3> B will reply to A:1 and they should be made to look like they are from A
<3> easy to say that I can
<3> the problem is how
<3> :S
<4> iptables -t nat -A PREROUTING -d A -j DNAT --to-destination B;iptables -t nat -A POSTROUTING -d B -j SNAT --to-source A:1
<3> I made packets going to A dnat to A:1
<3> so simple
<3> :S
<3> You are so good...
<3> it worked
<4> glad I could help :)
<3> so simple I was writing it in 3 lines :)
<3> and wasn't working
<3> good night
<5> Hi, I'm having an issue with my firewall, I can't use NTP, although it should be enabled in the firewall scripts. The part of the script that does it is http://pastebin.com/560656 I'm using scripts from http://www.malibyte.net/iptables/scripts/fwscripts.html. Does anyone know what the issue could be with that snippet of code? (All if functions are true).
<6> kaitlyn: if you're just acting as an NTP client, you shouldn't need any special rules other than one to permit outgoing (or OUTPUT ACCEPT policy) and an INPUT for ESTABLISHED
<5> robw810: The firewall has DROP as OUTPUT policy, needing explicit permission for all types of activity.
<5> robw810: Also, this firewall is on a router.
<6> kaitlyn: in your rules setup, on the OUTPUT chain, is the source address going to be the machine's external ip address?
<5> Yes.
<6> and you don't need to allow incoming unprivileged ports for that - the state rule will cover the return packets
<6> Hmmm.. doesn't ntp use 123 as sport and dport?
<5> robw810: I believe the client uses a high port, not 123.
<6> nope, uses 123 -just checked
<7> The server *is* the client, 123 as both --sport and --dport, unless a nonstandard config is used.
<6> There's the problem
<5> o.o
<5> Ib didn't know a client could send or recieve on a privledged port unless it was root?
<7> it it not running as root?
<7> is
<5> rob0: The NTP client isn't.
<7> then how does it adjust the clock?
<5> And it only needs to run as root to set the system time, not to chech.
<5> check it*.
<7> oh, so you're not running ntpd as a daemon.
<5> rob0: No, using rdate.
<6> kaitlyn: I suggest popping a LOG rule at the top of the OUTPUT chain for udp dport 123 and see what hits
<5> robw810: Changed it so that it all used 123, that didn't work. Adding the log rule now.
<5> Nothing...
<5> IN= OUT=eth0 SRC=68.4.205.46 DST=172.19.89.22 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=1843 DF PROTO=UDP SPT=68 DPT=67 LEN=308
<7> rdate connects to an RFC 868 time server over a TCP/IP network, ...
<5> That's the only stuff coming up, and that's DHCP iirc.
<7> RFC 868 != NTP
<5> o.o... tcp...?
<5> Hey, it's port 37 too.
<7> I run ntpd everywhere. Very easy, and no worries about the clock.
<7> Even on dialup, eh?
<5> What is better about ntpd then a cron every few hours with rdate?
<7> (I would use it on dialup.)
<6> rob0: yeah, I have a second phone line, so it stays connected most of the time anyway
<6> There's a box inside the lan syncing with external time servers, and everything else here syncs with it
<7> And it helps keep time even if you're NOT connected.
<6> Having *accurate* time is not the primary issue - it's having *precise* time among everything here
<6> but yeah, the drift file is nice for when it's not connected
<8> kaitlyn: ntpd corrects clock drift, and scales back the number of server pings as time goes on -- reducing load on those poor, public 2/3 stratum timeservers.
<7> I do the same thing, one per site going to us.pool.ntp,org servers, others sync'ing from that one.
<7> A long time ago I did the cron thing with ntpdate, but when it broke I didn't know, and my clock was way off.
<6> kaitlyn: to kinda answer your question another way, if your time gets fubar'd somehow, a cron job will be adjusting it *a lot* - and that can screw with other things in your system when there are large changes in system time
<5> Like skipping cron jobs, etc.
<5> Hmmm.
<7> Sure, I don't need microsecond accuracy, but it is nice, and it's easier than making a robust cron job.
<7> It was cool to see those leap seconds in my logs recently.
<6> hehe; I didn't even think to look
<9> hello
<10> rob0: robw810: you used the ntpd -L bind to IP Patch before ?
<9> a want to block dcc connection to localnet trought iptables
<9> any suggestion
<9> ?
<6> hard__ware: I haven't used that flag -- you say it's a patch to ntpd? According to ntp docs, -L means "Do not bind to virtual addresses"
<6> hard__ware: either way, I haven't use it - some benefit we should consider?
<6> It's bedtime now, though, so more tomorrow :-)
<10> robw810: that allows it to binded properly to Virtual IPS
<10> not to specify one ...
<10> patch here ... -> https://ntp.isc.org/bugs/attachment.cgi?id=156
<10> i will post a RHEL patch in a sec
<10> here ---> v
<10> http://windy.zapto.org/rpms/NTPd/RHEL4-Compatible/
<11> derjohn: they are neither dump nor replace stuff in the header. they merely con
<11> urgs.
<10> looks like that patch has bugs... debugging now , and adding corrections =)
<10> damm now it just quits after it binds to the interface
<10> lol
<10> Segmentation fault
<10> well got it to work with loopback ... just no other ... yay
Return to
#iptables
or
Go to some related
logs:
#linux
glxgeras output frames
gentoo fancontrol
intel repo i945
skyking Skyking do not answer
#lisp
#lisp
gentoo essid sensor
#php
Relay access denied postfix smtp auth with sasl2
|
|