| |
| |
| |
|
Page: 1 2
Comments:
<0> RE
<1> ae
<1> I need to make my tunnel ssh -L 8080:X.X.X.X:80 be ***essible in my local network with iptables. Some one help me?
<1> |local| --------->8080 |local with ssh -L 8080:x.x.x.x:80| ----------->80 |remote|
<2> I suspect what you want is a -j REDIRECT rule.
<1> i'll try
<1> no
<1> the ssh tunnel is accessible only in local machine, but i need to make accessible form my local network
<0> o_O
<1> do you speak portuguese?
<0> no
<0> do you speak dutch?
<1> no
<3> hello. i did some recent upgrading, and after a reboot, i am not getting internet connectivity on my lan
<3> for some reason
<3> i can't figure it out
<3> but i have full access from my server and my iptables-save looks good.
<3> right now i'm VNCing to the server. this machine is dead in the water, internet-ally speaking :)
<4> If I have no ports fowards on box...is there a way I can control this box remotely while not in the local network?
<3> hi, anyone around?
<4> Steve973, I am but I know nothing about iptables
<2> Steve973: check the NIC drivers and NIC configuration.
<4> If I have no ports fowards on boxa...is there a way I can control this boxa remotely while not in the local network? Is it possible to have boxa inside the LAN with no ports fowarded...connect to boxb which is outside the lan. Then just connect to boxb and admin boxa from there. So boxa connects to boxb and gives access to a root shell to boxb
<2> sid: your question makes no sense to me.
<4> Is it possible to admin a box remotely that has no ports fowarded? I want the box to connect to me...and wait for my commands.
<2> to connect to you? Not you ssh in?
<4> right, I can't ssh in as no ports are fowarded(I don't have access to the routers)
<2> http://www.goes.noaa.gov/ECIR4.html (looks like a Debian logo on the northeast :) )
<4> I have access to a box once a week(a box with no ports fowarded)...How can I setup the box so I can control it the other 6 days of the week.
<2> sid: hmmm, strange. I suppose it would be possible.
<4> I have access to other boxes that I can foward ports on...but I want access to this box. So maybe this box could connect to another box...and just await commands...and when I want to I connect and tell it what to do.
<4> I could put some irc trojan on it...but that's limited and stupid.
<2> can the other boxes reach the isolated one?
<4> I want to have root ssh.
<4> rob0, no
<4> This one box is isolated in a LAN with no ports fowarded.
<2> root ssh is bad. :) ssh as non-root and use sudo or su.
<2> But it has Internet access?
<4> Well yea, I guess normal user ssh...as long as I could esclate my privileges with su if possible.
<4> I essentially just want ssh...except it connects to me and waits...instead of traditionally where I connect to it.
<2> This isolated box can connect outbound to the Internet?
<4> yes
<2> :) openvpn
<4> Isn't that with X?
<4> I don't want gui stuff
<2> no
<2> In fact I set one up much like that. It's all isolated on a subnet by itself.
<5> ignoring (:
<6> < sid> Is it possible to admin a box remotely that has no ports fowarded? I want the box to connect to me...and wait for my commands. <-- rrs (reverse remote shell)
<6> too bad he left
<2> What would you have suggested? I have one like he described, no direct access, but it makes an openvpn connection and I ssh through that.
<2> I even used openvpn to ssh through an evil "2wire Homeportal" router a/k/a mangler. Stupid PoS kills every TCP connection every 60 seconds! But openvpn (udp) worked smoothly.
<6> openvpn is overkill for a simple remote access, rrs does the deed
<6> http://www.cycom.se/dl/rrs
<2> The isolated remote box also runs Samba through the VPN.
<2> Does the rrs shell exit if the client disconnects?
<3> rob0, are you here?>
<3> i saw your suggestion. the nics seem to be fine, but there doesn't seem to be routing between them
<3> for instance, i can get to the iptables box without a problem, and from the iptables box, i can get to the internet fine, as well
<6> rob0: the session ends, next time the client will get polled you'll be able to re-open a shell session
<6> if you screen the client's session you got a permanent shell
<7> Hello all. The question of the day - how to route DHCP?
<6> using stuff like bcrelay ?
<7> The idea is to route to the server in Xen virtual machine.
<7> I'll check out this bcrelay, maybe it'll be what I want.
<6> Description: Broadcast relay daemon
<6> The bcrelay daemon relays broadcasts between two interfaces. It is shipped
<6> with the pptpd package, but can be used for other purposes.
<7> Still, a daemon in the dom0.
<7> So it is an attack point. If I wanted a daemon in the vm controller, I'd place the well-tested dhcpd there.
<6> ethernet bridging could be a solution too
<7> I'd have to convert my iptables rules to work with it... It is an option though.
<6> doing it's own bridging in userland with ipqueue, another (fun) one
<6> s/it's/its/
<7> matth_: 3 interfaces -> 1? it isn't possible with ipqueue I think. At least not easily.
<6> "easy" is quite subjective ;)
<6> ipqueue can help you doing broadcast relay between interfaces with cool scripting languages
<7> Let's see... I'd have to write in C.
<7> Anything compilable, at least.
<6> just evaluate the possibility I gave depending on your needs/skillz, and do what you prefer
<7> I'll try that bridging firewall. Hope it'll work out well.
<2> matth_: rrs+screen is a cool idea, thanks for the tip.
<6> yw
<2> AStorm: there's also a proxy, I think it's called dhrelay or something like that.
<2> I've never used it
<7> I don't trust any servers enough to place them in dom0.
<6> (oh yep, dhcrelay instead)
<8> hello, I think that my provider is slowing my connection down if my computers are behind a router. when for example I access www.google.com with my router, it is extremely fast, but if I do a www.google.com with one of mine intranet pc's, I notice a lag of 3 or 4 seconds
<8> could it be the dns slowing me down the reponses based on the ttl?
<7> ruied: it's possible to set up something like that.
<7> Anyway, you can change the TLS of the packets on their way.
<8> tls? (I whas trying widh ttl...), what is tls?
<7> ttl, sorry, brainbug :P
<7> Too much thread programming lately :P
<8> AStorm: I was trying to change the ttl value at the mangle table... but I didn't notice any difference... what is the default ttl value? where shall I put it, at the $WAN interface? I'll p*** to here just my ttl line...
<7> You can measure the default TTL with LOG target :-)
<8> ah, ok.. :) going to try it
<8> do I need to load any module to have the mangle table ? (it's reporting the error: No chain/target/match by that name)
<7> You have to.
<2> iptable_mangle, for one
<7> (or alternatively compile it into the kernel)
<8> ok! :) thank... for now going to try as a module...
<8> I've loaded the module (it appears at the insmod output) and tryed: "iptables -t mangle -A PREROUTING -i $WAN -j TTL --ttl-set 64" but it reports the same error "No chain/target..."
<7> You haven't loaded the TTL target.
<8> hmm... don't understand... I normally use iptables, but never worked with mangle and ttl... I'm missing something here...
<7> Yes, iptables ttl target.
<7> :-)
<7> modprobe iptables_ttl maybe?
<7> or iptables_mangle_ttl
<7> I'd have to check.
<8> :) ok, going to take a look
<2> ipt_ttl in my 2.6.15
<2> no, that's ipt_TTL
<8> worked with ipt_ttl
<6> ipt_ttl is the matcher module only
<7> ipt_mangle_ttl maybe? Heck, use the module autoloading :-)
<8> ipt_TTL dowesn't exist (kernel 2.6.18-bf2.4 debian)
<8> ok
<6> you probably need to get it from pom
<7> 2.6.18? wtf?
<8> wtf?
<6> (he meant 2.4.18 of course)
<7> There's no ipt_TTL in 2.4.18 I think. He'll have to use PoM
<8> ah, it's 2.4.18, not 2.6. ... :)
<8> is it better to change to 2.6 ?
<7> I guess, unless your hardware is incompatible. But you never know... :-)
<2> 2.6.16?
<2> 2.6.16 is the development branch :)
<2> 2.6.16?
<9> 2.6.16 is, like, the development branch :)
<7> maxine: nope
<9> AStorm: sorry...
<7> 2.6.16.16 is stable, currently :-)
<7> The rule is simple - wait 2 weeks before updating (or not) to the next 2.6.x
<7> patch releases don't count.
<8> I think it wouldn't be a problem... (well, my processor is a litle bit strange... cyrix mediaGX 180MHZ) :)
<2> Ah, I missed that part of it. :)
<2> 2.6.16.16?
<9> 2.6.16.16 is stable, currently :-)
<7> Usually the first patch release is stable.
<7> Except 2.6.15, where they broke USB.
<2> did they? I haven't run into that yet.
<2> I guess there went my uptime :)
Return to
#iptables
or
Go to some related
logs:
is coding is so funny
use yum offline
master nested backquotes
#perl
libstdc++ scalix
semodule can't read file
#css
#perl
webmail msg.php
perl recursive chown
|
|