| |
| |
| |
|
Comments:
<0> can i block for example port 80 (all the internet) and give access to .com.ar sites that are using port 80?
<1> yes
<2> how? You can't do a rDNS lookup on every packet. Only an HTTP proxy could do that.
<1> you need squid for that
<3> I have a iptables set up as router with NAT, but I have a problem: On my web server, all visitors appear as coming from a local IP (the one of the router) !
<2> I think about a week ago I told you that you need a separate SNAT rule for each of the NAT'ed DMZ hosts. And I still don't see how doing that is any better than just using the real IP's and routing them.
<3> rob0: I have created SNAT rules
<0> Rawplayer: i need squid for that?
<0> isn't iptables a http proxy?
<1> no..
<0> how do i stop nat?
<0> without rebooting
<0> the os
<0> stop or remove the nat rule or whatever
<2> You've been here more than 2 hours, after saying you didn't have time to RTFM. Do you consider your time more valuable than ours?
<1> delete the rule
<0> Rawplayer: how
<1> with the delete option?
<3> I have the following rules : http://pastebin.ca/58189 I created the POSTROUTING rules so I can correctly request the NAT'd public IPs from my internal network, but now only the internal IP of the router appear's in the apache logs of the webservers, how can I do both at the same time?
<3> I tried ading "-i eth1" to "-A POSTROUTING -d 192.168.0.10 -p tcp -m tcp --dport 80 -j SNAT --to-source 192.168.0.1" so that the public IPs appear in my logs expect for local requests, as explained here http://iptables-tutorial.frozentux.net/chunkyhtml/x4013.html
<3> But I get the error : Can't use -i with POSTROUTING
<4> hello :)
<4> ticallion => hi :)
<5> Hey, how do I respond to a connection request with an ICMP redirect?
<5> Any ***istance is really appreciated.
<6> I don't know of any target that'll do that, I'll do that in userspace with either QUEUE or new NFQUEUE target
<5> Can you point me in the right direction (document or quick example)
<6> depend in what language you want to code the extension
<5> So basically, you're saying write code that just generates the ICMP redirect... how does one trigger that using iptables?
<6> I told you, using QUEUE(deprecated) or NFQUEUE targets
<5> Thanks.
<7> Is there a target that says 'use target FOO until X bytes matched this rule and then use target BAR' ?
<8> yes
<7> and the name of the target is ... ?
<8> http://luxik.cdi.cz/~devik/connbytes/ more up to date patch should be available somewhere
<7> thanks !
<9> hello... exists any "regex" module ?
Return to
#iptables
or
Go to some related
logs:
overlength date field
fglrx.ko needs unknown symbol pm_register
#math
rsync space in filename
#web
suse 10 play dvd
#perl
#ai
#physics
perl comparing structures
|
|