| |
| |
| |
|
Page: 1 2 3 4 5
Comments:
<0> how should i do that
<0> i`m not very good at iptables
<1> You want to limit at the output chain of THIS machine or in the input chain of THAT machine ?
<1> You say "to", so I ***ume in output, ok, here
<1> /sbin/iptables -A OUTPUT -o eth0 -p tcp --syn -m connlimit connlimit-above n -d 10.194.29.18 -j REJECT
<0> i have a little network, and i want to limit the number of connections to my users
<1> Maybe I wrote something wrong, didn't look it up, but the iptables syntax should be fine.
<0> ie. ip 10.194.29.18 gets 100 connections
<1> /sbin/iptables -A OUTPUT -o eth0 -p tcp --syn -m connlimit connlimit-above 100 -d 10.194.29.18 -j REJECT
<0> ip 10.194.29.20 gets 50 connections
<1> /sbin/iptables -A OUTPUT -o eth0 -p tcp --syn -m connlimit connlimit-above 50 -d 10.194.29.20 -j REJECT
<0> thanks
<1> Maybe eth0 should be changed to your device too.
<1> np
<1> gn8
<2> right
<2> i just reinstalled iptable and i get the same error
<2> any ideea what else i can try ?
<2> danieldg
<3> sorry, gtg
<2> cheers
<2> where is your mate ?
<2> he **** up my iptables rule and now he left
<4> Takes a lot of nerve to say such a thing about someone who tried to help.
<5> hi
<5> i am having problems setting up a rule to restrict incoming ssh connections to trusted ips
<5> anyone that can help me out?
<6> render1: -A INPUT -p tcp -s <ip-address> --dport 22 -m state --state NEW -j ACCCEPT
<5> hrmm
<5> lazydog can you take a look at my rules-save
<5> http://pastebin.ca/38954
<6> sure
<5> a friend helped me set this up this far
<5> i am clueless on iptables
<6> just having issues with 22?
<6> ssh?
<5> thats all i want to allow to come in
<5> from a few ip ranges
<6> ok are you trying to alloow the whole subnet in?
<5> well my buddy is on DHCP so i think i have to?
<6> try this: -A INPUT -p tcp -s 71.82.170.0/24 --dport 22 -m state --state NEW -j ACCEPT
<6> that will allow the whole subnet of 71.82.170 in
<7> when i make a router out of a server 2 network cards, should the internal (receiving from network) interface have the external (sending to internet) interface set as gateway?
<5> so i need to allow udp as well?
<5> so=do
<6> ssh is tcp
<5> excellent
<5> so i can remove the other 2 rules i already had?
<5> -A INPUT -s 71.82.170.0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
<6> yes
<5> cool will try it
<6> ThePiratemaster: the gateay will be definded in the routing talbe
<6> ensure you have forwarding turned on
<7> routing table can be found where...?
<5> now what if i just want to allow a specific IP?
<5> that worked btw :-)
<6> replace the 71.82.170.0/24 with just the ip address that you want to allow through
<5> cool, thank you very much
<7> im using shorewall, iptables didnt make much sense to me unfortunately
<6> yw
<7> where can i find this illusive routingtable yuo speak so greatly off :P
<6> route -n in a terminal
<7> can i paste 3 lines?
<6> sure
<7> Destination Gateway Genmask Flags Metric Ref Use Iface
<7> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
<7> 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth2
<6> only one card in this machine?
<7> as i specified alot of firewall rules and policies in shorewall O_O
<7> no there are 2 more
<7> but eth0 and eth2 should be used
<6> what does ifconfig show?
<7> eth2 in the external one
<7> i just ajusted interfaes
<7> lets c
<7> only lo and eth2
<6> so the rest haven't been started yet
<7> i just started eth0
<7> i predefined so settings
<7> *some
<6> which interface is the route to the internet?
<7> pasting 2 lines
<7> 0
<7> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
<7> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
<7> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
<7> collisions:0 txqueuelen:1000
<7> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
<7> oops :S
<7> eth0 Link encap:Ethernet HWaddr 52:54:05:E4:AA:01
<7> inet addr:192.168.1.31 Bcast:192.168.1.255 Mask:255.255.255.0
<7> there
<6> few questions
<6> which interface is the one that leads to the internet?
<7> eth2
<6> what subnet mask are you using on your interfaces?
<6> opps i see it already
<7> but first it's connected to another network
<7> 255.255.255.0
<6> cl*** C addressing
<7> yes
<7> its a cl*** c network
<6> you;'ll need to use a different address range on one of them
<7> that'll be eth0 then
<6> cool that would be fine. just to keep from stopping routing
<7> cl*** A adressing, how was that again (10.??.??.??)
<6> that's the private one yes
<7> but how was the adressing again ( i forgot)
<6> 1982.168.*.* is cl*** c private address zone
<7> i mean the cl*** A
<6> so use 192.168.1.* on eth2 and 192.168.2.* on eth0
<6> first 8 bits
<7> i need to use cl*** a or b on the network of eth0 right?
<6> no you can use c there as well
<7> ah that way
<6> see above
<7> okay
<7> so the eth0 address should be 192.168.0.1
<7> (eth2 has 192.168.1.30)
<6> yes it could be
<8> Hello all, can someone suggest a method to route to different interfaces (on the same network) based on packet types (ie flags or protocol,etc)
<7> and the machines behind eth0 should also have 192.168.0.x
<6> ThePiratemaster: YES
<7> got it
<7> on it
<7> tnx
<6> NP
<6> omi what are you trying to do?
<6> example
<8> Lazydog, I guess I want to set up flow-control such that I have >1 interfaces connected to the same network and packets that are destined for that network and go through a router would be sent out different interfaces
<8> Blue-Steel, well they were using TV as a good weapon for a long time, praise complacency
<6> load balancing is what you are trying to do
<7> oh i almost forgot. what should i set the defualt gateway to in eth0 (192.168.0.3)
<8> well, I guess
<6> it is and i don't think that can be done with iptables
<8> but more like load-ballancing by the protocol
<8> such that if I have packet of some protocol, it goes through a specified interface
<6> ThePiratemaster: to the same ip address that is ***igned to the eth0 on your router
<6> omi: not sure if that is possible
<8> :(
<9> :(
<8> Lazydog, still here?
<8> I've heard of a tool called ebtables, what does it do?
<10> anyone alive and have a reason for iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE not working in ubuntu but works in debian to share internet access between 2 comps
<11> I need to simply limit one ethernet port of a bridge to 1.5MB/s, in FreeBSD we used ipfw with "ipfw add pipe1 from any to any out via eth0; ipfw pip1 config bw 1562Kbit/s", but I've been unable to find anything similar in iptables. I know it can limit bandwidth, but every guide I've seen focuses on prioritization and cl***ification.
<3> yes, because iptables does not actually limit the bandwidth; that is done with iproute2
<11> ok, that makes a bit of sense
<12> good evening
<12> The box that I'm using right now has two Ethernet adapters. one of them is connected to my cable modem (which is connected to the coaxial cable and delivers me internet service) via a CAT5 Ethernet cable and the other NIC is connected to another computer which is right next to me, via a crossover cable. What I want is to ***ign an IP adress to the second box (something like 1.0.0.1) via iptables. I know how to do this. But how do I portforward to
<12> this machine?
Return to
#iptables
or
Go to some related
logs:
#php
mdf2bin
gnome group similar disable
apt-get mod_dav_svn
#linux
pastebin ztod
test_ldap on apache2
#kde
autoflush Divert.pm
#css
|
|