| |
| |
| |
|
Comments:
<0> My IPTables log output is in English. (i.e. Jan, Feb, Mar, etc) Is this a function of a system setting or is this a function of an IPTables setting. In either way is there a way to tell what locale is being used when the logs are created? Thanks
<1> That's the OS, specifically the glibc.
<0> so the iptables logs are DEPENDENT on the glibc settings?
<1> oh hmm, now that you mention it I am not sure. iptables itself doesn't do the logging, just p***es on to the klogd / syslogd.
<1> but the IN= OUT= stuff is English
<0> There is a reason why I ask. I'm writing some BASH Code that pulls data out of the logs. Specifically the MONTH is my concern. I'm converting the month values to numerical.. Like Jan=1 etc. To do that I match "Jan". THe problem is I need to know if say a user has a system in french will it still be "Jan" or will it be the french equivalent
<1> Oh the dates, that will indeed be controlled by the syslogd which is controlled by glibc.
<1> so my initial answer was right for you.
<0> with that said.. is there some file that lists what the Month values are for each different locale?
<1> hmmm, I wouldn't know
<0> hmmm
<0> there anyway to change the output of the iptabels logs so it doesn't output the text version of the month, but the numeric?
<2> that would be a setting for syslog (unless you're using ulogd)
<0> I'm using syslog-ng... I wouldn't even know where to begin looking
<1> Check your distro docs on l10n
<0> thanks... have a good night
<3> hi
<3> please help
<3> Applying iptables firewall rules: iptables-restore: line 40 failed
<3> that line says commit
<4> that usually implies that you are tryint to use a match or target that you don't have the kernel part of
<4> s/tryint/trying/
<3> so i am missing a module?
<4> probably
<4> unfortunately the error-reporting is quite bad :(
<5> gug
<4> gug
<6> gug
<7> gug
<8> gug
<9> hi gandalf, hidden, octavian, regit
<5> hello LaF0rge
<10> wb, xkr47 !
<7> thx :)
<7> I forgot my automatic reboot command :)
<5> :)
<5> jengelh: ?
<11> well, 2.6.17-rc1 is out, and uh... i'm still waiting for a working tproxy release :)
<11> not to annoy you, but at least bring it into some state I can debug
<12> hi, do any of you draw network layouts for presentations sometimes ?
<12> if you do, what software produces some nice images ?
<11> Xteven: Microsoft Word 2000.
<12> hmm :/ I don't have office or word
<5> Xteven: dia, although the images won't be that nice
<5> Xteven: the nice thing is it can export to EPS, so that I can include vector images in the presentation
<12> yup, I've been using dia aswell since I like the way you can connect lines to other stuff
<12> I'm actually looking for nice pictures to use, because I want to automatically generate a picture of our network layout using graphviz
<5> Xteven: some free SVG cliparts can be found on openclipart.org
<5> Xteven: even some network symbols http://www.openclipart.org/cgi-bin/navigate/computer
<13> i'm having trouble, I want to make linux's nat code behave more like a restricted cone nat, than a port resticted cone nat, is there any pointers to docs on this, google is failing me.
<12> Hidden : thanks, I'll have a look at it :)
<12> restricted cone nat ?
<12> you mean, only NAT packets coming from certain interfaces ?
<13> xteven: well what i mean is not rewriting the port, if at all possible.
<12> ah
<13> we're having problems with nortel contivity vpns, not sure why they aren't working even in NAT-T mode
<12> I'm afraid I can't help with that
<12> darkskiez : I'm not sure it would be wise to not rewrite the port
<13> i'm not talking about always, i'm talking about 'best-case'
<12> right now, I wish I knew how to navigate through the netfilter code :)
<13> there used to be a /proc file with the nat reserved port range, i think it was 50000 or 60000ish
<13> i was trying to find the code that did the rewrite to see how it picked the port to use
<12> all I can find is /proc/sys/net/ipv4/ip_local_port_range
<12> but that doesn't have anything to do with NAT I think
<5> darkskiez: that was ipchains, there's no such proc file in iptables
<13> Hidden: thanks, thought i was going mental :)
<5> darkskiez: iptables tries to use the same port unless it's already used
<13> Hidden: Ooooo, cool!
<13> Hidden: So theres no reserved port list thing i can tweak then?
<5> darkskiez: no
<13> Hidden: do u know what source code file its in so i can have a nosy?
<5> start with net/ipv4/netfilter/ip_nat_core.c ip_nat_setup_info() and specifically get_unique_tuple()
<13> Fab, thanks
<13> You dont happen to have any experience with nortel contivity vpns?
<5> although the code may seem to be a bit complicated unless you happen to know what the specific structures are used for
<5> darkskiez: unfortunately not
<13> We do internet access for a few hotels you see, and some of their customers are walking out coz their vpns aren't working
<13> - always nortels
<5> i have absolutely no experience with that
<5> but with proper NAT-T support it should even work in case the port number gets mangled by iptables
<13> called nortel, and they are like, talk to a reseller, you dont have a contract with us.
<13> they use some propriatary nat-t thing
<5> _that_ may be the problem then :)
<13> if u google for them you find almost every broadband/router company has had to release a firmware update to support them.
<13> Thompsons release notes says they had to tweak their NAPT algorithm.
<10> Hello!
<5> hi
<14> has there been any change in the status of the patch that will add NAT to the new netfilter interface?
<15> is there any way to disable ip_conntrack when it's built into the kernel (not a module)?
<15> the conntrack table runs full... but i'd like not to increase its size, because of resource usage
<15> i'd rather disable it
Return to
#netfilter
or
Go to some related
logs:
#web
checking for X... configure: error: Can't find X includes.
gentoo System.map not found - unable to check symbols
#php
splash-Option
#php
#math
x2100 centos5
#fedora
s/foo/bar/1
|
|