| |
| |
| |
|
Comments:
<0> hello every one
<0> can some one tell me how can i block all trafic and allowed trafic from "mac address" which are allowed
<0> i use these lines
<0> iptables -I INPUT -p all -m mac --mac-source 00:04:AC:16:27:9B -j ACCEPT
<0> and iptables -I INPUT -p all -j DROP
<0> but it will drop all of my connection :(
<0> what to do
<1> gug
<1> hi rusty
<2> gug
<3> gug
<1> gug
<4> hello. is there any way to remove specific entries from connection tracking table?
<1> on Linux 2.6.14+ there is
<1> by using the 'conntrack' tool
<1> and you need ctnetlink support enabled in the kernel config
<4> Hidden: Thank you very much. I will try:-)
<5> any way i can set up more than one user space program that reads from the queue target?
<5> when i try more than one, i get, not surprisingly, device or resource busy
<6> When I try to access a service hosted on my network, from the outside, my linux router forwards the appropriate ports to the respective machines. But when I try accessing anything using my public IP address from a host inside my LAN, what I get is a response from the router.
<6> I'm wondering if this is something that can be fixed by using netfilter/iptables, or what.
<3> you want to read section 10 of the netfilter NAT howto over at http://netfilter.org/
<6> Gandalf_: Thanks.
<7> i am in need of some help hacking the ip stack.
<7> can anyone point me to a better suited channel (that's currently populated)?
<5> mattcole: i think you're better off actually asking a question
<7> ok... I would like to virtualize the IP stack, giving managed access on a per-user basis
<7> essentially creating VLANs that pool to use the same resources
<7> and i have no idea where to start, other than reading the 100 lbs of literature i have sitting on my desk
<6> Gandalf_: I don't fully understand. Can you please give me a hand? (the URL is http://netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html )
<3> redondos: the thing is that you have to make sure the reply packets go back through the router so it can un-NAT them, otherwise the machine that initiated the connection won't have a clue what to do with the packets
<3> redondos: you can do that by SNAT'ing the packets so they look like they came from the router
<6> iptables -t nat -A POSTROUTING -p tcp --dst 10.0.0.5 --dport 80 -j SNAT --to-source 10.0.0.1
<6> That's what I tried, being 10.0.0.5=HTTPSERVER and 10.0.0.1=ROUTER
<6> What am I doing wrong?
<3> that should work
<3> if you have a DNAT rule that actually sends the packets to the webserver
<3> iow, it doesn't just match packets from the outside
<6> Hm... The forwarding is being done, but I'm still having the same problem. Here are the rules I'm using:
<6> iptables -t nat -A POSTROUTING -p tcp --dst 10.0.0.5 --dport 80 -j SNAT --to-source 10.0.0.1
<6> iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j DNAT --to 10.0.0.5
<6> iptables -A forwarding_rule -i $WAN -p tcp --dport 80 -d 10.0.0.5 -j ACCEPT
<5> how can i make more than one program read from netfilter's queue?
<6> Gandalf_: Disregard those few rules I just pasted. Please answer me this: to be able to achieve this I will have to have a PREROUTING rule that matches packets with -d $PUBLIC_IP?
<6> Gandalf_: So basically I need to re-run my firewall everytime my ADSL IP address changes.
Return to
#netfilter
or
Go to some related
logs:
avidemux ubuntu no sound output -compiling
/var/log/messages numa
#mysql
#gentoo
neither /dev/thinkpad nor
fluffypony
ubuntu quod libet m4a
#perl
linux convert a relative path
#ai
|
|