| |
| |
| |
|
Comments:
<0> Can anyone tell me where packets which are DNAT'd get de'DNAT'd in the filter chain?
<1> hmmm, not sure. They're not de-DNAT'ed in filter. Use the NAT'ed address (and ports, et c.) in filter.
<2> you could try sticking LOG rule everywhere, with distinct log-prefixes, and see where it changes. I'd guess it's before mangle POSTROUTING, but just a guess
<0> Well, I'm playing with the fwmarks and I see them getting set in the mangle prerouting chain but my match on them in ip rule is missing them somehow.
<0> I guess that comment was a bit of a nonsequitor.
<0> This is iritating, the marks do not travel accross session flows. So HTF is one suppose to be able to route on the return of DNAT'd packets.
<3> Anyone got a moment to give me an idea on ulogd-2.00beta1? I've got 2.6.16 kernel running with NFQUEUE and LOG over NFNETLINK enabled, but configure throws this:
<3> checking for libnetfilter_log/linux_nfnetlink_log.h... no
<3> configure: error: libnetfilter_log Version 0.0.11 or later needed
<3> Did I miss something obvious?
<1> http://www.netfilter.org/projects/libnetfilter_log/ ??
<3> rob0: if it's there, I'm not seeing it - I even checked the svn repos to see if anything stood out...
<3> ulogd-1.24 is logging fine over NFNETLINK via LOG target, so I know it's there (and working)
<1> you have http://www.netfilter.org/projects/libnetfilter_log/files/libnetfilter_log-0.0.12.tar.bz2[.sig] ?
<3> I'm curious about the version issue - this beta has been out for a while, but I've never bothered to try and build it until now; I just ***umed (yes, I know) that 2.6.16 would have the needed stuff
<3> Hmmm... okay, maybe that's where I'm going wrong - I was under the impression that it was integrated in the kernel source...
<1> No, it's a separate thing.
<3> Damn dialup
<3> I missed everything after < rob0> No, it's a separate thing.
<1> Here it was just you rejoining. :)
<3> But trying to build that gives same error... I guess I need a newer version of netlink
<1> (I replied to the comment about Windows/vmware in that other channel. :) )
<3> heh
<1> "That's funny, I have no desire to run Windows. The things I need are much better on Linux. And I certainly can't fault developers for not answering support request emails! *I* don't have the time to explain everything to anyone who asks, and I'm not a developer."
<1> "I do some user support, but I do have to draw the line and get my own work done."
<4> gug
<3> Okay, I'm resigning this tonight - I've installed libnfnetlink-0.0.14 and libnetfilter_log 0.0.12; still nogo
<5> gug
<6> Attack!
<6> Attack of the clones!!
<6> tty56*: Why do you keep attacking this channel?
<7> how do .ladd files work ?
<7> nvm I found it
<6> you have 25 lines of tc..
<6> Drag0n : You seem to have come to the bad side of peer?
<6> nbd: I think its basicly the same as non-bridged ... you don't need to nat, even though you have no bridge.
<7> looks like ECHANNEL
<7> I love netfilter so much, I wish I had time to do some programming in it
<8> I wish I had time to program more, these days it's just a few lines here and there
<7> you're too efficient :)
<6> I have become too stupid and lazy to code.
<6> What about you guys?
<6> Work 2mush?
<7> unfortunately
<7> I've been doing so much bash-programming these days that it sickens me
<6> heh
<7> I'm building a custom debian install CD with the intent of reinstalling our entire serverpark
<8> using FAI?
<7> using preseed
<6> I get the hunch you want to install debian on them.
<6> :-)
<7> most have debian :)
<7> just not the version I want
<6> You want potato?
<6> nah
<6> no netfilter
<7> we have potato
<7> among the more up-to-date systems...
<6> You want woody+
<6> you don't have hamm OR slink+
<7> sarge :)
<7> I have slink
<7> not hamm
<6> slink == no security..
<6> debian 2.1, right?
<7> no comment
<7> hmm not sure about the version number
<7> potato is 2.2 then ?
<6> sometimes: cat /etc/debian_version
<6> I think it is, yeah
<6> and woody they wanted to make 3.0 already!
<6> Just like when they went from 1.3 to 2.0 (hamm)
<6> I wonder if there will ever be a ".5" OR later of debian .-P
<7> I suppose they don't like to do half a job
<7> haha </shoot me>
<6> HEHE
<7> x_tables breaks a lot of the pom patchlets :/
<9> underestimatement!
<7> I'm forced to go back to 2.6.15
<6> ok
<9> breaks which ones?
<6> netfilter works not for bridge at all?
<9> works for me.
<7> well, I try to get these working: h323, rtsp, mms, ipp2p, pptp
<7> I only got ipp2p to work
<7> and that's after quite a large amount of patching :)
<7> after more patching, I got everything to compile
<6> WHY NOT SIP?
<6> SORRY FOR CAPS
<7> but when I load the modules, I get unresolved symbols
<6> darn caps lock
<9> heh
<9> i can load the modules, but they "just don't work" :D
<7> sip instead of h323 ?
<6> yeah
<6> or both
<7> :)
<7> I'm not sure why we even need h323
<9> h323 is what...?
<6> gnome-meeting
<9> mpeg4 streams?
<7> meeting stuff
<7> netmeeting or so ?
<9> video then
<9> http://en.wikipedia.org/wiki/H.323
<6> Xteven : netmeeting is the devil
<6> the spawn of Satan
<7> thats why I need h323 in netfilter, so I can block the devil more efficiently
<6> h323 is a phone protocol.
<7> we have those modules loaded in our current masquerading servers
<6> Xteven : keep up the work.. I sure don't waqnt the devil in my 3com lan switch ,-)
<7> if I stop loading them, all 20K users might complain
<7> I need to setup a compilefarm
<6> could be fun 8)
<7> compiling kernels is timeconsuming
<10> http://pastebin.de/5537
<10> what do you think might be wrong here ?
<10> ppc, radeon 9600, ubuntu, hand compilled r300 drivers
<10> from cvs
<10> on main x server dri seems to be enabeld, riinfo says so, glxgears also does not look bad
<2> michal`: I think you may have the wrong channel
<10> ayyyyy
<10> sorry !
<10> was to be #xorg....
<10> just have spotted where i am
<6> Have you considered placing a temporary ban on tty56* ?
Return to
#netfilter
or
Go to some related
logs:
#mysql
pure-ftpd ubuntu sources.list
asrock dual sata 2 sensor ubuntu
Ubuntu error kernel package: 'linux-386'
ubuntu java-package multiverse sources.list
pure-ftpwho error
unmasking amsn
chapaquitic neck brace
change array keys
#math
|
|