IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.86 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-16
[10:24]<-- sgvgzs xzs fuyv (>/dev/brain")
[12:04]<drvvx_>hi folks
[12:06]<drvvx_>does anybody knows of a success story with UDP forwarding and iptables (ebtables or whatever) in the special case where we want broadcast on a specific net be forwarded to another broadcast net ?
[12:58]<ran>hello there. i need to block all outgoing smtp trafic from my local network which is connect to a iptables (debian based) router. i only want to allow smtp trafic to exactly one external smtp server. how can i do that?
[13:02]<-- svgvsdyzgjvr xrs>/dev/null")
[13:19]<eer>block it in forward chain
[13:20]<eer>iptables -A FORWARD -i $laniface -o $inetiface --destination !10.0.0.1 -p tcp --dport 25 -j DROP
[13:20]<eer>something like that
[13:21]<drcj-srdr>hello
[13:21]<drcj-srdr>is there a way to limit the number of connections to the same host?
[13:23]<eer>what kinda connections?
[13:23]<eer>theres limit-match
[13:23]<eer>but for example with http it isnt very smart
[13:25]<zj20>-m connlimit
[13:25]<drcj-srdr>limit can limit the number of packets
[13:25]<drcj-srdr>hm
[13:25]<drcj-srdr>connlimit is in patch-o-matic?
[13:26]<drcj-srdr>i don't remember reading about it in the manpage
[13:26]<zj20>it's in my man page
[13:26]<drcj-srdr>-_-
[13:27]<drcj-srdr>weird enough
[13:27]<drcj-srdr>I think i have the module compiled
[13:27]<drcj-srdr>but I don't have any reference to it in the man page
[13:28]<drcj-srdr>rob0: can you send me the relative section via privmsg?
[13:28]<zj20>sure
[13:29]<zj20>24 lines
[13:30]<zj20>BTW I didn't/don't patch. Stock Slackware-current.
[13:36]<drcj-srdr>rob0: neither do I
[13:37]<drcj-srdr>I wonder why the man page doesn't have any reference to connlimit
[13:52]<drcj-srdr>i wonder what i'm doing wrong
[13:52]<drcj-srdr>#-------
[13:52]<drcj-srdr>iptables -I FORWARD -s 192.168.7.0/24 -m tcp -p tcp --dport 80 -m connlimit --connlimit-above 8 --connlimit-mask 24 -j REJECT --reject-with icmp-port-unreachable
[13:52]<drcj-srdr>iptables: No chain/target/match by that name
[13:52]<drcj-srdr>--------
[13:53]<drcj-srdr>can someone figure out what i'm doing wrong?
[13:54]<zj20>$ /usr/sbin/iptables -V
[13:54]<zj20>iptables v1.3.5
[13:55]<drcj-srdr>1.2.10
[13:55]<zj20>There are 2 parts to a match extension: the netfilter drivers and the iptables libraries. You've got a recent (enough) kernel and an old iptables.
[13:56]<drcj-srdr>i see
[14:17]<zzwffzdnz>RE
[16:13]<pdznsvzvz>I am having a problem configuring forwarding, or routes, or something. I have a computer with two network cards, one is connected to the internet, the other connected to the local network. Local clients are getting dhcp addresses and can talk to each other, but they can't seem to connect to the internet. Can anyone help?
[16:13]<pdznsvzvz>oh, the computer itself connects to the internet fine (I am on it right now).
[16:21]<xjzus_>local client ip fix or ip dynamic ?
[16:21]<xjzus_>fyrestrtr:
[16:21]<xjzus_>...
[16:51]<zgggzya>is there a more detailed view for iptables than -n .. I can't see the interfaces ..
[16:51]<zgggzya>but I want to ..
[16:52]<zgggzya>all the rules look the same .. 0.0.0.0/0 to 0.0.0.0/0
[16:54]<mrrynfmr>-v
[16:55]<mrrynfmr>maxine: show ruleset
[16:55]<drwygn>Please post the output of "iptables-save -c" or, if that is not available, "iptables -vnL" to a pastebin such as pastebin.ca, and tell us the resulting URL. Include the network setup if it is not immediately obvious
[16:58]<gf_pzgsymggvg>hi
[17:01]<cxzjdn>i have a router and want to run an openvpn client on it
[17:01]<cxzjdn>i need port udp 4000
[17:02]<cxzjdn>what iptable rule do i have to set up
[17:02]<cxzjdn>?
[17:02]<cxzjdn>iptables -I INPUT -p udp -dport 4000 ?
[17:02]<cxzjdn>something like that?
[17:04]<pdznsvzvz>I finally managed to get masquerading working on my iptables :) now how do I open up ports on my system so that other computers behind my box can connect to the outside world?
[17:17]<cxzjdn>where is my error in that line?
[17:17]<cxzjdn> iptables -A INPUT -p udp -dport 4000 -j ACCEPT
[17:17]<cxzjdn>it says bad argument 4000 ...
[17:48]<pdznsvzvz>how do I see a listing of my current rules?
[18:07]<rvdrv>fyrestrtr: iptables -L
[18:26]<pdznsvzvz>can someone help me please, I am running around in circles trying to get my connection setup.
[18:28]<rvdrv>sorry fyrestrtr I have to go
[18:28]<pdznsvzvz>I am just trying to open up port 25 to the internet, but only if the sending machine is 192.168.1.12, otherwise, drop the packet. Similarly, if an incoming connection is on port 25, redirect it to 192.168.1.12, otherwise drop it.
[18:46]<zgvzj_ggj>i have iptables setup with the following rules, but when I do a port scan I get tons of open ports, what's up? http://pastebin.com/720776
[18:46]<xjzus_>anyone have neverwinter night ?
[19:55]<dzzyjjfyvnyzz>hi i have one question 85.155.x.x = 85.155/?
[19:57]<dzzyjjfyvnyzz>nobody here?
[19:57]<dzzyjjfyvnyzz>tlol
[19:57]<dzzyjjfyvnyzz>everyone dead
[19:58]<dzzyjjfyvnyzz>ok ill talk to my self
[19:59]<dzzyjjfyvnyzz>hello mario what is your problem?
[19:59]<xzgmzyx>yeah what is ur problem
[19:59]<xzgmzyx>lol
[19:59]<dzzyjjfyvnyzz>hi 85.155.x.x = 85.155/?
[19:59]<xzgmzyx>erm not that i remember but possibly
[20:00]<dzzyjjfyvnyzz>t16?
[20:00]<dzzyjjfyvnyzz>16?
[20:00]<xzgmzyx>i dont know how that would be formulated exemple it would be used as a ban or drop command
[20:01]<xzgmzyx>iptables -A INPUT -s 85.155.0.0/10
[20:01]<xzgmzyx>woops forgot the -j DROP
[20:01]<xzgmzyx>would block anything form 85.155.0.0 to .10
[20:01]<dzzyjjfyvnyzz>yes
[20:02]<dzzyjjfyvnyzz>my problem is last number thar represents netmask
[20:02]<xzgmzyx>its a netmask
[20:02]<xzgmzyx>erm gimme a sec
[20:05]<dzzyjjfyvnyzz>yes its 16
[20:05]<dzzyjjfyvnyzz>http://jodies.de/ipcalc?host=192.168.0.0&mask1=16&mask2=
[20:06]<xzgmzyx>you could try 85.155/16
[20:07]<dzzyjjfyvnyzz>yes tha is it
[20:08]<dzzyjjfyvnyzz>what a stupid thing beeing unable to block a user from internet by his mac adress
