IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.84 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-21
Pages: 1
[00:00]<zj20>+Thanatermesis: yes and no :)
[00:01]<zj20>+Consider this: try "dig www.nasa.gov". Then try it again in 5 minutes or whatever the TTL is. Different IP's.
[00:01]<vxzgzvnzdnsys>+:/
[00:01]<zj20>+www.nasa.gov.speedera.net. 120 IN A 63.216.25.145
[00:01]<zj20>+2 minute TTL
[00:02]<zj20>+When you use a hostname in an iptables command, you get whatever it resolves to then and there.
[00:04]<zj20>+For many sites, that might be good enough. But big Web sites might do the Speedera DNS trick for load balancing.
[00:15]<-- sgvgzs xzs fuyv (>/dev/brain")
[02:02]<axzjjvnm>REDIRECT doesn't work either
[02:04]<axzjjvnm>it seems like REDIRECT and DNAT will only work if they are on the same subnet as the source address
[02:04]<zzwffzdnz>what are you trying todo?
[02:05]<axzjjvnm>17:10 < chrooted> what I'm trying to do is: have a firewall for a computer where the firewall doesn't have it's own dedicated IP address, but if a packet is going to a certain port, ie 22 or 443, redirect it to the firewall instead of routing it to the box
[02:05]<axzjjvnm>17:11 < chrooted> so far I've tried the iptables targets: SNAT, DNAT, REDIRECT, and MARK using ip rule and custom ip route table
[02:06]<zzwffzdnz>so its just a firewall in your lan?
[02:07]<zzwffzdnz>should it be reachable on that ip?
[02:07]<zzwffzdnz>the ports
[02:08]<axzjjvnm>yeah it's using proxy_arp
[02:12]<axzjjvnm>come on man, tell me it's possible
[02:15]<zzwffzdnz>i dont know your situation of machines
[02:18]<axzjjvnm>ok let's say my machine is 192.168.8.123 and the other machine I connect to is 192.168.8.16 and the firewall is in between without it's own address
[02:20]<axzjjvnm>so when I type in http://192.168.8.16/ into my browser, it should go to the other machine, but if I use https://192.168.8.16, it should go to the firewall
[02:20]<axzjjvnm>need any more info?
[02:21]<zzwffzdnz>so your firewall is running a https server?
[02:21]<axzjjvnm>yeah
[02:22]<zzwffzdnz>then you need to use PREROUTING
[02:23]<zzwffzdnz>its NAT's the packet before a lookup is being used into your routing table
[02:23]<axzjjvnm>oh shit
[02:23]<zzwffzdnz>http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm
[02:24]<axzjjvnm>oh shit I think I might have gotten it to work
[02:26]<axzjjvnm>linux routing is soo weird
[02:29]<zzwffzdnz>why?
[02:34]<axzjjvnm>I got DNAT and REDIRECT to work by setting it to 169.254.1.1 instead of 127.0.0.1
[02:35]<axzjjvnm>it totally doesn't make any sense but oh well at least I think it's workin how I want
[02:35]<axzjjvnm>I guess it's probably better this way anyways cause then I can connect to the firewall with an apipa address
[02:35]<axzjjvnm>as well as the redirect
[02:45]<axzjjvnm>anyone happen to have a subnet calculator in bourne shell script?
Pages: 1
