IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.74 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-25
[20:44]<zj20>I think Windows comes with a stolen copy of nslookup, which sort of helps for DNS testing.
[20:44]<wrf_>windows does have nslookup...
[20:45]<wrf_>but is it possible that with my current config i'm blocking the dns server response to the xp machine?
[20:45]<zj20>I doubt it. Look at the packet counters on line 26.
[20:47]<wrf_>it's just that I remember looking at the config firestarter created and it had some sort of specific rule for dns... is line 26 taking care of all protocols/ports?
[20:48]<zj20>Anything matching --state RELATED,ESTABLISHED is -j ACCEPT'ed.
[20:48]<wrf_>hm...
[20:50]<wrf_>this is very frustrating...
[20:50]<wrf_>i've been fighting this for 2 weeks!
[20:53]<zj20>Why not put the firestarter ruleset in /etc/sysconfig/iptables ?
[20:53]<wrf_>i've just installed firestarter again..
[20:53]<wrf_>the other pc is running now...
[20:54]<wrf_>do you think that you can identify what should I add to my /etc/sysconfig/iptables ?
[20:55]<zj20>http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html is a simple example.
[20:56]<wrf_>here's how things look when I start firestarter...
[20:56]<wrf_>http://pastebin.com/737546
[20:56]<wrf_>Yes, I've been pointed in that direction already... but it didnt help
[21:28]<wrf_>ok, i'll call it a day
[21:29]<wrf_>thanks anyway for trying to help
[22:31]<2ajzgx->rob0: yea, it's enabled.
[22:32]<2ajzgx->iptables -A FORWARD -j DROP -p tcp --dport 3724
[22:32]<2ajzgx->that should block port 2734 on the bridged network, right?
[22:33]<dzzvzffy>3724?
[22:34]<pnnnnnd>hey guys i just have 1 simple question
[22:34]<jdrd>hi i am on gentoo linux and run azureus, now my problem is it makes the latence of ssh and www long, i try to shape it, but it don't really work, i readed some sites on the net, but they don't help me, here is also a script i tried, but it do not work, there is no effekt: http://olem.homeip.net/~olem/tc.sh
[22:34]<2ajzgx->martalli: World Of Warcraft Auth port. I want it dead.
[22:34]<jdrd>can somebody help me to solve my problem?
[22:34]<pnnnnnd>i have alot of different iptables set.... and now i want to be able to Accept fwding through port 80 i wanna add that to the chain
[22:34]<pnnnnnd>whats the command for that
[22:35]<pnnnnnd>iptables -t nat -A tcp --dport 80 -j DNAT --to 10.1.1.155
[22:35]<pnnnnnd>i thoguht it woulbe that
[22:35]<pnnnnnd>but its not
[22:35]<dzzvzffy>bjornh - actually I was checking to make sure that I didn't misread that '-dport 3724' was port 2734...just a newbie lurking to learn
[22:36]<2ajzgx->I see
[22:36]<zzrgmgg>If I want to allow connection through port 20 only from 3 ips how would I do that?
[22:36]<zzrgmgg>2 LAN ip and one Internet ip.
[22:36]<2ajzgx->martalli: aw, I mistyped the second number.
[22:37]<pnnnnnd>granden: iptables -t nat -A PREROUTING -s ur.ip.here -p tcp --dport 20 -j DNAT --to local.ip.add
[22:37]<pnnnnnd>and u gotta configure ur router also
[22:38]<zzrgmgg>it already have port 20 forwarded
[22:38]<pnnnnnd>ok so then do that
[22:38]<pnnnnnd>what is it fwded to?
[22:38]<pnnnnnd>whast the ip its fwd'd to
[22:38]<zzrgmgg>192.168.0.11
[22:38]<zzrgmgg>thats the shell server
[22:38]<zzrgmgg>on the lan
[22:39]<pnnnnnd>iptables -t nat -A PREROUTING -s whatever.ip -p tcp --dport 20 -j DNAT --to 192.168.0.11
[22:39]<pnnnnnd>that should do it
[22:39]<zzrgmgg>the router is not using iptables it is a netgear router
[22:40]<pnnnnnd>i think even if its fwd'd on the router it shoudl be ok
[22:40]<pnnnnnd>other than that i have no idea
[22:40]<pnnnnnd>see if it works
[22:40]<pnnnnnd>try it out
[22:40]<pnnnnnd>can anyone answer my question?
[22:40]<zzrgmgg>ok
[22:41]<zzrgmgg>Im a bit scared to fuck it up, because Im not on the same LAN as the box. Its 20km to it and I dont have access to it.
[22:41]<pnnnnnd>yeah well sometimes u can lock urself out
[22:41]<pnnnnnd>so i wouldnt risk it
[22:41]<pnnnnnd>once u lock uself out
[22:41]<pnnnnnd>u need someone to flush the tables to get back in
[22:41]<zzrgmgg>yeah
[22:41]<zzrgmgg>I got a script that is doing so
[22:42]<pnnnnnd>if ur sure it can be flushed try it out
[22:42]<zzrgmgg>maybe if I install screen run a script that first run the iptables rules, then wait for 2 minutes and then flush it
[22:42]<zzrgmgg>think it could work?
[22:42]<synr>hi! I was wondering how I could list the current state table in IPTables? I've tried to look around for this and can't seem to find my answer.. Thanks
[22:42]<pnnnnnd>iptables -L
[22:42]<zzrgmgg>And before those 2 minutes passed I try the rule
[22:42]<pnnnnnd>hhmm
[22:43]<pnnnnnd>seems like it should work
[22:43]<dzzvzffy>Hey Sieg - is Siegfried your first or last name?
[22:43]<zzrgmgg>I will give it a try
[22:43]<pnnnnnd>u mean make it auto flush?>
[22:43]<pnnnnnd>sieg: iptables -L
[22:43]<pnnnnnd>sieg: iptables -t nat -L
[22:43]<zzrgmgg>yes I made script that flush
[22:43]<pnnnnnd>to check the nat tables
[22:43]<pnnnnnd>granden: shit try it out then
[22:43]<pnnnnnd>granden: cause if it will flush for u after 2 minutes
[22:43]<pnnnnnd>granden: its worth a shot
[22:44]<zzrgmgg>yeah
[22:44]<pnnnnnd>If i want to fwd traffic through port 80 how do i add that to my iptables?
[22:44]<zzrgmgg>I give it a try or if it dont work I cal cia :)
[22:44]<pnnnnnd>lol
[22:44]<pnnnnnd>cia?
[22:44]<pnnnnnd>haha
[22:44]<pnnnnnd>why u callin them!
[22:44]<pnnnnnd>lol
[22:45]<synr>martalli: not real name, used to be a live role playing game
[22:45]<zzrgmgg>funny :)
[22:45]<dzzvzffy>lol that's my last name...I guess I passed up a great nick...
[22:46]<dzzvzffy>Of course, cool or not, you lose a littl anonymity by using your actual name right in a chat
[22:46]<pnnnnnd>martalli: think u can assit me real fast?
[22:46]<dzzvzffy>maybe - what do you need?
[22:46]<synr>freezey: I do see the rules with that command, but not the state table itself. What I'm looking for basically is all source IPs related to all their active sessions for which IPTables is keeping state
[22:47]<2ajzgx->Anyone feel like looking into my bridge question?
[22:47]<synr>I used to have this with IPF or PF, but can't find how with iptables
[22:47]<pnnnnnd>martalli: i wanna add port 80 to my iptables to permit traffic thru that port
[22:47]<pnnnnnd>sieg: i am not sure
[22:48]<pnnnnnd>martalli: i have phpgroupware setup... and when i try to access it thru another machine it doesn;t allow me to get in... but when i flush the tables it allows me
