IRC Logs

Network: freenode Channel: #iptables

	Enter your search terms Submit search form
	Web www.irclog.org

[12:38]<xzzm__wzzn>Qantourisc: Ja
[12:38]<qzgvjuzysa>hard__ware: ?
[12:38]<vzynm>you mean set the policy to DROP?
[12:39]<qzgvjuzysa>tried: jeps
[12:39]<vzynm>well first i want to know if the PREROUTING works
[12:39]<xzzm__wzzn>tried: you dont need state ESTABLISHED rules in PREROUTING
[12:39]<vzynm>i'm just trying to do a simple forward
[12:39]<vzynm>yea i thought i did
[12:39]<qzgvjuzysa>:)
[12:39]<vzynm>so i commented it
[12:39]<vzynm>incase that was the problem, i added it
[12:39]<xzzm__wzzn>=)
[12:39]<vzynm>i mean, what could i be doing wrong? lol
[12:40]<vzynm>shouldn't that line by itself be sufficient?
[12:41]<xzzm__wzzn>tried: have you setup a port nock for SSH
[12:41]<vzynm>i can enable that if i wanted to
[12:41]<xzzm__wzzn>.... thats kinda kewl ... =)
[12:42]<vzynm>that works as long as i uncomment where it jumps
[12:42]<vzynm>at the bottom of the INPUT chain
[12:43]<qzgvjuzysa>Good bad idea to make a flow of your own iptables ?
[12:44]<vzynm>make your own firewall rules?
[12:44]<qzgvjuzysa>i mean you jump to another chain
[12:44]<qzgvjuzysa>don't you lose the overview over it after a while ?
[12:44]<vzynm>no, to me it's easier
[12:44]<vzynm>because it's like calling a function kinda
[12:45]<qzgvjuzysa>i mean if you jump a lot :) and you have like 500 lines of code
[12:45]<vzynm>i think my code is minimal
[12:45]<zzwffzdnz>bullshit
[12:45]<vzynm>heh
[12:46]<qzgvjuzysa>tried: your code is NOT mimimal
[12:46]<zzwffzdnz>you dont need lot of code for a lot of jumps
[12:46]<vzynm>that's not much jumping
[12:46]<qzgvjuzysa>tried: minmal nat is like 3 lines or something
[12:46]<fyguedrgau>Hi all
[12:46]<vzynm>i'm only making necessary jumps
[12:46]<vzynm>yea but how secure will the nat be without all the ingress and egress filtering i've added
[12:46]<vzynm>and remember, this is code for 3 network cards
[12:46]<qzgvjuzysa>ow :)
[12:46]<qzgvjuzysa>lol
[12:47]<vzynm>there's really nothing uncessary there except the extra logging chains -- the way i separated tcp, udp, icmp to be come out pretty in logging ;-)
[12:48]<vzynm>now if i can get this damn nat forwarding to work ;-(
[12:48]<qzgvjuzysa>another question indeed, to log or not to lo
[12:48]<qzgvjuzysa>*log
[12:48]<vzynm>log of course lol
[12:49]<qzgvjuzysa>why ?
[12:49]<vzynm>and remote centralized logging if you can
[12:49]<vzynm>so that you see everything
[12:49]<qzgvjuzysa>why?
[12:49]<vzynm>well if you don't see the importance of seeing and knowing what's going on, then i guess no
[12:50]<qzgvjuzysa>there are a few reasons i can come up with, but no more then those
[12:50]<vzynm>logging is a crucial factor in system security
[12:50]<qzgvjuzysa>elaborate please
[12:50]<vzynm>i do remote centralized logging
[12:50]<vzynm>well what more do i have to say than it's good to see whats going on?
[12:50]<vzynm>if you get hacked, you have evidence and soemthing to refer to of how and why the attacker got in
[12:50]<qzgvjuzysa>tried: that assumes you check the logs ...
[12:50]<qzgvjuzysa>tried: hmm last one is vallid
[12:51]<vzynm>yes i check logs
[12:51]<vzynm>i even remote log them to a centralized location
[12:51]<qzgvjuzysa>then, log evrythig or only possible attacks ?
[12:51]<vzynm>one computer solely for collecting logs
[12:51]<vzynm>the more you log, the more evidence of something you have
[12:51]<xzzm__wzzn>tried: i have one of the,
[12:51]<vzynm>of course knowing how to view the logs is even more essential
[12:51]<xzzm__wzzn>them ... its also my deciated email server @ home ... =)
[12:52]<vzynm>which is why i separated the tcp, udp, icmp parts in my rules
[12:52]<xzzm__wzzn>all my logs are sent out via email ... logged locally
[12:52]<qzgvjuzysa>and the greate botleneck you mgiht be punting into your network ...
[12:52]<vzynm>i don't send logs through email
[12:52]<vzynm>if i did i'd have to pgp them
[12:52]<xzzm__wzzn>meh ...
[12:52]<qzgvjuzysa>hard__ware: i hope you don't log the mail you send ? :)
[12:52]<xzzm__wzzn>when im 2 hops away ... im happy
[12:53]<vzynm>i might be punting into my network? what do you mean by that?
[12:53]<xzzm__wzzn>Qantourisc: lol um no
[12:53]<qzgvjuzysa>hard__ware: you would have notised by now if you would :D
[12:54]<xzzm__wzzn>Qantourisc: besides its done nightly @ 4 am
[12:54]<xzzm__wzzn>not every damm second =P
[12:54]<qzgvjuzysa>aa:)
[12:54]<xzzm__wzzn>and if i was so worried about it
[12:54]<qzgvjuzysa>or for each package :D
[12:54]<xzzm__wzzn>i could always use SMTPS
[13:00]<xzzm__wzzn>and after much much testing using -j allot does not affect your performace (nothing that is noticable) where it possibly i at an advantage to use it in such ways
[13:01]<xzzm__wzzn>tested on many different machines 350 Mhz , 466 , 550 , 866 , 1ghz , 2.4 ghz ... @ 300 too 500 rules it made nearlly no differnce at all
[13:02]<qzgvjuzysa>hard__ware: i'll ask me boss what he want to log :)
[13:02]<xzzm__wzzn>from 3 - 300 it made noticable a dffenence depending on the amount of flows and thoughput of each ... so unless your doing 250K Flows @ 250KB's Each ... you should be fine
[13:02]<qzgvjuzysa>hard__ware: gaming might fall under that :)
[13:02]<qzgvjuzysa>hard__ware: lots of small packages
[13:03]<xzzm__wzzn>250 Thousand Connections ?
[13:03]<xzzm__wzzn>simultanious all at 250 KB/sec ?
[13:03]<xzzm__wzzn>and i tested it with Gaming =)
[13:03]<qzgvjuzysa>rather 60 packages per second each a size around 16 kb ?
[13:03]<qzgvjuzysa>hard__ware: ow cool :)
[13:04]<qzgvjuzysa>hard__ware: yet i won't log what i can't use :D
[13:04]<xzzm__wzzn>im using a 300 rule + firewall (iptables /w 2.6.16.19 /w no PreEmpt) and i get great reults
[13:04]<qzgvjuzysa>neat
[13:04]<qzgvjuzysa>i still have to find time
[13:05]<xzzm__wzzn>my firewall script / project is here ...
[13:05]<xzzm__wzzn>make big use of -j JUMP = )
[13:05]<xzzm__wzzn>http://hwfirewall.sf.net

Back to #iptables
Or go to some related logs:
#gentoo
#gentoo
#gentoo
#gentoo
#gentoo