IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.77 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-06-08
[13:29]<fyguedrgau>whats the command u tried?
[13:29]<fyguedrgau>command = rule
[13:30]<vzynm>http://cpp.sourceforge.net/?show=16553
[13:30]<vzynm>line
[13:30]<vzynm>303
[13:30]<vzynm>is the forward rule
[13:31]<vzynm>and no modifications for the DNAT rule
[13:31]<vzynm>so i should try using your linuzmanju ?
[13:31]<fyguedrgau>tried, forward routes the packets b/w routable networks
[13:31]<fyguedrgau>tried, try dnat
[13:31]<xzzm__wzzn>hmmm
[13:31]<fyguedrgau>u dont need to modify the script
[13:32]<xzzm__wzzn>that prolly isnt good policy
[13:32]<fyguedrgau>jjust type it in the console
[13:32]<xzzm__wzzn>but still
[13:32]<xzzm__wzzn>line 303 that is
[13:33]<vzynm>yea i know its bad policy but just seeing if it works
[13:33]<fyguedrgau>iptables -t nat -A PREROUTING -s 0.0.0.0/0 -d <extn IP> -p tcp --dport 443 -j DNAT ---to <internal IP>
[13:33]<vzynm>ok i'm testing that right now
[13:33]<fyguedrgau>try that and let us know.. It works for sure
[13:33]<vzynm>https://69.108.99.8
[13:33]<vzynm>work?
[13:34]<vzynm>nnot
[13:34]<vzynm>damn
[13:34]<vzynm>hold up pasting updated
[13:35]<vzynm>http://cpp.sourceforge.net/?show=16554
[13:35]<vzynm>thats the changes
[13:35]<vzynm>one sec i'll show you the list
[13:38]<vzynm>http://cpp.sourceforge.net/?show=16555
[13:39]<vzynm>http://cpp.sourceforge.net/?show=16556
[13:42]<vzynm>no
[13:43]<vzynm>i can connect to it locally
[13:43]<fyguedrgau>tried, sorry was out of the desk...
[13:44]<fyguedrgau>tried, Its not working..
[13:44]<vzynm>yea
[13:44]<fyguedrgau>tried, The there two things u need to know for the DNAT rule
[13:44]<fyguedrgau>one
[13:45]<fyguedrgau>The client .. i.e localip host.. should have the default gateway set to the internal interface of the... firewall which is doing the DNAT
[13:45]<fyguedrgau>otherwise it doesnt wrk
[13:45]<fyguedrgau>what does.. route -n say?
[13:45]<vzynm>on the localip host?
[13:46]<vzynm>it's set to 172.16.0.1
[13:46]<vzynm>the gateway
[13:46]<drwygn>rumour has it the gateway is the word in english :)
[13:46]<vzynm>which is $DMZ_IF in rules
[13:46]<vzynm>$DMZ_IP i mean
[13:46]<vzynm>which $DMZ_IF = eth2
[13:46]<fyguedrgau>is that the firewalls.. DMZ interface ip?
[13:46]<fyguedrgau>172.16.0.1?
[13:46]<vzynm>yea
[13:48]<fyguedrgau>fine. .. now we will test it with some commands.. whether the packets are reachinbg ur DMZ hosts or the firewall is blocking it
[13:48]<fyguedrgau>go to the web server and run...
[13:48]<fyguedrgau>tcpdump -nei eth0 port 80
[13:48]<fyguedrgau>sorry
[13:48]<fyguedrgau>tcpdump -nei eth0 port 443
[13:49]<fyguedrgau>and see if u see any packets coming there
[13:49]<fyguedrgau>I will try to access it
[13:49]<vzynm>yea i'm runing tcpdump
[13:49]<vzynm>that's how i'm checking whether its working or not
[13:49]<fyguedrgau>k.. lemme try to connect to ur public ip
[13:49]<fyguedrgau>do u see the packets?
[13:49]<vzynm>no
[13:50]<vzynm>i can only see you on the firewall log
[13:50]<vzynm>it will log the [blah] that i added for debugging
[13:50]<fyguedrgau>ok
[13:50]<fyguedrgau>can we see the log?
[13:50]<vzynm>yea hold on
[13:51]<fyguedrgau>k
[13:51]<vzynm>ok the localip host was not receiving packets
[13:51]<vzynm>but i did see your packet in the firewall's logs
[13:51]<vzynm>1 sec
[13:55]<axzjg>ok i am tried
[13:55]<vzynm>wow
[13:56]<axzjg>Jun 8 03:52:22 localhost [ext prerouting] IN=eth0 OUT= MAC=dc:f2:de:87:b8:c9:00:0b:23:bd:e6:32:08:00 SRC=203.200.10.154 DST=69.108.99.8 LEN=60 TOS=00 PREC=0x00 TTL=46 ID=56146 CE DF PROTO=TCP SPT=35251 DPT=443 SEQ=747492870 ACK=0 WINDOW=5840 SYN URGP=0
[13:56]<vzynm>there it is
[13:56]<vzynm>[ext prerouting] = [blah]
[14:08]<fyguedrgau>tried, I think .. your script sucks... lots of Jumps.. Its very hard to track it..
[14:08]<fyguedrgau>why dont u try.. shorewall
[14:08]<fyguedrgau>shorewall.net
[14:09]<fyguedrgau>Its an excellent firewall package and Logs very well
[14:09]<vzynm>alright
[14:09]<vzynm>but i'd like to write my own so ;0
[14:09]<fyguedrgau>even then.. Go with the linear scripts not the garbled one like u have....
[14:10]<fyguedrgau>It simply jumps here and there
[14:10]<fyguedrgau>I am loosing track here
[14:26]<qzgvjuzysa>tried: jikes still on this issue ?
[14:26]<vzynm>well i just figured out it's not the set up
[14:26]<vzynm>it's definitely the rules
[14:26]<vzynm>cuz i tried hard__ware's nice script ;-)
[14:26]<vzynm>so back to finding out wtf is wrong with the rules ;-(
[14:28]<vzynm>https://69.108.99.8
[14:28]<vzynm>work?
[14:31]<xzzm__wzzn>nope ... its down again =(
[14:31]<vzynm>ahah
[14:58]<qzgvjuzysa>tried: still down
[14:58]<vzynm>yes ;-(
[15:01]<qzgvjuzysa>The server at 69.108.99.8 is taking too long to respond.
[15:01]<qzgvjuzysa>so you have a drop somewhere
[15:02]<vzynm>yea somethings not working
