IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.87 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-06-16
Pages: 1
[00:10]<ucrse>so it will be better to use 2.4 kernel and 1.2.11 iptables
[00:10]<ucrse>+ imq
[00:10]<ucrse>and patch it with pathomatick ng
[00:10]<ucrse>??
[07:32]<jdy_>hello all, Is there an iproute2 channel?
[07:33]<jdy_>I see a very useful veature in linux-2.6.16 networking options called Multipath: interface round robin. But I'm unable to find documentation on enabling it over multiple links. as well as combining it with weighted routing.
[10:03]<xzgmzyx>anyone here know howto build a bash script that would fo this basicaly it would be called ipban and i would type ipban ipadress and it would ban it
[10:05]<zj2wow0>alias ipban="iptables -I INPUT -s $1 -j DROP"
[10:06]<zj2wow0>I may have the "$1" part wrong though - that's from memory
[10:06]<mznzz>robw810, you don't
[10:06]<zj2wow0>That figures :D
[10:07]<zj2wow0>I thought we were in another channel - I speak a bit more freely without looking things up there :/
[10:07]<xzgmzyx>but i ment a bash script cuz im havin troubles with bashrc and bash_profile
[10:18]<zj2wow0>XandriX: Well, I'm not convinced that blocking individual ip addresses is really worth the effort - even so, if you want to do it interactively, just type out the iptables
[10:19]<xzgmzyx>ok
[10:19]<xzgmzyx>lol
[11:13]<-- dvxn|syzzzyus xzs>http://www.bagdadsoftware.de")
[11:13]<awnsjdn-jq000>im using gentoo - I was wondering how I patch my iptables - I need to update to reversion 6586 according to http://lists.netfilter.org/pipermail/netfilter-buglog/2006-April/000921.html
[11:13]<awnsjdn-jq000>I dont have any idea how to go about doing this
[11:19]<xzgmzyx>i was wondering if with iptables i could ban this dpc67143222143.direcpc.com instead of the ip
[11:21]<drxdr>hi
[11:25]<xzgmzyx>depmod: *** Unresolved symbols in /lib/modules/2.4.31-grsec/kernel/net/ipv4/netfilter/ipt_stealth.o
[11:26]<xzgmzyx>whats that suposed to mean ?
[11:38]<xzgmzyx>no one knows i guess lol
[12:00]<wrfuw>hi all, can someone help me with a nat question ? I have one server with two ips. On the first there is the smtp listening on incoming connections, it sends it to the internal server. The firewall uses nat to send the mail to a transparent smtp proxy on ip2. But this server is never reached.
[12:01]<wrfuw>The two ips are using the same network card. Is this in general a possible setup ?
[13:54]<vzzvym>i have 4 files generated by ipcop in /var/log/ip-acct, file says they might be gdbm
[13:54]<vzzvym>ipacsum runs presumably on those files
[13:54]<vzzvym>can they be dumped to text?
[16:46]<-- svgvsdyzgjvr_ xrs>/dev/null")
[17:27]<sgrg11>hi anyone here able to point me in the right direction for using QOS to slow traffic to certain IP's on my lan ?/
[17:28]<snnfn_>sean33, mastershaper
[17:29]<snnfn_>sean33, www.mastershaper.org
[17:29]<sgrg11>i wish to limit available bandwidth to some of my other machines that can get a bit greedy and esential causes a DOS to other apps
[17:29]<sgrg11>ok thanks
[17:31]<sgrg11>anyone else care to comment on Mastershaper ?
[17:33]<snnfn_>sean33, you can do this manually, with tc rules and IMQ devices
[18:11]<-- svgvsdyzgjvr xrs>/dev/null")
[18:37]<vrf>Hello,
[18:38]<zzwffzdnz>hI
[18:38]<vrf>eth0 is the internal network 192.168.1.0/24, i got eth1 as 10.0.0.0/24 and i got dhcpd3 setup on eth1. Now how can i forward the traffic from 192.168.1.0/24 over to the eth1 and make it as a router on 10.0.0.1 ?
[19:07]<vrf>http://pastebin.ca/66214 - The clients web traffic ain't getting forwarded to the squid proxy with those rules? How come?
[20:03]<vrf>anybody here?
[20:07]<aynf9>hi
[20:37]<vrf>anybody here who have time to help me a bit with some rules?
[22:08]<vcul>does --dports have to run in conjunction with --ports in order to specify multiple ports? --dports --ports 1,3,4,etc
[22:10]<vcul>hmm should have read the fm, it's -m multiport --dport 1,3,4
[22:12]<jgnpjzrff>+ iptables -A INPUT -i eth0 -p tcp -s 0/0 -m multiport --dports 25,587,2525 -m state --state NEW --syn -j ACCEPT
[22:12]<jgnpjzrff>getsockopt failed strangely: No such file or directory
[22:12]<jgnpjzrff>any idea how what I need to change to fix this ?
[22:13]<jgnpjzrff>same on another line
[22:13]<jgnpjzrff>+ iptables -A OUTPUT -o eth0 -p tcp -m multiport --destination-port 2049,1080,2000,3128,137,138,139,445 --syn -j REJECT just after this one
[22:22]<jgnpjzrff>2.6.17.rc6 this module changed multiport ?
[22:31]<jgnpjzrff>hey robw810
[22:35]<zj2wow0>Afternoon
[23:04]<fv9www>i'm trying to open port 8443 in iptables. i issue 'iptables -A MYCHAIN -p tcp --dport 8443 -j ACCEPT'. after restarting iptables, it doesn't look like the port is open. do i need to still edit /etc/sysconfig/iptables?
[23:04]<2rfju>what do you mean by "restarting iptables"?
[23:05]<fv9www>service iptables restart
[23:06]<2rfju>what linux distribution do you use? this command most probably resets all your custom iptables rules
[23:06]<fv9www>rhel4
[23:06]<fv9www>it looks like the rules remain the same after i issue that cmd
[23:06]<2rfju>issue "iptables -A..." without restarting iptables, then it should work
[23:07]<2rfju>or, issue a "iptables -L" after doing " service iptables restart" and look if your rule is still there
[23:08]<fv9www>iptables -L looks the same after service iptables restart
[23:37]<jgnpjzrff>fixed it ipt_multiport is xt_multiport now
[23:53]<sgjwpzdzd>I was wondering if anyone could help me add a chain that would help me monitor bandwidth but not break my existing iptables firewall. Current script is posted: http://paste.ubuntu-nl.org/15833
[23:53]<-- dvxn|syzzzyus xzs>http://www.bagdadsoftware.de")
Pages: 1
