IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.75 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-04
[22:48]<oz2rg>oh and sprint tops that list... next is cable... sprint locks you into a contract, and cable, well they know they are regulated in a market
[22:50]<vyrn-vnzsr>I've been in pain with my knee for like over three weeks now waiting to hear back about my xray results...so I finnaly call to inquire
[22:50]<vyrn-vnzsr>Receptionist: Oh Dr. {mydoc} has been on vacation for the last two weeks. Let's see...oh yes he seen those three weeks ago, must not be anything serious if he didn't call you to discuss your results.
[22:50]<vyrn-vnzsr>WTF?
[22:50]<oz2rg>heh... don't worry i am in the military and they don't call back
[22:50]<oz2rg>hell, i gotta make an appointment just to get the results of a test
[22:51]<vyrn-vnzsr>unreal, haven't been to a doctor in 16 years, but my god have things changed that much!
[22:53]<oz2rg>yep
[22:53]<oz2rg>i remember going as a kid
[22:53]<oz2rg>doctor remembering me and everything
[22:53]<oz2rg>now its about the bottom line and protecting themselves from lawsuits
[22:54]<czysvrfygj>hi
[22:54]<vyrn-vnzsr>hey
[22:54]<oz2rg>howdy
[22:54]<czysvrfygj>hello
[22:54]<vyrn-vnzsr>Hi
[22:55]<czysvrfygj>i'd like to know : how to portforward all ports **except** one port ?
[22:55]<oz2rg>sounds like port ranges
[22:55]<vyrn-vnzsr>I suppose the next thing I'm gonna hear is there isn't anything they can do for it.
[22:56]<czysvrfygj>Orban, true. How stupid am i sometimes
[22:57]<oz2rg>vice-versa, well in the military they'd give me motrin and a profile which limits what i can do for a week or two, then its back to the same old stuff
[22:57]<mrrynfmr>kristalino: that, or you -j ACCEPT the one port first
[22:59]<vyrn-vnzsr>Orban: lol, "Yes we extracted the M60 round from your skull, you'll be ready for active duty again in a few weeks, here's your motrin. Dismissed.
[22:59]<czysvrfygj>danieldg, can you explain a littem more this solution ? I want to NAT all ports but not the one : 1111 for example.
[22:59]<oz2rg>kristalino, setup a rule to forward all of them in the -t nat
[22:59]<oz2rg>then in the basic set of rules just accept the one port
[22:59]<oz2rg>-j ACCEPT
[22:59]<mrrynfmr>kristalino: two rules; first -A PREROUTING --dport 1111 -j ACCEPT; then -A PREROUTING -j DNAT
[23:00]<czysvrfygj>danieldg, thanks
[23:03]<oz2rg>the more i play with iptables the more i think that freebsd's ipfw is just plain better, definetly simpler
[23:09]<vyrn-vnzsr>Orban: because that's what you're used to perhaps? dunno...I never did anything with bsd and or ipfw so I can't really comment
[23:09]<vyrn-vnzsr>Orban: but I do remember feeling somewhat overwhelmed with iptables when I first encountered it.
[23:09]<oz2rg>i just don't understand all the PREROUTING POSTROUTING, -j ACCEPT, -j DNAT, -j SNAT
[23:09]<mrrynfmr>Orban: http://xkr47.outerspace.dyndns.org/netfilter/packet_flow/packet_flow9.png
[23:10]<vyrn-vnzsr>Orban: you have a read through this yet? http://iptables-tutorial.frozentux.net/iptables-tutorial.html
[23:10]<oz2rg>ys
[23:11]<oz2rg>i think the picture will explain better though
[23:11]<oz2rg>the tutorial needs more examples
[23:11]<mrrynfmr>I have some examples, if you're interested: http://daniel.6dns.org/info/iptables/
[23:12]<vyrn-vnzsr>Orban: well it's like anything else I guess, first read is more to learn about how much you don't know, then you play a little, second read things start to become clearer
[23:12]<oz2rg>oh yea
[23:13]<oz2rg>but i havn't used ipfw in 5 years, but i could sit down and write rules for it, ipfilter not a chance in 5 years
[23:16]<oz2rg>ipfw was based though on all rules running through one rule set, not queue dependant
[23:17]<oz2rg>and it was lower performance with large rule sets
[23:20]<vyrn-vnzsr>well iptables is quite powerful, with power comes complexity..or so it seems to me anyway
[23:30]<-- svgvsdyzgjvr_ xrs>/dev/null")
[23:59]<oz2rg>ok so i am slowly being able to expand on this... but it sucks, i can't tell whats really open and whats not open on the external interface because i am not getting an accurate port scan because i am having to specify all my rules to the interface not the destination ip
