IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.75 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-06
[07:17]<mrrynfmr>make sure you don't have leftover rules
[07:17]<mrrynfmr>maxine: display ruleset
[07:17]<drwygn>display ruleset is "iptables-save -c" or "iptables -vnL; iptables -t nat -vnL; iptables -t mangle -vnL"
[07:18]<kzyhzgzzy>... and how do i recognize leftover ones?
[07:19]<mrrynfmr>ones you don't think go there
[07:20]<kzyhzgzzy>i only know what iptables are for, and what ive learned here.. in the last few minutes...
[07:20]<kzyhzgzzy>i dont think i know what belongs and what doesnt... im completely new to this
[07:20]<mrrynfmr>well, what I do is trace how the packets go through - in order, hitting the first rule they match
[07:21]<mrrynfmr>if you want, clear everything in PREROUTING and do all the DNAT stuff over
[07:21]<kzyhzgzzy>.... once again, how?
[07:21]<mrrynfmr>also, ethereal or tcpdump is very useful in troubleshooting
[07:22]<mrrynfmr>iptables -t nat -F PREROUTING
[07:22]<kzyhzgzzy>ok,now just repeat that line i did a few min ago?
[07:22]<mrrynfmr>yes
[07:22]<kzyhzgzzy>with .2 this time...
[07:23]<kzyhzgzzy>done
[07:23]<kzyhzgzzy>still not getting that connection
[07:23]<mrrynfmr>where are you testing from?
[07:25]<kzyhzgzzy>a server in florida, ssh. 192.168.2.2 is the WAN port of a router, its forwarding a port to port 22 on this laptop. trying ssh <external ip> -p <port> .. i know this works because with other methods of modems it has
[07:26]<kzyhzgzzy>i know the ip is right cause without that DNAT rule, it gets refused
[07:26]<kzyhzgzzy>with it, no connection occurs, times out
[07:26]<mrrynfmr>try iptables -I FORWARD -j ACCEPT
[07:27]<mrrynfmr>this box is already doing NAT for the rest of the network, correct?
[07:27]<kzyhzgzzy>yes, its how im talking to you.
[07:27]<kzyhzgzzy>OOH
[07:27]<kzyhzgzzy>that did it
[07:28]<mrrynfmr>ok, then you just have to go back and look at the rules in FORWARD, and decide if you want to filter, and what to filter
[07:28]<mrrynfmr>(right now, it's unfiltered, that's what that command did)
[07:30]<kzyhzgzzy>hmm... ok. what SHOULD be filtered? anything that would normally be open on the modem box, but i dont want to be open?
[07:30]<mrrynfmr>yes. but that's filtered in INPUT.
[07:30]<mrrynfmr>usually you don't filter much in FORWARD if the other hosts on the network have firewalls
[07:31]<mrrynfmr>doing NAT will prevent incoming probes anyway
[07:31]<kzyhzgzzy>yea... this goes modem box -> router ---- systems ---- .. the router wont pass anything through unless its forwarded anyway
[07:31]<kzyhzgzzy>so i only need input filtering then
[07:32]<kzyhzgzzy>what the...
[07:32]<kzyhzgzzy>TCP ALL FILTERED No response packet was received.
[07:32]<kzyhzgzzy>UDP ALL FILTERED No response packet was received.
[07:32]<kzyhzgzzy>only thing the port scan picked up on was a tcp ping response
[07:33]<kzyhzgzzy>not even my forwarded stuff showed up
[07:33]<kzyhzgzzy>but i can connect to it
[07:33]<mrrynfmr>hmm. That's strange
[07:33]<mrrynfmr>anyway, I'm going to sleep
[07:33]<kzyhzgzzy>yea im soon doing the same.. 2am
[07:41]<kzyhzgzzy>thanks, if your still there
[09:58]<-- wgrvwsygc wrs puy>3) bad = 1;")
[11:35]<d0d>hi. i need help regarding iptables and smtp.
[11:42]<d0d>i have postfix in DMZ, and i want to forward mail for some users to exchange. exchange is in lan zone. i have trouble setting iptables rules to forward smtp to exchange.
[15:42]<sara>how do i force everything sent on port 25 to be sent out a set IP on my gateway?
[16:09]<dvg2cz>can someone help me with some ssh tunneling and iptables forwarding? Here's the scenario: Box A - Linux , Box B - FreeBSD at remote site behind firewall that is blocking outbound cvsup (tcp5999). I set up a "R"emote ssh tunnel such that connections to port 5999 on the FreeBSD box are forwarded to the Linux box. I want to now forward those OUT of the Linux box to a remote cvsup server. Can I get some prerouting/mangle/forward
[16:09]<dvg2cz> help to accomplish this?
[16:51]<-- 2yd2nzy xrs fuyv>http://iownmymusic.org/ http://iownmydvds.org/")
[19:03]<wwrsww>can i use the same machine to run as firewall and other services http pop3 or should i use seperate machines
[19:04]<wwrsww>will said machine also act as dhcp server for other machines on lan?
[19:06]<xzgmzyx>xhashx: u can
[19:06]<xzgmzyx>xhashx: but usualy for the other services like http and pop3 people use other boxes
[19:07]<wwrsww>well what im planning to do is this
[19:09]<wwrsww>i have 2 machines and i want to set one (a) up for temp dhcp / firewall / server then after its done , set the ohter machine (b) up to be the firewall and leave (a) to remain server
[19:09]<wwrsww>i jsut dont know where to begin
[19:14]<wwrsww>did i make that clear ?
[22:16]<-- dvxn|syzzzyus xzs>http://www.bagdadsoftware.de")
[23:09]<-- svgvsdyzgjvr xrs>/dev/null")
