IRC Logs

Network: freenode Channel: #iptables

	Enter your search terms Submit search form
	Web www.irclog.org

[00:11]<rerug>Hi. I'm trying to forward all ICMP trafic from my firewall to an internal box. I'm very new at iptables. I tryed "/sbin/iptables -A FORWARD -d 192.168.2.6 -i eth1 -p icmp -j ACCEPT" but it doens't seem to work
[00:12]<rerug>Is there a way to forward ICMP traffic from one box to another?
[04:35]<wwrtww>looking at the example of dhcpd.conf , it has an option routers rtr-239-0-1.example.org what should i change that to ? does it have to be rtr-239 * etc ?
[08:00]<rggvjsyrg>hello
[08:00]<drwygn>what's up, centosian.
[08:00]<rggvjsyrg>whatup maxine
[08:00]<rggvjsyrg>I have a question about iptables on centos
[08:00]<rggvjsyrg>I want to block access to port 80 and 8080 from most ip addresses
[08:01]<rggvjsyrg>I'm using a line like this in /etc/sysconfig/iptables:
[08:01]<rggvjsyrg>-A RH-Firewall-1-INPUT -p tcp -s 123.45.67.89 -m state -m tcp --dport 80 --state NEW -j ACCEPT
[08:01]<rggvjsyrg>and at the end ...
[08:01]<rggvjsyrg>-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
[08:01]<rggvjsyrg>BUT I seem to be getting hits from other ip addresses.
[08:01]<rggvjsyrg>what's up with that?
[08:01]<mrrynfmr>do you have other rules in between those?
[08:02]<rggvjsyrg>yeah
[08:02]<mrrynfmr>any other port 80?
[08:02]<rggvjsyrg>]um
[08:02]<rggvjsyrg>no
[08:02]<rggvjsyrg>should I post a cleanedup version to pastebin?
[08:03]<mrrynfmr>well, I'm going to sleep, so I can't look at it
[08:03]<rggvjsyrg>but I have the meaning of the first line correct? " allow from 123.45.67.89 to port 80 on tcp?"
[08:03]<mrrynfmr>yes
[08:04]<rggvjsyrg>hm
[08:04]<mrrynfmr>you can check counters and/or add LOG rules to see where the packets are getting accepted
[08:04]<rggvjsyrg>could this be causing the problem if they did a dns lookup on the mahcine recently?
[08:04]<rggvjsyrg>how do I check counters
[08:04]<rggvjsyrg>?
[08:05]<rggvjsyrg>-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[08:05]<mrrynfmr>maxine: display ruleset
[08:05]<drwygn>rumour has it display ruleset is "iptables-save -c" or "iptables -vnL; iptables -t nat -vnL; iptables -t mangle -vnL"
[08:05]<mrrynfmr>that will not let in new connections to port 80
[08:05]<rggvjsyrg>hm, what's -vnL
[08:05]<rggvjsyrg>ok
[08:06]<rggvjsyrg>h
[08:06]<rggvjsyrg>m
[08:10]<rggvjsyrg>is there a command I can test how a particular packet will be handled? like tcpwrapper's tcpcheck ?
[08:11]<mrrynfmr>I wrote one, it might be a bit hard to use though - http://daniel.6dns.org/info/iptables/#debug
[08:39]<gyfnsx>i want to block all ports except 53,80,25,110 usign iptables
[08:39]<gyfnsx>can any one help me??
[08:40]<gyfnsx>from all ip except our local ip 192.168.100.0
[08:42]<gyfnsx>http://pastebin.ca/81172
[08:43]<gyfnsx>http://pastebin.ca/81173
[08:47]<gyfnsx>can any one help me to stop that flooding..
[08:55]<rggvjsyrg>nilesh: on redhat?
[08:59]<gyfnsx>cent OS
[08:59]<gyfnsx>centosian,
[08:59]<rggvjsyrg>yes
[08:59]<gyfnsx>It is CentOS
[08:59]<rggvjsyrg>ok you want to do it by editing /etc/sysconfig/iptables
[09:00]<gyfnsx>at any how
[09:00]<rggvjsyrg>actually I don't know if I can teach you this.
[09:01]<gyfnsx>okk
[09:02]<rggvjsyrg>this *might* help: http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-iptables-saving.html
[09:04]<rggvjsyrg>nilesh: Using webmin's firewall settings might help too
[09:04]<rggvjsyrg>once you install webmin
[09:07]<gyfnsx>centosian, actually already one iptable rule is applied
[09:08]<rggvjsyrg>is iptables enabled?
[09:08]<gyfnsx>yes
[09:09]<gyfnsx>Webmin has detected 1 IPtables firewall rules currently in use,
[09:10]<rggvjsyrg>ok, set up rules letting through what you want, then block everything else
[09:10]<rggvjsyrg>:)
[11:11]<kjrgjuyffn>hello all, how can I allow an IP ? For example : ARennes-352-1-36-115.w81-250.abo.wanadoo.fr
[11:15]<kjrgjuyffn>so can I allow an IP from it's domain name ?
[11:17]<kjrgjuyffn>basicly, I want to allow ARennes-*.abo.wanadoo.fr
[11:17]<kjrgjuyffn>it this possible ?*
[11:17]<kjrgjuyffn>s/it/is/
[12:24]<-- svgvsdyzgjvr__ xr>/dev/null")
[13:17]<ygvgfdrgwo7>could anyone help me. I want to only allow 25, 1123, and 80 from the outside(while the rest blocked) but all the other ports(1-65535) to be allowed only by internal computers
[15:08]<-- sgvgzs xzs fuyv (>/dev/brain")
[15:54]<2yzcy>how to deny accessing to one ip from a computer that is ruter and so deny access to all computers behind nat? i used iptables and create masquerade
[15:54]<2yzcy>can i edit /etc/hosts and set that ip to my localhost?
[16:00]<ygvgfdrgwo7>I want to denine access to 139 from the outside(external) but allow access from inside(internal)
[16:00]<ygvgfdrgwo7>any help
[16:01]<ygvgfdrgwo7>any help
[16:03]<ygvgfdrgwo7>anyone
[16:05]<ygvgfdrgwo7>anyone
[16:08]<ygvgfdrgwo7>anyone
[16:20]<ygvgfdrgwo7>I want to denine access to 139 from the outside(external) but allow access from inside(internal)
[16:21]<czysvrfygj>intelmanx86, i think we just saw your post first time
[16:21]<czysvrfygj>intelmanx86, i think we just saw your post first time
[16:21]<ygvgfdrgwo7>and?
[16:23]<ygvgfdrgwo7>can this be done with hosts.deny
[16:23]<ygvgfdrgwo7>what is the syntax for hosts.deny
[16:28]<ygvgfdrgwo7>...
[16:52]<ygvgfdrgwo7>I want to denine access to 139 from the outside(external) but allow access from inside(internal)
[16:52]<czrc_jvrc>hi
[16:52]<drwygn>what's up, Crak_otak.
[16:53]<czrc_jvrc>" iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -o eth0 -j MASQUERADE " returns me " iptables: No chain/target/match by that name " after upgrading to a 2.6.16 kernel
[16:53]<czrc_jvrc>could someone explain me why?
[16:55]<czrc_jvrc>anyone?
[16:58]<vyrn-vnzsr>Crak_otak: changes in the kernel config layout, look for Xtables support
[16:59]<ygvgfdrgwo7>how could I block access to 139 and 445
[16:59]<czrc_jvrc>i've solved that problem earlier

Back to #iptables
Or go to some related logs:
#blender
#blender
#gentoo
#gentoo
#blender