IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.79 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-19
[06:29]<mrrynfmr>I mistyped here
[06:35]<aryjpws>danieldg, do you see a green page ?
[06:36]<mrrynfmr><title>COSMOPOTE</title>
[06:36]<aryjpws>ok ..
[07:03]<aryjpws>danieldg, THANK YOU most gratefull
[10:19]<-- zjw xrs fuyv ("dg>*")
[11:49]<mzglrg>I have 2 isp links into a fw (iptables+iproute2), on the pri link packets through to server on land work fine, on sec they dont. On iptables the packets go through the -t mangle table and the -t nat but not the FORWARD rule. Any idea what I should look out for?
[11:54]<mzglrg>anyone here
[13:07]<vyac>Hello.
[13:07]<vyac>Can i use iptables to be a bridge on one ethernet ?
[13:08]<vyac>like block icmp redirect messages from myself to any machine, and for example i want to bridge between 10.0.0.10 and 10.0.0.20, any data (from 10.0.0.10 to 10.0.0.20 sent through me would be sent to 10.0.0.20
[13:08]<vyac>and vice versa
[13:09]<vyac>Hello?
[13:20]<vyac>Hello, i want to be bridge between 10.0.0.10 and 10.0.0.20 using one ethernet eth0, what's the easiest way to do so ?
[13:22]<zzzsx1d|wzc>how do your devices interconnect with only 1 IP?
[13:22]<vyac>crash3m|wrk: What ?
[13:23]<vyac>crash3m|wrk: heh
[13:23]<vyac>10.0.0.10 <> 10.0.0.5[me] <> 10.0.0.20
[13:27]<vyac>What about DNAT ?
[13:31]<zzzsx1d|wzc>how do they physically connect to each other?
[13:31]<vyac>crash3m|wrk: What ?
[13:33]<zzzsx1d|wzc>nevermind, I'm going home and to bed
[13:39]<vyac>when i try iptables -L PREROUTING, i get no chain/table by this name, why ?
[13:49]<vyac>Anybody up ?
[15:01]<frgrgfrg>anyone know where I can find (or create) libipt_ROUTE on an rhel system ??
[16:02]<prwdrrd>hi
[16:07]<prwdrrd>i have mailrelay under Debian with a public adress , how can i set up an ip rule to redirect pop requests comming to this mailrelay to another pop server in my LAN ?
[17:04]<mjjflx>hello
[17:04]<mjjflx>anyone can help me
[17:17]<wg2_cgjws>sup o/
[17:21]<mjjflx>anyone can help me vpn
[17:22]<zzwffzdnz>n
[17:22]<zzwffzdnz>o
[17:50]<dndya>how to preroute if i have a dialup ip?
[17:50]<crfvrmjs>hello, how can I limit tx/rx bandwidths of a tcp service ?
[17:52]<dndya>tc
[17:53]<zj2wow0>memic: It works the same as with a static ip
[17:53]<dndya>iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp --dport 58243 -j DNAT --to 192.168.2.100:58243
[17:53]<zj2wow0>Don't specify a destination address
[17:55]<dndya>yes ok
[17:55]<dndya>but than
[17:55]<dndya>tcpdump shows me dslb-084-056-039-225.pools.arcor-ip.net.62787 > localhost.58243
[17:55]<dndya>its forwarding to localhost
[17:55]<dndya>and the port is filtered in nmap
[17:56]<dndya>58243/tcp filtered unknown
[17:56]<dndya>when i dont specify the prerouting rule the port is open
[17:57]<dndya>do u get this?
[17:57]<zj2wow0>If you do this: iptables -t nat -A PREROUTING -p tcp --dport 58243 -j DNAT --to-destination 192.168.2.100:58243 and iptables -A FORWARD -d 192.168.2.100 --dport 58243 -j ACCEPT
[17:57]<zj2wow0>It should work fine
[17:57]<zj2wow0>You have to allow the prerouted traffic through the FORWARD chain since it's not destined for localhost any more
[17:58]<aa>maxine: ping?
[17:59]<aa>maxine: ping?
[17:59]<drwygn>ping is pong
[17:59]<aa>maxine: no, ping is <reply>pong
[17:59]<drwygn>...but ping is pong...
[17:59]<aa>maxine: no, ping is <reply>pong
[17:59]<drwygn>...but ping is pong...
[17:59]<aa>maxine: forget ping
[17:59]<drwygn>cj: I forgot ping
[17:59]<aa>maxine: ping is <reply>pong
[17:59]<drwygn>I can't find is in the DNS.
[17:59]<aa>*sigh*
[18:00]<zj2wow0>hehe
[18:00]<dndya>something is missing iptables -A FORWARD -d 192.168.2.100 --dport 58243 -j ACCEPT -> Unknown arg `--dport'
[18:00]<vzrllysv><3 maxine
[18:01]<vzrllysv>memic: you need to specify a protocol with -p to use --dport
[18:01]<zj2wow0>memic: sorry -p tcp needs to be there
[18:02]<dndya>yes thx
[18:02]<dndya>hm the pakets are still forwarded to localhost
[18:02]<dndya>but the port is right :D
[18:02]<dndya>..
[18:02]<dndya>crap whats that
[18:03]<zj2wow0>memic: pastebin.ca the output of iptables-save
[18:03]<vzrllysv>memic: do you have a REDIRECT rule hanging around?
[18:03]<dndya>trappist no
[18:04]<mzglrg>I have a multi isp fw, when I try and NAT a packet through the sec ISP I can see the packet in PREROUTING but not in FORWARD, any ideas
[18:04]<zj2wow0>memic: unless you've flushed your rules after experimenting with earlier PREROUTING rules, they may be hanging around
[18:04]<zj2wow0>(that and trappist's question is why I asked for pastebin)
[18:05]<zj2wow0>bbiab; breaktime
[18:05]<dndya>im flushing rules bevor i reload
[18:05]<dndya>with
[18:05]<dndya>ptables -t nat -F PREROUTING
[18:05]<dndya>iptables -t nat -F POSTROUTING
[18:06]<dndya>http://rafb.net/paste/results/S03n4X96.html
[18:06]<dndya>is iptables -t nat -F POSTROUTING && PREROUTING enought?
[18:08]<vzrllysv>memic: you're ACCEPTing 58243 in INPUT - which shouldn't ever happen if it's getting caught in PREROUTING, but it's superfluous. also, try omitting the -d option from your PREROUTING rule.
[18:09]<dndya>ok have -A PREROUTING -p tcp -m tcp --dport 58243 -j DNAT --to-destination 192.168.2.100:58243 now
[18:09]<vzrllysv>http://linuxkungfu.org/files/scripts/flush to kill your rules good and dead
[18:10]<vzrllysv>looks good. don't forget to ACCEPT that traffic in the FORWARD chain.
[18:11]<dndya>hm the paket is still filtered anf forwarded to localhost
[18:12]<dndya>g2g strange problem
[18:15]<mzglrg>anyone here have a multiple ISP FW?
[19:30]<igvzxzgvnz>Hello all. What's the best way to temporarily block traffic from a single IP with iptables?
[19:35]<igvzxzgvnz>Will '/sbin/iptables -A INPUT -s <address/mask> -j DROP' work?
[19:36]<vyrn-vnzsr>depends on the rules ahead of it
