IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.83 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-20
[01:55]<vrgfuysx>hey all. If i want to limit, say, all icmp traffic to 1 packet/sec, which tartget do i use?
[01:55]<vrgfuysx>is --limit only for -j LOG ?
[02:14]<vrgfuysx>hello?
[02:14]<drwygn>moin moin, vanquish
[02:14]<vrgfuysx>?
[02:24]<vrgfuysx>:(
[02:24]<vrgfuysx>erh, actually nm i answered my own question
[02:24]<vrgfuysx>thanks anyway :-\
[06:26]<zjgvzzvggvjz>hi
[06:26]<drwygn>hello, contraventor.
[08:05]<zvzzzyzzzz>guys, I am getting this error when trying to append
[08:05]<zvzzzyzzzz>iptables: No chain/target/match by that name
[08:06]<zvzzzyzzzz>here is example of what I am tryng to do
[08:06]<zvzzzyzzzz>iptables -I input -p tcp -s 0.0.0.0/0 --dport 3128 -j ACCEPT
[08:08]<zvzzzyzzzz>Regit
[08:08]<zvzzzyzzzz>I mean: iptables -A input -p tcp -s 0.0.0.0/0 --dport 3128 -j ACCEPT
[08:10]<zj2wow0>s/input/INPUT
[08:11]<zj2wow0>-s 0.0.0.0/0 is unnecessary too; if -s is not specified, then it defaults to "any"
[08:27]<zvzzzyzzzz>ok
[08:27]<zvzzzyzzzz>got it
[08:27]<zvzzzyzzzz>after I append
[08:28]<zvzzzyzzzz>do I have to reload or anything
[08:28]<zvzzzyzzzz>or is it auto added and executed?
[08:28]<zvzzzyzzzz>I just appended this: iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
[08:29]<zvzzzyzzzz>and I just did nmap -sS -v 127.0.0.1 -p 3128
[08:29]<zvzzzyzzzz>and it showing state: closed
[08:29]<zvzzzyzzzz>any reason?
[08:32]<zj2wow0>Some rule before that one must be rejecting the packets
[08:33]<zvzzzyzzzz>but other rule that is in a different group doesnt affect it, does it?
[08:33]<zvzzzyzzzz>this is the one before it: ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
[10:48]<mzglrg> I have a problem on a multi link fw that packets reach -t nat PREROUTING but not FORWARD table, any suggestions?
[12:59]<dndya>reee
[13:26]<-- svgvsdyzgjvr_ xrs>/dev/null")
[13:38]<-- dyrnnprd wrs puyv> i mean the other left <-")
[16:10]<-- 2yd2nzy xrs fuyv>http://iownmymusic.org/ http://iownmydvds.org/ .")
[16:58]<-- szzvvgzbzzyg xzs>COLO")
[17:26]<afnxnztnah>hi everybody
[17:26]<afnxnztnah>im getting troubles in my network between windows an linux
[17:26]<afnxnztnah>if the host is running windows he doesnt accept any ping but he can make pings to the other nodes
[17:27]<afnxnztnah>if the host is linux all work perfect
[17:31]<afnxnztnah>this is the output of iptables -L http://pastebin.com/753123
[17:35]<afnxnztnah>somebody could helpme ?
[21:59]<lucn-jz>Is there a simple way to prioritize UDP packets?
[22:05]<rlraxne>only internally
[22:13]<lucn-jz>Apachez: ?
[22:15]<rlraxne>you can prioritize any packet in your box
[22:15]<rlraxne>which will bypass the FIFO
[22:15]<rlraxne>however you have no control of that packet once it have left your box
[22:18]<rrffnn>i have a question regarding the helper modules for irc ftp h323 tftp etc
[22:18]<rrffnn>how do i use them?
[22:18]<rrffnn>is modprobing them enough?
[22:27]<lucn-jz>Apachez: that's fine...
[22:28]<lucn-jz>Apachez: I just want to get UDP stuff out immediately, and TCP can wait
[22:31]<zvzzzyzzzz>hey guys, I just tried -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT to have state to OPEN... but no luck
[22:31]<zvzzzyzzzz>any reason why
[22:31]<rlraxne>ntengineer: you need something that will reply aswell to have it "open"
[22:32]<rlraxne>just allowing the port through the wall wont help :P
[22:32]<zvzzzyzzzz>yeah I do have squid running.. and it works internally
[22:32]<zvzzzyzzzz>but externally.. it doesnt
[22:32]<rlraxne>Luke-Jr: use tc http://www.zelow.no/floppyfw/download/HOWTOS/tc-readme.txt
[22:33]<zvzzzyzzzz>Apachez: good point there, it was off.. let me dbl check now
[22:34]<zvzzzyzzzz>Apachez: now we are back to square one.. it is on filtered.. How ccan I have it on "OPEN"
[22:44]<lucn-jz>Apachez: all the docs using tc seem to have intricate complex commands :(
[22:44]<rlraxne>Luke-Jr: then read my howto ?
[22:44]<rlraxne>and you will get a grip of what each part does
[22:45]<rlraxne>maybe you can use -t mangle and tag the pakcets
[22:45]<rlraxne>but i think that only works for udp not sure
[22:45]<lucn-jz>but that's not *simple* :/
[22:45]<rlraxne>its very simple
[22:46]<rlraxne>iptables -A PREROUTING -t mangle -p tcp --sport ssh -j TOS --set-tos Minimize-Delay
[22:46]<rlraxne>dunno if it would work with
[22:46]<rlraxne>iptables -A PREROUTING -t mangle -p udp --dport WHATEVER -j TOS --set-tos Minimize-Delay
[22:47]<rlraxne>http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TOSMATCH
[22:49]<dnzjzdsvnz>ntengineer: still closed?
[22:51]<rlraxne>iptables -t mangle -A $CHAIN -p udp --dport $UDP_GAMES \
[22:51]<rlraxne> -j TOS --set-tos Minimize-Delay
[22:51]<rlraxne>seems like TOS will work with udp
[22:55]<lucn-jz>Apachez: so I just need that one iptables line?
[22:58]<lucn-jz>crap, my server doesn't support -j TOS
[23:11]<-- svgvsdyzgjvr xrs>/dev/null")
[23:13]<rlraxne>did you load the tos module ?
[23:17]<rrevr|>folks, I want to forward all traffic from 10000 to 1000. can you please help? thanks!
[23:22]<rrevr|>folks?
[23:28]<rlraxne>better to do 1000:10000
[23:28]<rlraxne>-A FORWARD -p tcp --dport 1000:10000 -j ACCEPT
[23:33]<dnzjzdsvnz>Razva|: redirect the port or forward the range?
[23:35]<-- mnz02 xrs fuyv (">Kids")
[23:35]<rrevr|>weeeeeeeeee
[23:35]<rrevr|>I've just flushed all the iptables rules
[23:36]<rrevr|>but forgot that doing that will lock me out
