IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.87 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-22
Pages: 1
[00:39]<-- svgvsdyzgjvr__ xr>/dev/null")
[02:27]<-- 2yd2nzy xrs fuyv>http://iownmymusic.org/ http://iownmydvds.org/ .")
[06:10]<nnzjvx909>would anyone care to review my iptables rules? I'd like to know if I did this right :-) -- http://pastebin.ca/95536
[09:20]<zvzzzyzzzzqq>guys, when I nmap locally.. I get port 3128 open
[09:20]<zvzzzyzzzzqq>but when I scan externally.. I get filtered
[09:20]<zvzzzyzzzzqq>any reason why?
[09:21]<zvzzzyzzzzqq>another example.. I can telnet server 3128 locally... but not externaly
[09:21]<zvzzzyzzzzqq>what will that be
[10:00]<jdddd_>goodmorning
[10:00]<jdddd_>(at least here it's morning)
[10:01]<jdddd_>I'm new to iptables, and I'm having a little issue
[10:01]<jdddd_>I can't seem to resolve anything
[10:02]<jdddd_>my policy in my inputchain is drop, but I added a rule that allows connections over udp, sourceport 53 and destinationport between 1024 and 65535
[10:04]<zj2wow0>What's OUTPUT policy?
[10:04]<jdddd_>accept
[10:04]<jdddd_>at this time, no rules are added
[10:04]<jdddd_>would you like me to put my chains on pastebin?
[10:04]<zj2wow0>You have an ACCEPT rule for ESTABLISHED?
[10:04]<jdddd_>yes I do
[10:04]<jdddd_>related and established is allowed
[10:05]<zj2wow0>should work then
[10:05]<jdddd_>wait a tick
[10:08]<jdddd_>Chain INPUT (policy ACCEPT)
[10:08]<jdddd_>num target prot opt source destination
[10:08]<jdddd_>1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[10:08]<jdddd_>2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpt:53
[10:08]<jdddd_>that's what set atm
[10:08]<jdddd_>policy = drop actually, put I changed it just now to get on google ;p
[10:12]<_erl_>hi. does anyone know how an incoming ipsec packet (esp) destined to local host traverses the iptables chains? clearly, it is seen twice at INPUT. the first time as ESP packet, the second time as protocol 4 (IPIP tunnel) packet. i am using linux 2.6.16. isn't this strange
[10:13]<zj2wow0>Jimmy_: if you want to pastebin your rules, I'll have a look, but I may be slow; I've got a few other things going
[10:13]<jdddd_>robw810: hey, that's no problem, it's weekend :)
[10:14]<jdddd_>thanks in advance, let me just put them online
[10:17]<jdddd_>robw810: http://pastebin.ca/95703
[10:25]<jdddd_>robw810: that DNS-rule is UDP, not TCP (it's wrong in the pastebin)
[10:26]<zj2wow0>Jimmy_: you don't need that rule anyway for a dns *client* - the EST rule will catch responses
[10:26]<zj2wow0>Are you sure the proper DNS server(s) is/are in /etc/resolv.conf.external
[10:26]<zj2wow0>er, /etc/resolv.conf
[10:26]<jdddd_>no, it's pointed to my gateway
[10:27]<jdddd_>btw, I just added this rule (in compliance with what I saw in dmesg), and it works now:
[10:27]<jdddd_>5 ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain
[10:27]<jdddd_>but I don't get it, I thought it was the other way around ...
[10:28]<-- dyrnnprd wrs puyv> i mean the other left <-")
[10:29]<zj2wow0>*I* don't get it - for a DNS *client* no special INPUT rule should be needed; you just need to ACCEPT ESTABLISHED packets and have a working DNS server in /etc/resolv.conf
[10:30]<jdddd_>let me just test that
[10:30]<jdddd_>I'll put in another dns-server on the wan
[10:30]<jdddd_>and drop the rule
[10:30]<jdddd_>drop as in delete I mean ;p
[10:31]<zj2wow0>http://slackwiki.org/Simplefirewall might be helpful
[10:32]<zj2wow0>For a desktop/workstation running no services (or only sshd), that should be all you need
[10:45]<zj2wow0>Jimmy_: I must sleep now; good luck with it
[10:48]<jdddd_>robw810: thanks for the help, byebye :)
[14:01]<crusxrf>Hi
[14:01]<crusxrf>I am a novice in iptables
[14:01]<crusxrf>can i test iptables in Testing Environment
[14:01]<crusxrf>so that i can understand better
[14:51]<bummxddr>I have ext ip addr 213.76.135.242/29 and int ip addr 192.168.X.X/16. I see my services on external ip: https, smtps, http from internet, but....
[14:51]<bummxddr>213.76.135.242 is connect to router 213.76.135.241. The router connect another subnet (10.X.X.X) to internet too. The subnet don't see 213.76.135.242. Where is mistake, in my firewall or firewall on the router?
[14:53]<svzdczz>Buddhiya: your router
[14:54]<bummxddr>Strykar: Thanks but could you explain up a bit
[14:55]<bummxddr>since they are two different subnet
[14:55]<bummxddr>and the router needs to be configured to the 213.76 network
[14:56]<svzdczz>what do you mean by this: The router connect another subnet (10.X.X.X) to internet too.
[14:58]<bummxddr>Strykar: My understanding is one of the network which is 10.x.x.x is also connected to the router and gets internet access through it , This is one of my friends mail who needs help thats what he has mentioned
[15:03]<bummxddr>Strykar: correct me if i am wrong
[15:04]<svzdczz>Buddhiya: after re-reading, i'm still not clear about your setup
[15:07]<bummxddr>Strykar: I got this mail from a friend of mine who is new to Linux and his mails mentions what he has said , I am equally confused
[15:36]<nnvpnnm>can someone suggest a frontend to iptables to make it simpler to config?
[15:55]<rlraxne>use a ready script ?
[15:55]<rlraxne>you can pick ideas from http://www.tbg.nu/iptables.txt
[16:00]<nnvpnnm>hmm, ok
[18:12]<fvj2fnz>hallo
[20:35]<frmrsl>aa
[20:36]<frmrsl>sparta
[21:03]<zzwffzdnz>k
[21:03]<zzwffzdnz>:p
[23:51]<-- 2yd2nzy xrs fuyv>http://iownmymusic.org/ http://iownmydvds.org/ .")
Pages: 1
