IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.86 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-23
[05:16]<zvzzzyzzzzqq>guys, when I do nmap on port 3128...internally... it shows its open
[05:17]<zvzzzyzzzzqq>but when I do from outside of the networked... it shows filtered
[05:17]<zvzzzyzzzzqq>why will that be
[05:17]<mrrynfmr>possibly you have a firewall?
[05:17]<zvzzzyzzzzqq>what will it be?
[05:17]<zvzzzyzzzzqq>i thought iptables does it
[05:17]<mrrynfmr>no, at the border of your network
[05:18]<mrrynfmr>that'd be my first guess
[05:18]<zvzzzyzzzzqq>no, I have total control of the server
[05:18]<zvzzzyzzzzqq>it is host server
[05:18]<zvzzzyzzzzqq>other reason why?
[05:18]<mrrynfmr>what is internally? localhost?
[05:18]<zvzzzyzzzzqq>localhost
[05:18]<zvzzzyzzzzqq>yeah
[05:18]<mrrynfmr>ok, then a firewall would probably block it
[05:19]<zvzzzyzzzzqq>ABR router.. doubt it... because I even tried on port 8080
[05:20]<mrrynfmr>pastebin the output of 'iptables-save -c' if you wanted me to look at the firewall
[05:20]<zvzzzyzzzzqq>sure
[05:22]<zvzzzyzzzzqq>pastebin is having db connection problem... give it a min
[05:22]<mrrynfmr>use another side if you want
[05:22]<mrrynfmr>s/side/site/
[05:25]<zvzzzyzzzzqq>http://authors.aspalliance.com/aylar/ViewPasteCode.aspx?PasteCodeID=5812
[05:25]<mrrynfmr>ok, it's not the firewall
[05:26]<zvzzzyzzzzqq>ok
[05:26]<mrrynfmr>is the IP of the server a public IP?
[05:26]<zvzzzyzzzzqq>yes
[05:26]<zvzzzyzzzzqq>I have 3 ips of that server
[05:26]<zvzzzyzzzzqq>and they all are public
[05:26]<mrrynfmr>hmm
[05:27]<mrrynfmr>just checking - does netstat -tl list the port as listening?
[05:27]<zvzzzyzzzzqq>by the way, it is squid that i am trying
[05:27]<zvzzzyzzzzqq>yep
[05:27]<zvzzzyzzzzqq>it does
[05:27]<zvzzzyzzzzqq>it shows *:squid
[05:28]<zvzzzyzzzzqq>which is 3128
[05:28]<mrrynfmr>ok... I'd next try using a packet sniffer to see if you can use see the connection coming in
[05:28]<mrrynfmr>if not, talk to the people running the upstream router to see if they filter connections
[05:28]<zvzzzyzzzzqq>yeah
[05:28]<zvzzzyzzzzqq>will do then
[05:28]<zvzzzyzzzzqq>but the iptables is fine, right?
[05:28]<mrrynfmr>yes
[05:29]<mrrynfmr>it's actually completely open
[05:29]<zvzzzyzzzzqq>yeah
[05:29]<mrrynfmr>so really depends on what you mean by 'fine' ;)
[05:29]<zvzzzyzzzzqq>let me try openning another port and see if I get it filtered or not
[05:29]<zvzzzyzzzzqq>well here is the thing, I am able to run other services... and never had this problem
[05:29]<zvzzzyzzzzqq>except squid
[05:30]<mrrynfmr>hmm
[05:30]<zvzzzyzzzzqq>netstat shows this: cp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
[05:30]<zvzzzyzzzzqq>let me dbl check
[05:30]<mrrynfmr>try having another process list on the squid port
[05:30]<zvzzzyzzzzqq>ok
[05:38]<zvzzzyzzzzqq>hmm
[05:38]<zvzzzyzzzzqq>port 8881 just worked fine for squid
[05:38]<zvzzzyzzzzqq>so I guess it is ABR router blocking 3128
[05:38]<zvzzzyzzzzqq>weird
[09:28]<crusxrf>Hi
[09:29]<crusxrf>can i test IPTABLES in a Testing (Linux) Environment and if its there how do i test it
[09:32]<svzdczz_>kaushal: implement iptable rules and policies according to your environments, and then use nmap to test it from another pc
[09:33]<crusxrf>ok
[09:33]<crusxrf>can i use nmap on the same Linux box where I implement iptables rules
[09:40]<crusxrf>anybody awake here
[09:42]<vyrn-vnzsr>yup
[09:42]<crusxrf>any clue on my queries
[09:46]<vyrn-vnzsr>kaushal: well the simple answer is yes you can, but you would most likely want to test from another box
[15:26]<-- _2yd2nzy xrs fuyv>http://iownmymusic.org/ http://iownmydvds.org/ .")
[17:04]<zjgvzzvggvjz>how block orkut on iptables ?
[17:04]<raympu>what is orkut
[17:05]<zjgvzzvggvjz>acidfu www.orkut.com
[17:05]<zjgvzzvggvjz>how block ?
[17:06]<raympu>block 216.239.51.85 and 16.239.51.86 it could help
[17:07]<raympu>but for web filtering, there is also the tool 'squid'
[17:07]<zjgvzzvggvjz>acidfu hmm
[17:07]<zjgvzzvggvjz>ok
[17:08]<zjgvzzvggvjz>squid generate log from acess ?
[17:08]<raympu>I cant tell
[17:08]<raympu>I never used squid
[17:10]<raympu>your welcome..
[17:55]<crusxrf>Hi
[17:55]<crusxrf>can i use nmap on the linux box when i implement iptables on the same linux box
[17:56]<crusxrf>or is there any other tool to test my iptables testing
[17:56]<crusxrf>in the Testing Environment
[17:56]<rlraxne>why wouldnt you be able to do that you mean ?
[17:57]<crusxrf>I am a newbie to iptables
[17:57]<crusxrf>just wanted a experts view
[17:58]<crusxrf>Apachez : you there
[18:37]<csxzddrg>Hi
[18:37]<csxzddrg>I went through iptables web site
[18:37]<csxzddrg>Now i have two questions
[18:38]<csxzddrg>does iptables means Internet protocol tables
[18:38]<csxzddrg>and what does userspace command line program means
[18:39]<csxzddrg>as mentioned in http://www.netfilter.org/projects/iptables/index.html
[18:48]<csxzddrg>any body awake here
