IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.88 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-27
[00:16]<xrayd>i'm having a lovely time with an address in *.lsanca54.covad.net attacking my mail server, is there a way with iptables to track down the specific IPs making high number of connections to port 25 in that range?
[00:26]<rlraxne>you could use limit
[00:27]<rlraxne>but if you know the ip or range then why not just drop the traffic from that range ?
[00:27]<xrayd>it doesn't look like I have the range, looking at lsanca54.covad.net, theyv'e got a really wide range
[00:29]<rlraxne>sure but is it all sort of addresses from .lsanca54.covad.net ?
[00:29]<rlraxne>then block their whole range
[00:30]<rlraxne>and send abuseemail to their ripe contact
[00:30]<xrayd>Apachez: right, the problem is... i dont know what the range is
[00:30]<rlraxne>give me one of the ips
[00:30]<xrayd>they've got all kinds of things like 66.166.126.30, 74.0.89.82
[00:31]<rlraxne>NetRange: 74.0.0.0 - 74.1.255.255
[00:31]<rlraxne>NetName: NETBLK-COVAD-IP-6-NET
[00:31]<rlraxne>NetRange: 66.166.0.0 - 66.167.255.255
[00:31]<rlraxne>NetName: NETBLK-COVAD-IP-3-NET
[00:31]<rlraxne>RAbuseHandle: CART-ARIN
[00:31]<rlraxne>RAbuseName: Covad abuse reporting team
[00:31]<rlraxne>RAbusePhone: +1-703-376-2830
[00:31]<rlraxne>RAbuseEmail: abuse-isp@covad.com
[00:31]<xrayd>thats just two of them, there are several others
[00:32]<rlraxne>then block them all ?
[00:35]<rlraxne>AS 18566
[00:36]<xrayd>thanks
[00:36]<rlraxne>(64.105.0.0/16)
[00:36]<rlraxne>(66.134.0.0/16)
[00:36]<rlraxne>(66.166.0.0/15)
[00:36]<rlraxne>(67.100.0.0/14)
[00:37]<rlraxne>(68.164.0.0/14)
[00:37]<rlraxne>(69.3.0.0/16)
[00:37]<rlraxne>(72.244.0.0/15)
[00:37]<rlraxne>(74.0.0.0/15)
[00:37]<rlraxne>seems to be all their ranges
[00:37]<rlraxne>but best is if you email and/or phone their abuse
[00:41]<xrayd>Apachez: how did you get their entire range?
[00:44]<rlraxne>magic
[00:44]<xrayd>heh, you just looked up their AS number?
[07:03]<mrgp_wn6n>Hi
[08:55]<ssvnvn>I see : being used in rulesets but cannot find their meaning anywhere - any tips?
[11:11]<-- dyrnnprd wrs puyv> i mean the other left <-")
[15:53]<_aufygg_>hi there
[15:56]<_aufygg_>at home i have a zyxel router whereover i do a nat (zyxel calls this sua)... as i want to do the nat and fw rules all over my linux machine, that is directoly connected to the zyxel router on eth0, i'd like to ask if this is simply possible by turning off the nat functionality on my zyxel router...
[16:58]<afnxnztnah>hi everybody
[16:58]<afnxnztnah>im trying to redirect the web service of other machine to a port in my machine
[16:59]<afnxnztnah>i dont know why dont work ... i search in google, and it looks like it everything is ok
[16:59]<afnxnztnah>look http://pastebin.com/758140
[17:02]<svzdczz>anyone see anything wrong with this: iptables -I INPUT 1 -i eth0 -p tcp --dport ssh -m mac --mac-source ! 00-13-A4-4C-9R-FD -j DROP
[17:02]<svzdczz>im locking ssh down to enable access only from the specified MAC address
[17:05]<afnxnztnah>Strykar, could you helpme ?
[17:06]<svzdczz>AleXerTecH, im trying to open your link
[17:07]<afnxnztnah>Strykar, thanks! let me know when you seeit ;)
[17:07]<svzdczz>well it wont open, odd
[17:07]<afnxnztnah>there is other place where paste the script ?
[17:08]<svzdczz>pastebin.ca
[17:09]<afnxnztnah>Strykar, http://pastebin.ca/102289
[17:09]<svzdczz>nm, got it
[17:10]<svzdczz>whats the problem
[17:11]<afnxnztnah>im trying to redirect the web service of the machine 192.168.2.6 to the port 7880 of my machine
[17:12]<afnxnztnah>for when i go to the browser and put 192.168.2.10:7880 (my machine) this go to the webserver on 192.168.2.6:80
[17:14]<vyrn-vnzsr>Strykar: looks ok if you only want ssh accessible from your subnet
[17:14]<svzdczz>what interface is 2.10 (your machine one)
[17:14]<svzdczz>vice-versa, thanks, that was it
[17:15]<afnxnztnah>eth0
[17:15]<afnxnztnah>Strykar, eth0 = 192.168.2.10
[17:16]<svzdczz>AleXerTecH, minute
[17:18]<vyrn-vnzsr>AleXerTecH: is 192.168.2.10 static?
[17:19]<afnxnztnah>vice-versa, yes
[17:20]<vyrn-vnzsr>AleXerTecH: then using MASQUERADE target is unnecessary overhead
[17:20]<afnxnztnah>allright
[17:23]<vyrn-vnzsr>AleXerTecH: so all you want iptables for is the forwarding of this one rule on your LAN?
[17:24]<afnxnztnah>vice-versa, i want the service web service of the other machine comming out in my machine in the port 7880
[17:24]<afnxnztnah>the if i get this working, im going to make the firewall
[17:26]<vyrn-vnzsr>AleXerTecH: oh ok, I was gonna say this seems like overkill to me to use iptables for just this
[17:27]<afnxnztnah>vice-versa, like i toldyou, if this works im going to write the rules for the firewall, and also for the local vpn
[17:27]<afnxnztnah>vice-versa, but first i need this working
[17:27]<vyrn-vnzsr>yes yes, I understood it the first time :)
[17:28]<afnxnztnah>;)
[17:28]<afnxnztnah>so, why this doesnt work :( ?
[17:32]<vyrn-vnzsr>AleXerTecH: pastebin the output of iptables-save -c
[17:34]<afnxnztnah>vice-versa, http://pastebin.ca/102303
[17:36]<vyrn-vnzsr>AleXerTecH: where are you testing connections to 192.168.2.10:7800 from?
[17:37]<afnxnztnah>ehhh, from my web browser, local :S
[17:37]<afnxnztnah>vice-versa, with firefox
[17:37]<afnxnztnah>and with nmap 192.168.2.10 -p 7880
[17:38]<vyrn-vnzsr>do you have another machine beside the two mentioned to test from?
[17:38]<afnxnztnah>well yes
[17:39]<vyrn-vnzsr>try it
