IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.86 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-28
[00:00]<fyguw_drgau>tjb13: U mean ur behind a linux firewall and trying to connect to the VPN or the VPN server is hosted behind the firewall and u want to allow the connection
[00:00]<fyguw_drgau>sw__: No way
[00:00]<fyguw_drgau>But dont put ! for syn.. to coonfirm this is the right command
[00:00]<fyguw_drgau>iptables -t filter -A INPUT -i ppp0 -p tcp --syn -j DROP
[00:01]<va2w1>the first one
[00:01]<fyguw_drgau>if u have the default policy of ACCEPT
[00:01]<va2w1>i'm behind my linux firewall
[00:01]<va2w1>and i'm trying to connect to this vpn
[00:01]<va2w1>and it keeps dropping my connection
[00:01]<fyguw_drgau>Is it a NAT Box?..
[00:01]<va2w1>yeah
[00:02]<fyguw_drgau>Well.. Does the rules permisive to the internal LAN.. i.e ur end to the internet?
[00:03]<va2w1>um, i think so yes
[00:03]<va2w1>can i paste my rules
[00:03]<fyguw_drgau>bad idea
[00:04]<fyguw_drgau>never paste ur firewall rules in a public place
[00:04]<va2w1>right
[00:04]<fyguw_drgau>:)
[00:04]<va2w1>well #iptablesflood
[00:04]<va2w1>i mean you guys are trying to help
[00:05]<fyguw_drgau>ur wish.. If u need a shoulder to cry.. mail me
[00:05]<fyguw_drgau>:)
[00:05]<va2w1>yeah absolutely
[00:05]<va2w1>whats your e-mail
[00:05]<fyguw_drgau>linuxmanju@gmail.com
[00:08]<va2w1>ok
[00:09]<va2w1>you should have it
[00:10]<fyguw_drgau>yea
[00:10]<fyguw_drgau>But hey.. It is not a nat box..
[00:11]<fyguw_drgau>Its all INPUT chain.. That means its ur box..
[00:11]<fyguw_drgau>is it?
[00:12]<fyguw_drgau>The rules r running in the same box from which ur trying to connect .. right?
[00:13]<fyguw_drgau>tjb13: u there?
[00:14]<va2w1>yeah
[00:14]<va2w1>sorry
[00:14]<va2w1>well that box
[00:14]<va2w1>is the router
[00:14]<va2w1>i'm on a windows xp laptop
[00:14]<va2w1>that uses the box with those rules as the router
[00:14]<va2w1>i'm internal
[00:14]<va2w1>eth0 and eth1 is external
[00:15]<fyguw_drgau>can u try... this command and tell me the output
[00:15]<va2w1>eth0 on the box connects the the internal network
[00:15]<va2w1>sure
[00:15]<fyguw_drgau>iptables -t nat -L -nv
[00:15]<-- svgvsdyzgjvr_ xrs>/dev/null")
[00:15]<va2w1>you want the output here
[00:15]<va2w1>or e-mail
[00:15]<va2w1>its 3 lines
[00:15]<va2w1>:-)
[00:15]<fyguw_drgau>if u can.. But make sure u remove the ipaddresss
[00:16]<fyguw_drgau>if there r any.. change it to XX.XX.XX.XX
[00:16]<va2w1>doesn't matter they are all internal
[00:16]<va2w1>is that ok then
[00:16]<fyguw_drgau>great then
[00:16]<va2w1>Chain POSTROUTING (policy ACCEPT 159K packets, 9311K bytes)
[00:16]<va2w1> pkts bytes target prot opt in out source destination
[00:16]<va2w1> 385K 22M MASQUERADE all -- * eth1 10.0.0.0/24 0.0.0.0/0
[00:16]<va2w1>17131 1366K MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
[00:16]<va2w1> 0 0 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
[00:17]<fyguw_drgau>iptables -L FORWARD -nv
[00:17]<va2w1>Chain FORWARD (policy ACCEPT 78M packets, 43G bytes)
[00:17]<va2w1> pkts bytes target prot opt in out source destination
[00:17]<va2w1>nada
[00:17]<va2w1>default is accept
[00:18]<va2w1>this is working as a router, otherwise, completely great
[00:18]<va2w1>do these rules suck?
[00:18]<fyguw_drgau>Well nothing is wrong with ur iptable/firewall.. did u check the.. client setup
[00:18]<va2w1>yeah
[00:18]<va2w1>i mean they wanted me to use the ms client
[00:18]<va2w1>which sucks, but
[00:18]<fyguw_drgau>right.. But how do u connect..
[00:18]<va2w1>it doesn't work
[00:18]<va2w1>well
[00:19]<va2w1>i just made this new connection
[00:19]<va2w1>put in the host
[00:19]<va2w1>etc...
[00:19]<fyguw_drgau>L2TP?
[00:19]<va2w1>and then my user and pass
[00:19]<va2w1>no clue
[00:19]<va2w1>they don't have us set that up
[00:19]<fyguw_drgau>L2TP over ipsec?
[00:19]<va2w1>there are instructions
[00:19]<va2w1>lemme see
[00:19]<fyguw_drgau>what kindda connection is that
[00:19]<fyguw_drgau>have they given any software to connect ?
[00:19]<fyguw_drgau>or ur using windows XP network wizard?
[00:20]<va2w1>A) Establish a VPN Connection:
[00:20]<va2w1>1) Right-click on My Network Places and select Properties.
[00:20]<va2w1>2) Select create a new connection from the left
[00:20]<va2w1>3) In the Wizard pop-up box, select Next
[00:20]<va2w1>4) Select Connect to the network at my workplace and Next
[00:20]<va2w1>5) Select Virtual Private Network Connection and Next
[00:20]<va2w1>6) Enter Fuqua for the company name and Next
[00:20]<va2w1>7) If you are prompted to dial another connection first, select the radio button for "Do Not dial..."
[00:20]<va2w1>8) For the host name, enter: xxx.xxx.xxx and Next
[00:20]<va2w1>9) Select my use only and Next
[00:20]<va2w1>10) Check to add a shortcut to your desktop and Finish
[00:20]<va2w1>11) In the pop-up box, enter your Fuqua NetID and password
