IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.79 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-07-31
[07:27]<mrrynfmr>do you have an ip_conntrack.ko? it'd be in /lib/modules
[07:28]<mzsrcj>i have a /lib/modules but its empty
[07:28]<mzsrcj>i installed iptables using yum btw
[07:28]<mzsrcj>if that means anything
[07:28]<mrrynfmr>looks like you have a problem with your kernel
[07:29]<mrrynfmr>unless centos hides its modules somewhere else...
[07:29]<mzsrcj>hmm i dont even seme to have any .ko files anwyehre
[07:29]<mzsrcj>or a file named conntrack
[07:29]<mrrynfmr>did you compile your kernel, or use a package?
[07:44]<mzsrcj>used a package
[07:44]<mzsrcj>actualy i didnt even do that
[07:44]<mzsrcj>this is a VPS im renting
[07:45]<mrrynfmr>can you convince the owner to put conntrack into the kernel? That'd be the best solution
[07:45]<mrrynfmr>otherwise, you'll have to outgoing connections back in manually
[07:46]<mzsrcj>what are you expecting ot be in /proc/net/ip_conntrack and /lib/modules?
[07:46]<mrrynfmr>/proc/net/ip_conntrack is a file created by the kernel, keeping a table of connections
[07:47]<mrrynfmr>I wasn't interested in the contents, only the existance
[07:47]<mrrynfmr>if it exists, ip_conntrack is in the kernel
[07:47]<mrrynfmr>/lib/modules has the kernel modules for the running kernel
[07:48]<mrrynfmr>for example, here, I have /lib/modules/2.6.17+g/kernel/net/netfilter/nf_conntrack.ko
[09:45]<mzsrcj>i have a question, how is venet0 in relation to venet0:0 and venet0:1 (my VPS has 2 ips so i think its something like 0:0 is my first ip and 0:1 is my second IP and just venet0 represents both of them?) is this true?
[10:19]<mzsrcj>danieldg: are you still awake?
[13:20]<rlraxne>Mr_Sako: sounds like an alias to me
[13:41]<brdd9g>hello
[13:41]<drwygn>salut, Badm4n.
[13:44]<brdd9g>any one here ?
[13:44]<brdd9g>iptables -t nat -A PREROUTING -d 61.247.61.131 -p tcp -m tcp --dport 6112:6200 -j DNAT --to-destination 10.10.10.0/24
[13:44]<brdd9g>iptables -t nat -A PREROUTING -s ! 10.10.10.0/24 -d 61.247.61.131 -p tcp -m tcp --dport 6112:6200 -j DNAT --to-destination 10.10.10.0/24
[13:44]<brdd9g>iptables -t nat -A POSTROUTING -s 10.10.10.0/255.255.255.0 -d 10.10.10.0/24 -p tcp -m tcp --dport 6112:6200 -j SNAT --to-source 61.247.61.131
[13:44]<brdd9g>failed
[13:44]<brdd9g>can some one fix it ? :( pls
[13:51]<brdd9g>http://cpp.enisoc.com/pastebin/7447 <---- help plsss
[14:07]<rlraxne>you dont need the -m tcp
[14:07]<rlraxne>and your dnat looks funny
[14:07]<rlraxne>what is it you are trying to do ?
[14:07]<rlraxne>just allow 6112->6200 through your nating ?
[14:23]<brdd9g>the complicated is http://cpp.enisoc.com/pastebin/7450
[14:23]<brdd9g>i need more simple one
[14:23]<brdd9g>this is cause DOTA games
[14:24]<brdd9g>Apachez : can you help me ?
[14:28]<rlraxne>http://cpp.enisoc.com/pastebin/7450 looks ok to me
[14:28]<rlraxne>you also need an accept in your forward chain
[14:30]<rlraxne>-A FORWARD -p tcp -d 192.168.1.100/27 --dport 6101:6130 -j ACCEPT
[14:30]<rlraxne>im not sure of that iprange but you can dig on that on a subnetmask site
[14:42]<brdd9g>ooppsss
[14:42]<brdd9g>i type iptables -A FORWARD -p tcp -d 192.168.1.100/27 --dport 6101:6130 -j ACCEPT
[14:42]<brdd9g>how to clean it ?
[14:42]<brdd9g>only that line
[14:44]<brdd9g>Apachez : i use http://cpp.enisoc.com/pastebin/7450 then it's ok and it's work but when PC A use ip 101 and port 6101 then pc B with ip 192.168.1.102 cant join to the game... why is that ? is there is any rule that i should put it on ?
[14:56]<zj2nzvowrw>Hi, I would like to combine the available bandwidth of two wireless connection (both have 400kbyte/s , would like to get 800kbyte/s combined) , see http://pastebin.ca/108268 , I know both pc's need to have 3 ethernet cards 1 to lan 2 to wireless, but those two interfaces connected to the wireless links, how do I configure them ? (bridge? or something else ? )
[14:57]<zj2nzvowrw>(also forgive me if the question does not fall into this chat room, and would like to ask for advice as to where to ask)
[15:12]<jjxggdq1|wjzc>can anyone tell me all the ports that need to be open in order to use samba?? I'm getting: Unknown parameter encountered: "smb password file": Ignoring unknown parameter "smb password file": Connection to LYNNIE failed: returned 1] when using amanda
[15:13]<rlraxne>robert83a1: in short, you wont get 800kbyte, you will get 2x400kbyte
[16:26]<fggyw|wjzc>Good morning.
[16:27]<fggyw|wjzc>how would I write the rule to forward pop3 and smtp requests to another host?
[16:37]<vyrn-vnzsr>iptables -t nat -A PREROUTING -p tcp -i eth0 --destination-port 25 -j DNAT --to-destination xxx.xxx.xxx.xxx:25
[16:37]<vyrn-vnzsr>iptables -t nat -A PREROUTING -p tcp -i eth0 --destination-port 110 -j DNAT --to-destination xxx.xxx.xxx.xxx:110
[16:38]<vyrn-vnzsr>replace eth0 and xxx.xxx.xxx.xxx accordingly
[16:38]<vyrn-vnzsr>Johnny23|work: hey, how's it going?
[16:41]<fggyw|wjzc>vice-versa, thanks... that's exactly what I have... I must have a kernel config problem
[16:42]<vyrn-vnzsr>Fenix|work: do you have other ports forwarded and working?
[16:42]<fggyw|wjzc>vice-versa, I don't have any that use the nat table...
[16:43]<vyrn-vnzsr>Fenix|work: cat /proc/sys/net/ipv4/ip_forward is it 1 or 0?
[16:45]<fggyw|wjzc>0
[16:47]<vyrn-vnzsr>Fenix|work: echo 1 > /proc/sys/net/ipv4/ip_forward
[16:47]<fggyw|wjzc>did it already, still dies... iptables-restore complains that there's an error in the line with the option -t nat
[16:48]<fggyw|wjzc>that line reads -A PREROUTING -t nat -p tcp -i eth0 --dport 110 -j DNAT --to 172.16.0.78:110
[16:49]<jjxggdq1|wjzc>vice, hey, what's up??
[16:49]<vyrn-vnzsr>Fenix|work: well it's a valid rule, so you most be missing a kernel module perhaps
[16:50]<vyrn-vnzsr>Johnny23|work: same `ol same `ol just seen you on
[16:50]<vyrn-vnzsr>Johnny23|work: get you're smb ports working?
[16:51]<vyrn-vnzsr>Fenix|work: lsmod | grep ip
[16:51]<jjxggdq1|wjzc>vice, I've got 137-139 and 445 tcp and udp open and I'm still getting that error
[16:53]<vyrn-vnzsr>Johnny23|work: 137 138 UDP, 139 445 TCP
[16:55]<fggyw|wjzc>ipt_LOG, ipt_state, ip_conntrack, iptables_filter, ip_tables
[16:56]<vyrn-vnzsr>Fenix|work: you're missing the obvious one, ip_nat ;)
[16:56]<fggyw|wjzc>yep
[16:56]<fggyw|wjzc>lemme fix that :)
[16:58]<fggyw|wjzc>vice-versa, which modules need to be loaded... I have a tonne of ip_nat modules :)
[17:02]<rlraxne>vice-versa: i have updated http://www.tbg.nu/iptables.txt basically speed optimizations (normalized stuff from custom chains out to the main chains, like the preroute_tcp and forward_tcp stuff (the rule which looks for a jump into custom chain is more specific now))
[17:03]<rlraxne>netbios is using tcp 135, 139, 445 udp 135, 137, 138, 445
[17:03]<rlraxne>the easy way is to block tcp/udp 135->139 + 445
[17:06]<vyrn-vnzsr>Apachez: looks good
[17:06]<rlraxne>any suggestions ? :P
[17:08]<jjxggdq1|wjzc>vice-versa: I'm still getting that same error, here's the output of iptables-save: http://www.rafb.net/paste/results/ol51En34.nln.html
[17:10]<rlraxne>byt the way, why do some people use -m tcp ?
[17:10]<rlraxne>like iptables -A FORWARD -p tcp -m tcp --dport 123 -j ACCEPT ?
[17:11]<vyrn-vnzsr>I don't
[17:11]<rlraxne>yeah me neither
[17:11]<rlraxne>but I saw that in Johnny23|work's pastebin
[17:11]<rlraxne>aswell as others who use it that way
[17:12]<jjxggdq1|wjzc><< followed a guide
[17:12]<vyrn-vnzsr>It'sadded to rules from iptables-save output
[17:14]<vyrn-vnzsr>Johnny23|work: use iptables-save -c
[17:16]<vyrn-vnzsr>Johnny23|work: so we can see packet and byte counters
[17:19]<jjxggdq1|wjzc>vice-versa:
