IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.84 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-08-01
[01:05]<-- 2yd2nzy xrs fuyv>http://iownmymusic.org/ http://iownmydvds.org/ .")
[01:23]<mrgp_wn6n>Hi, any good iptables wrapper? I found APF, but it does not work on debian. I also installed Firehole, but I didn't like it. Any favorites in here? It must be console based, more less newbie friendly. This is for an automated server setup script...
[01:25]<rlraxne>wrapper ?
[01:25]<rlraxne>why not write your own code, place it in /etc/init.d and symlink to it from the init your run
[01:27]<rlraxne>for example http://www.tbg.nu/iptables.txt for ideas :)
[02:39]<-- sgvgzs xzs fuyv (>/dev/brain")
[03:33]<mrgp_wn6n>Ok Apachez, I'll take a look, thanks
[03:48]<zggg_>hi
[03:48]<drwygn>hi, rene_.
[03:48]<zggg_>i have a box on a routers mirror port
[03:48]<zggg_>and netfilter appears to be dropping all packets on this port
[03:49]<zggg_>is there a kernel tunable or a way to tell iptables to process this mirror'd traffic?
[03:49]<mrrynfmr>how do you know it's netfilter?
[03:49]<mrrynfmr>you should be able to grab it with libpcap - that comes before any netfilter hooks
[03:49]<zggg_>at the very most, all i need is a packet/byte count with iptables -L -n -v
[03:50]<zggg_>danieldg: ok, ill take a look
[03:50]<mrrynfmr>well - what are you trying to do?
[03:50]<zggg_>use ipac-ng which counts traffic via iptables
[03:51]<mrrynfmr>try counting in PREROUTING or FORWARD instead of INPUT
[03:51]<zggg_>and since traffic coming from the mirror port is being dropped by netfilter/kernel i cant do it
[03:51]<zggg_>the prerouting chain shows no packets
[03:52]<mrrynfmr>right... becuause they're not to your MAC
[03:52]<zggg_>yes
[03:52]<mrrynfmr>the drop of to-other-MAC comes right before PREROUTING
[03:53]<zggg_>iptraf(8) catches them
[03:53]<mrrynfmr>you could make a bridge and use ebtables; ebtables PREROUTING comes before the drop
[03:54]<zggg_>yes i was thinking about using a bridge
[03:54]<zggg_>but id rather not put the linux box in between packets
[03:54]<mrrynfmr>no
[03:54]<mrrynfmr>just a one-interface bridge
[03:54]<mrrynfmr>so that you can use ebtables to get the packets
[03:54]<zggg_>hrrm.. ok
[03:55]<mrrynfmr>kind of a hack, tbh
[03:55]<-- sxyvn-j xrs fuyv>you")
[03:58]<zggg_>ok thanks for the help danieldg
[03:59]<zggg_>the box im working runs 2.4 and will need a kernel rebuild if i were to get ebtables going
[03:59]<mrrynfmr>oh
[03:59]<zggg_>ill have to put this project on the back burner
[03:59]<mrrynfmr>you could use another method of counting then
[03:59]<zggg_>cheers mate!
[03:59]<zggg_>ipac-ng uses iptables
[04:00]<zggg_>i would have to hack ipac-ng, which would probably be a bit of a learning curve for me
[04:00]<zggg_>thanks danieldg
[04:19]<drvus>Ah, much thanks to the "simonraven" link in topic. Solved just my problem.
[04:20]<drvus>Erm, maybe.
[06:45]<svnrfvx>Im trying to forward 80 to my webserver on 192.168.0.3.. this is my script but still no go .. http://rafb.net/paste/results/HnO1FS18.html
[07:00]<zj2wow0>I haven't looked, but are you accepting -p tcp -d 192.168.0.3 --dport 80 in FORWARD?
[09:30]<mzsrcj>hey someone mentioned before how to from command promt open up all ports on IPtables and hten clear any previous scripts i had executed
[09:30]<mzsrcj>can someone tell me again i lost it
[09:32]<rlraxne>yeah
[09:32]<rlraxne>iptables -P INPUT ACCEPT
[09:32]<rlraxne> iptables -P OUTPUT ACCEPT
[09:33]<rlraxne>iptables -F
[09:33]<drwygn>iptables -F is the default conf hehe
[09:33]<rlraxne>iptables -X
[09:33]<rlraxne> iptables -Z
[09:33]<rlraxne>or maybe the other way around
[09:33]<rlraxne>first -F -X -Z and then -P thingies
[11:57]<-- svgvsdyzgjvr xrs>/dev/null")
[15:37]<jjxggdq1|wjzc>vice-versa: got it taken care of, just opened udp 35000:36000 coming from the hr comp, :P
[15:37]<vyrn-vnzsr>Johnny23|work: aye, did you happen to get that email I sent?
[15:38]<jjxggdq1|wjzc>vice-versa: I got it this morning, you must have sent it as I was leaving work yesterday
[15:38]<jjxggdq1|wjzc>vice-versa: thanks
[15:39]<vyrn-vnzsr>Johnny23|work: yeah, I was about to give it to you here but just as i was doing it your client quit :/
[15:39]<jjxggdq1|wjzc>vice-versa: heh
[15:39]<vyrn-vnzsr>Johnny23|work: then I remembered later i had your email
[15:40]<vyrn-vnzsr>Johnny23|work: might come in handy if you decide to expand upon your current implementation of amada
[15:40]<vyrn-vnzsr>amanda even
[15:41]<jjxggdq1|wjzc>vice-versa: appreciate it, I did have a quick glance through it
[15:41]<vyrn-vnzsr>np
[15:55]<brdd9g>i have 2 gw ( eth0 and eth1 ) my LAN using eth 3 ... i have already masquerade both gw ... but now i want to foward port 80 to gw eth0 only and port 21 using eth1 what is the command using iptables ?
[15:57]<dnzjzdsvnz>Badm4n: iptables -A FORWARD -j tcp -i eth3 --dport 80 -j ROUTE -oif eth0 <- try that
[15:57]<dnzjzdsvnz>make that -p tcp
[15:57]<brdd9g>ok
[15:57]<brdd9g>root@Rendezvous:/home/mirza# iptables -A FORWARD -j -p tcp -i eth3 --dport 80 -j ROUTE -oif eth0
[15:58]<brdd9g>Bad argument `tcp'
[15:58]<brdd9g>failed
[15:58]<dnzjzdsvnz>er
[15:59]<dnzjzdsvnz>-p tcp instead of -j -p tcp :>
[15:59]<brdd9g>:-/
[15:59]<brdd9g>mean ?
[16:00]<dnzjzdsvnz>iptables -A FORWARD -p tcp -i eth3 --dport 80 -j ROUTE -oif eth0
[16:00]<brdd9g>errr
[16:00]<brdd9g>not -j ?
[16:00]<brdd9g>ok ok
[16:00]<dnzjzdsvnz>no :) -j comes later.
[16:00]<brdd9g>root@Rendezvous:/home/mirza# iptables -A FORWARD -p tcp -i eth3 --dport 80 -j ROUTE -oif eth0
[16:00]<brdd9g>Bad argument `eth0'
