IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1834.75 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-08-01
[22:40]<fyguw_drgau>iptables -t nat -I FORWARD -s 192.168.0.0/0 -d 0.0.0.0/0 -j ACCEPT
[22:40]<fyguw_drgau>iptables -t nat -I PREROUTING -s 192.168.0.0/0 -d 0.0.0.0/0 -j ACCEPT
[22:40]<fyguw_drgau>then
[22:40]<fyguw_drgau>echo "1" > /proc/sys/net/ipv4/ip_forward
[22:41]<fyguw_drgau>if that doesnt work.. Then there is something wrong with your network.. Not with the iptables
[22:41]<ewzrfwrr>linux_manju, ok i've tried that but the problem is like this: ping GATEWAY_PROVIDER i have ttl 255 from the server, ping GATEWAY_PROVIDER from any pc from that lan i have 255 but if i ping google.ro from the server i get ttl 1 and if i ping from another computer from the lan i get timeout
[22:42]<ewzrfwrr>PROVIDER = ISP
[22:42]<fyguw_drgau>z3rgl1ng: hmmm.. thats tricky..
[22:42]<ewzrfwrr>hi is using cisco ruters
[22:43]<fyguw_drgau>z3rgl1ng: Obviously your gateway provider doesnt want you to share the connection
[22:43]<ewzrfwrr>linux_manju, i know that.. but i want to share it :)... i pay him 3 contracts... and i don't want to pay another one...
[22:44]<fyguw_drgau>z3rgl1ng: I dont think so.. As long as you have to route the traffic through. ISPs gateway...
[22:45]<ewzrfwrr>you say that is no solutions ?
[22:45]<ewzrfwrr>without s
[22:45]<fyguw_drgau>z3rgl1ng: I say not tat i know of
[22:45]<ewzrfwrr>from the end
[22:45]<fyguw_drgau>brb
[22:46]<ewzrfwrr>ok, thanks, there is a solution... i'll try again
[22:54]<fyguw_drgau>z3rgl1ng: I guess u can set up a proxy in the gateway.. and the clients should be pointed to that
[22:59]<gdnn>How can I log whether the packet was accepted or dropped?
[23:00]<gdnn>I've just added a general log-all rule for TCP packets in the INPUT and FORWARD chains, but I would like to know whether the logged package was dropped or accepted
[23:01]<rlraxne>check the default policy
[23:03]<ewzrfwrr>linux_manju, i use a proxy in my gateway for about a mounth... now i want to do some nat... and i'm on the wright way...
[23:03]<gdnn>Apachez: me?
[23:05]<fyguw_drgau>z3rgl1ng: I dont see how it can be done... Well.. lemme check .. If you can rewrite the ttl in the firewall that should happen
[23:06]<fyguw_drgau>nmee: If u want to log and drop.. u have to add two different rule and a cusomized chain..
[23:06]<fyguw_drgau>nmee: something like this shld do it..
[23:06]<fyguw_drgau>nmee: iptables -N LOGDROP
[23:06]<fyguw_drgau>will create a chain
[23:07]<fyguw_drgau>iptbales -A LOGDROP -s 0.0.0.0/0 -d 0.0.0.0/0 -j LOG
[23:07]<fyguw_drgau>iptables -A LOGDROP -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP
[23:08]<ewzrfwrr>linux_manju, a wille ago that was posible by patching iptables witch patch-o-matic, no it is posible just by having the latest stable kernel and iptables... :), now it works, dc++ clients connect with pasiv mode.. now to figure out whi the ping dosen't work...
[23:08]<fyguw_drgau>that will log and drop your packtes...
[23:08]<gdnn>aha, and instead of -j DROP, I use -j LOGDROP?
[23:08]<gdnn>(when I want to log and drop the packets, that is)
[23:08]<fyguw_drgau>nmee: only thing you have to take care is to jump the packtes mayching the criteria shld be sent to that chain
[23:09]<gdnn>I get it
[23:09]<gdnn>thanks a lot :)
[23:09]<fyguw_drgau>nmee: No prbs
[23:09]<fyguw_drgau>z3rgl1ng: Well its still possible with mangle table.. I forgot the syntax.. Lemme check it ;P
[23:10]<fyguw_drgau>z3rgl1ng: http://www.faqs.org/docs/iptables/mangletable.html
[23:10]<fyguw_drgau>should ring the bell for you :)
[23:16]<afnxnztnah>linux_manju, ?
[23:16]<drwygn>linux_manju, are you theere ?
[23:16]<afnxnztnah>linux_manju, finally works
[23:17]<fyguw_drgau>AleXerTecH: congrats man..
[23:17]<afnxnztnah>linux_manju, but this is more extrange than before... works when i delete from the boot the service upnpd
[23:17]<afnxnztnah>linux_manju, Thanks :D
[23:18]<fyguw_drgau>AleXerTecH: No probs.. :)
[23:18]<afnxnztnah>linux_manju, but what could do that service for blockme ?
[23:18]<fyguw_drgau>AleXerTecH: search me
[23:19]<fyguw_drgau>AleXerTecH: thats strage.. Its supposed to run inparell with iptables
[23:19]<fyguw_drgau>$IPTABLES -t mangle -A PREROUTING -i $interface -j TTL --ttl-inc 1
[23:20]<fyguw_drgau>should change the ttl value
[23:22]<fyguw_drgau>bye guyz
