IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.86 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-08-08
[00:29]<-- sgvgzs xzs fuyv (>/dev/brain")
[00:33]<dzzcczv>Hola
[00:33]<dzzcczv>buenas tardes
[00:33]<dzzcczv>alguien puede ayudarme?
[00:33]<dzzcczv>es sobre redireccionamiento
[00:36]<dzzcczv>alguien puede ayudarme?
[00:57]<zvzzzyzzzzqq>guys, I have iptables 1194 allow open
[00:57]<zvzzzyzzzzqq>:ACCEPT tcp -- anywhere anywhere tcp dpt:1194
[00:57]<zvzzzyzzzzqq>but on nmap it shows closed
[00:57]<zvzzzyzzzzqq>any reason why
[01:02]<rlraxne>http://www.tbg.nu/iptables.txt updated regarding log-options and how icmp is taken care of
[01:28]<-- svgvsdyzgjvr__ xr>/dev/null")
[01:28]<vyrn-vnzsr>ntengineer22: what's listening on port 1194?
[01:35]<wggax>wow I've not used IRC in a long time
[01:40]<vyrn-vnzsr>I see that :)
[02:55]<jddddbjgns>vice-versa i'm in :D
[02:55]<vyrn-vnzsr>hey JimmyBones
[02:56]<jddddbjgns>vice-versa one moment
[02:56]<vyrn-vnzsr>JimmyBones: sure
[02:56]<jddddbjgns>i'll be back in 15 minutes
[02:56]<jddddbjgns>wait please:D
[03:13]<vyrn-vnzsr>JimmyBones: hey
[03:13]<vyrn-vnzsr>JimmyBones: so is this a fairly fresh install?
[03:15]<vyrn-vnzsr>JimmyBones: ???
[03:45]<jddddbjgns>vice-versa no more iptables error, i've done it, thanks and cya
[03:46]<vyrn-vnzsr>JimmyBones: what was it in the end?
[03:49]<jddddbjgns>cya
[09:34]<-- sgvgzs xzs fuyv (>/dev/brain")
[12:55]<knduz>how to track live connections with iptables
[12:56]<knduz>hello All
[12:56]<asvygus->track in what sense
[12:57]<knduz>like my system is on Static IP and multiple users are connected to my system with differnt IPs
[12:57]<knduz>so i want to track that connections
[13:00]<knduz>Anybody knows?
[13:01]<asvygus->track for what purpose
[13:02]<knduz>so see how many connections are made with my system
[13:02]<asvygus->okay.
[13:02]<asvygus->netstat :D
[13:08]<rlraxne>but netstat wont show routing
[13:08]<rlraxne>or connection trackin
[13:08]<rlraxne>i think there is connection tracking thingy in /proc which shows current connections
[13:08]<rlraxne>just run it through wc -l to get the number
[13:08]<knduz>ohh thanks
[13:30]<knduz>is there any tool availble which can display live connections on GUI
[13:30]<knduz>?
[14:02]<ayffnzdrax>Keyur: you mean like "tail -f /var/log/firewall" ?
[14:03]<asvygus->like a gtk netstat?
[14:10]<-- svgvsdyzgjvr xrs>/dev/null")
[14:25]<huk0b>hi I have a question about one rule -A POSTROUTING -s 10.244.50.0/255.255.255.0 -d ! 10.244.0.0/255.255.240.0 -o eth1.574 -j SNAT --to-source ... how I can make the rule to make SNAT not only to this 10.244.0.0/255.255.240.0 but I want except 192.168.0.0/16 too
[14:26]<huk0b>I tryed that -A POSTROUTING -s 10.244.50.0/255.255.255.0 -d ! 10.244.0.0/255.255.240.0,192.168.0.0/16 -o eth1.574 -j SNAT --to-source
[14:26]<huk0b>but give me error
[14:26]<huk0b>I can't make it wit , I tryed with space too but still some error
[14:26]<ayffnzdrax>if I do "-j DROP" should this alone cause logging?
[14:27]<gdacvxjzfnd>hi all - does anyone here know if a good channel to discuss probs linking with a netgear router
[14:27]<ayffnzdrax>HuK0B: I don't think 255.255.255.0 is a valid netmask
[14:28]<ayffnzdrax>HuK0B: is you are trying to filter packets from 10.244.50.0 to 10.244.50.255, I suggest you use 10.244.50.0/24 instead
[14:29]<huk0b>ok
[14:29]<huk0b>I have 2 networks
[14:30]<ayffnzdrax>Apachez: good morning. Thanks for your help yesterday.. I have studied and have another question
[14:30]<huk0b>I want to masquerade all but not packets going to this 2 networks
[14:31]<huk0b>ok I will make 10.244.50.0/24 but how to make 192.168.0.0/16 too
[14:31]<ayffnzdrax>HuK0B: I use ipcop for my firewalling. I modded it to fit our needs
[14:31]<huk0b>anyother suggestions?
[14:32]<ayffnzdrax>huggi: which IPs in the 192.168.x.x space are concerned with
[14:33]<huk0b>192.168.10.0/24 is good too
[14:34]<ayffnzdrax>example. internally I use 192.168.1.0-255 and 192.168.0.0-255 and 192.168.2.0-255
[14:34]<ayffnzdrax>HuK0B: iptables is made to be refined.. don't try to be too broad with your rules
[14:34]<ayffnzdrax>s/refined/finegrained/
[14:35]<huk0b>but I use 10.255.50.0-255.255.255.0 and 192.168.10.0-255.255.255.0
[14:36]<huk0b>I want to masquerade all packets that are not to this two networks
[14:37]<ayffnzdrax>so 10.255.50.0/24 and 192.168.10.0/24
[14:38]<huk0b>yes
[14:38]<ayffnzdrax>now my input is simply for network address notation.. I'm not a guru with masquerading
[14:39]<ayffnzdrax>have you checked out iptables-tutorial.frozentux.org?
[14:39]<huk0b>yes I didn't find tutorial that have this
[14:40]<huk0b>I just need to know how to make this but with 10.244.0.0/255.255.255.0 I want 192.168.10.0/24 too -A POSTROUTING -s 10.244.50.0/255.255.255.0 -d ! 10.244.0.0/255.255.255.0 -o eth1.574 -j SNAT --to-source
[14:42]<huk0b>how to make more than 2 destinations in one rule?
[14:44]<asvygus->you mean like a packet should be sent to two places at the same time?
[14:47]<huk0b>no I mean
[14:48]<huk0b>I have rule that that change source address to real adress to masquerade right? but not when destination is 10.244.50.0/255.255.255.0 I want to not change it when destination is from 192.168.10.0/255.255.255.0 network
[14:48]<huk0b>but how to make it?
[14:49]<ayffnzdrax>HuK0B: make a new rule, jump to it eval for both networks and exit the rule appropriately, I know easier said than done
[14:50]<ayffnzdrax>I'm working on a similar thing too, not masq but trying to get log entries differentiated by reason for ACCEPT or reason for DROP
[14:51]<ayffnzdrax>I think you are on the right path, you should be able to eval multiple --source on one line
[14:51]<huk0b>killermach I didn't understand you
[14:53]<ayffnzdrax>http://iptables-tutorial.frozentux.net/chunkyhtml/x2682.html - 10.3.6. IP range match, again I'm not sure how do what you need done, check here it may help
[14:54]<huk0b>I see that but I how to make 2 networks
[14:54]<huk0b>multiport for example have more ports with ,
[14:54]<ayffnzdrax>so you want to match 10.255.50.x and 192.168.10.x on one line
[14:54]<huk0b>yes
[14:55]<ayffnzdrax>I think a comma may work: --source 192.168.10.0/24,10.255.50.0/25 maybe?
[14:56]<huk0b>no
