IRC Logs

Network: freenode Channel: #iptables

	Enter your search terms Submit search form
	Web www.irclog.org

[09:09]<2rsvfmj>I did chmod +x filename however when I try to execute the script by just typing the filename I get "~bash: ipcop3389_08_bryan_phone: command not found"
[09:10]<2rsvfmj>(green/newbie here..) Any ideas on why this is giving this error and/or how to fix?
[09:13]<2rsvfmj>I figured it out... sneaky little ./ requirement...
[09:16]<2rsvfmj>I'm getting an error "iptables: No chain/target/match by that name"
[09:17]<2rsvfmj>#!/bin/bash
[09:17]<2rsvfmj>iptables -t nat -R PORTFWACCESS 8 -s $(echo $SSH_CONNECTION | awk '{print $1}') -p tcp --dport 3389 -j DNAT --to-destination 192.168.2.57
[09:17]<2rsvfmj>The above two lines are the contents of the script.
[09:19]<slnnmdg>the script tells iptables to remove a line that doesnt exist
[09:19]<2rsvfmj>When I use iptables -L -n --line-numbers the line exists as:
[09:20]<2rsvfmj>Chain PORTFWACCESS (1 references)
[09:20]<2rsvfmj>num target prot opt source destination
[09:20]<2rsvfmj>8 ACCEPT tcp -- 70.243.139.149 192.168.2.57 tcp dpt:3389
[09:20]<2rsvfmj>(intervening lines removed from above display)
[09:21]<2rsvfmj>My intent is to replace this line with the same line with the ip address of the current connection.
[09:22]<2rsvfmj>Any ideas on what I'm doing wrong and how to fix it?
[09:24]<2rsvfmj>(I'm a newbie. Sorry.)
[09:25]<2rsvfmj>instead of "DNAT" should I have "ACCEPT" ?
[09:26]<2rsvfmj>iptables -t nat -R PORTFWACCESS 8 -s $(echo $SSH_CONNECTION | awk '{print $1}') -p tcp --dport 3389 -j ACCEPT --to-destination 192.168.2.57
[09:27]<slnnmdg>hehe i'm new to most of this too
[09:28]<2rsvfmj>I seem to get farther. Now I get an error "iptables v1.2.11: Unknown arg `--to-destination'
[09:40]<2rsvfmj>if I replace the --to-destination with just --destination I'm back to the "iptables: No chain/target/match by that name" error.
[09:42]<2rsvfmj>Does anyone have any ideas for me to try? I'm a newbie. Sorry.
[09:56]<2rsvfmj>If you have any help for me, please e-mail me at bryan_a@earthlink.net. Thank You.
[12:30]<vfv>Hello. My router does masquerading for my NAT clients (iptables v1.2.11). One of them is an Asterisk server communicating over UDP port 5060 (SIP) with external SIP provider. Every night the router's external IP on ppp0 changes but iptables keeps on sending the NATted UDP packet _from_ the old address. `iptables -F`and reloading the rules doesn't help. The only workaround is to stop asterisk in the NAT client for about 2 minutes. How can I force
[12:30]<vfv> iptables to use ppp0's real IP address as sender IP in outgoing packets?
[12:31]<ffajjfm>a little off-topic, but is there a port from the bsd pf to linux?
[12:50]<mmc>is there any way to get the top ip traffic host IP?
[13:13]<vfv>ddk: Maybe iptraf is what you're looking for ...
[13:25]<mmc>vlt, any better tool?
[13:42]<drvvx>ddk: did you try iftop ?
[13:42]<drvvx>simple command line app, in the 'top' spirit
[14:17]<zzwffzdnz>anyone alive?
[14:21]<zzwffzdnz>danieldg ?
[14:21]<drwygn>danieldg is probably the most active member of the crowd. but he's teaching maxine a thing or two or missing in action!
[14:21]<zzwffzdnz>maxine drop policy
[14:21]<drwygn>Rawplayer: i'm not following you...
[14:21]<zzwffzdnz>um
[14:43]<-- svgvzsdyzgjvz xzs>/dev/null")
[15:05]<nxysv>hi
[15:16]<ffajjfm>i have a question about transparent proxying
[15:16]<ffajjfm>the rule itself is no problem at all, but squid doesnt work with the iptables rule
[15:17]<ffajjfm>exits with an invalid request
[15:30]<ffajjfm>found the error
[15:31]<mmc>matth, iftop looks better than iptraf as the aspect.
[15:36]<nxysv>is the any security policy for ethernet mac ids?
[15:37]<nxysv>you know mac ids can be changed by the help of some tools
[15:58]<2rsvfmj>I'm getting an error "iptables: No chain/target/match by that name"
[15:59]<2rsvfmj>My script is: iptables -t nat -R PORTFWACCESS 8 -s $(echo $SSH_CONNECTION | awk '{print $1}') -p tcp --dport 3389 -j DNAT --to-destination 192.168.2.57
[15:59]<2rsvfmj>When I use iptables -L -n --line-numbers the line exists as: Chain PORTFWACCESS (1 references)
[16:00]<2rsvfmj>num target prot opt source destination
[16:00]<2rsvfmj>8 ACCEPT tcp -- 70.243.139.149 192.168.2.57 tcp dpt:3389 (intervening lines removed)
[16:01]<2rsvfmj>I am a newbie (Sorry). My intent is to replace the above line with my current ip address.
[16:02]<ffajjfm>baStlMo: newbies should go here: http://iptables-tutorial.frozentux.net/iptables-tutorial.html7~
[16:02]<ffajjfm>oops, url got damaged
[16:02]<2rsvfmj>I thought maybe the DNAT needed to be replaced with ACCEPT instead but it either doesn't like the destination clause or gives me the same "No chain/target/match" error.
[16:02]<ffajjfm>baStlMo: newbies should go here: http://iptables-tutorial.frozentux.net/iptables-tutorial.html
[16:02]<ffajjfm>that one
[16:04]<2rsvfmj>I've read that document previously (and in fact have a bookmark to it). Thank You. I understand alot of it but not enough to get my this problem.
[16:04]<2rsvfmj>Can you help me? I assume I'm doing something really stupid.
[16:05]<ffajjfm>what is the problem exactly?
[16:05]<ffajjfm>you have a rule set up and you want it to be replaced with another one?
[16:06]<ffajjfm>-R, --replace thats what this parameter is for
[16:06]<ffajjfm>instead of appending or inserting a rule, you replace it
[16:06]<ffajjfm>and btw, this one is explicitly explained in the howto!
[16:07]<2rsvfmj>That is exactly what I want to do is to replace this rule that is shown above.
[16:07]<2rsvfmj>I'll go look again...
[16:07]<ffajjfm>just look for -R <-- in the howto, there is even a simple example!
[16:08]<2rsvfmj>There is only one reference in the entire document to "-R ".
[16:09]<2rsvfmj>(under section 9.3) Where are you seeing explicit explaination of this.
[16:09]<ffajjfm>9.2 actually
[16:09]<ffajjfm>uhm, 9.3 table 9-2
[16:09]<ffajjfm>what more is it you expect to be explained?
[16:10]<2rsvfmj>Well, look at my command and see what is different. Am I just putting too much info in the command?
[16:12]<ffajjfm>what does this return? echo $SSH_CONNECTION | awk '{print $1}'
[16:12]<ffajjfm>maybe it returns "" <-- which means the rule would lack a paramter
[16:12]<2rsvfmj>That is supposed to return the current ip address of the SSH connection.
[16:12]<ffajjfm>baStlMo: well, does it?
[16:14]<2rsvfmj>It returns an ip address. I'm behind my firewall at the moment so it returns my firewall address.
[16:14]<2rsvfmj>(local ip address)
[16:14]<ffajjfm>yes, but it isnt empty, thats important
[16:15]<2rsvfmj>192.168.2.57
[16:15]<ffajjfm>put the -p tcp before -s
[16:15]<2rsvfmj>No it returns the above ip address (at least when done at the command prompt.
[16:15]<2rsvfmj>ok I'll do that now.
[16:16]<ffajjfm>baStlMo: well, try the command from the commandprompt, if it works, then its the context you are starting it from which causes the problem
[16:16]<nxysv>is there any way to disable Mac id spoofing?
[16:16]<ffajjfm>you may need to set SSH_CONNECTION="some static ip stuff"
[16:16]<2rsvfmj>Same error "iptables: No chain/target/..." error
[16:17]<ffajjfm>eXiSt: nop
[16:17]<2rsvfmj>good point.
[16:17]<ffajjfm>baStlMo: does PORTFWACCESS exist in nat tableß
[16:17]<2rsvfmj>same error from the command prompt. I'll try with all literals.
[16:18]<ffajjfm>PORTFWACCESS <-- maybe that chain doesnt exist
[16:18]<ffajjfm>or spell error
[16:18]<drwygn>'error' may be spelled correctly
[16:18]<2rsvfmj>let me check my dump of iptables -L -n --line-numbers ...
[16:18]<nxysv>LLcoolM so someone can spoof his mac id to another box which has full access on iptables rules for example?
[16:19]<ffajjfm>eXiSt: it's piece-o-cake actually

Back to #iptables
Or go to some related logs:
#gentoo
#iptables
#gentoo
#gentoo
#gentoo