On Sat, Nov 19, 2011 at 3:22 AM, Guy Tetruashvyly wrote:
>
> After we've dealt with not touching traffic we shouldn't by the NAT
> engine, now we're talking about something else:
> recognizing GRE traffic - and understanding where it SHOULD go,
> based on the characteristics of the GRE packets th
nd what happened then was - the ACK
packets coming from an outside PPTP servers as response
to SYN's - would be redirected to the LAN PPTP server
as per the router acting " OK, your a GRE packet, I got a
line for you in
to SYN's - would be redirected to the LAN PPTP server as per the
> router acting " OK, your a GRE packet, I got a line for you in IPtables,
> you go there ", -
> ,rather then to the host that initiated the connection. ( Sorry for
> the cheap humanization of the route
is
the LAN. Yes, it jumps right into mind "hey, well as far as
IPtables is concerned, they are the same interface" . Because
it's been 4 months that I'm trying to solve this, I can't recall
every step that I took 1:1, but, I know that the same issu
and has a LAN IP address (only) .
> The Router is forwarding GRE and TCP port 1723 to that PPTP server, the
> router is using Netfilter/IPtables.
>
> The same issue, which I'll describe pretty soon, Happens with a phone
> system ( Asterisk) , that's on the LAN, which on
only) .
The Router is forwarding GRE and TCP port 1723 to that PPTP server,
the router is using Netfilter/IPtables.
The same issue, which I'll describe pretty soon, Happens with a
phone system ( Asterisk) , that's on the LAN, which only has a LAN
address, as well
nning the connection (it's the usual
> pptp tunnel).
>
> If I need to I can add an ethernet interface just for the that router.
>
> I'm using a 2.4 kernel so I need an iptables rule.
>
> Any ideas?
>
> Thanks, Geoff.
Hello Geoff,
I'm no iptables guru, but
need to I can add an ethernet interface just for the that router.
I'm using a 2.4 kernel so I need an iptables rule.
Any ideas?
Thanks, Geoff.
I don't get what the problem is. The "INPUT" table is for access to the
machine itself, the "FORWARD" chain is f
r current setup.
For that matter, define an ip on your curent network as the "External"
connection, RED in IPCOP terms, a different set of ip's for the "new"
lan, GREEN in IPCOP terms and last a wireless network, BLUE in IPCOP terms.
Otherwise, iptables-save, iptables -D, ipta
On Wed, Aug 06, 2008 at 11:35:04PM +0300, Moish wrote:
> If you any old box ( or vmware server ), download and install IPCOP and
> in 5 minutes you'll have it.
Thanks, but how will that affect my already existing carefully
crafted rules?
Geoff.
--
Geoffrey S. Mendelson, Jerusalem, Israel [EMAI
If you any old box ( or vmware server ), download and install IPCOP and
in 5 minutes you'll have it.
Moish
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
ech
interface just for the that router.
I'm using a 2.4 kernel so I need an iptables rule.
Any ideas?
Thanks, Geoff.
--
Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM
=
To unsubscribe, send mail to [EMAIL
On Fri, May 23, 2008 at 11:30 AM, shimi <[EMAIL PROTECTED]> wrote:
>
> Is the nmap traffic coming from either one of these interfaces? Because if
> so, these rules allows them to pass, regardless of any other rules you have
> (as you don't have any REJECT before these rules, nor your chain policy
On Fri, May 23, 2008 at 1:49 AM, Hetz Ben Hamo <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm playing here with iptables, and I have a small problem:
>
> Here's my iptables config:
>
> -A test-fw-INPUT -i eth0 -j ACCEPT
> -A test-fw-INPUT -i eth0-range0 -j AC
Hetz Ben Hamo wrote:
Hi,
I'm playing here with iptables, and I have a small problem:
Here's my iptables config:
FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:test-fw-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j test-fw-INPUT
-A FORWARD -j test-fw-INPUT
-A test-fw-INPUT -i lo -j
Hi,
I'm playing here with iptables, and I have a small problem:
Here's my iptables config:
FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:test-fw-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j test-fw-INPUT
-A FORWARD -j test-fw-INPUT
-A test-fw-INPUT -i lo -j ACCEPT
-A test-fw-INPUT
On 7/3/07, Gil Freund <[EMAIL PROTECTED]> wrote:
On 7/3/07, Vassilii Khachaturov <[EMAIL PROTECTED]> wrote:
> > Let me try explaining what is it that I find missing in Debian's
> > iptables setup:
> >
>
> If you have console access, it's a differen
On 03/07/07, Micha Silver <[EMAIL PROTECTED]> wrote:
Oded Arbel wrote:
> On Tue, 2007-07-03 at 21:16 +1000, Amos Shapira wrote:
>
>
> I think this is really bad. The only good thing in the above document
> is that one of the tools suggested in the first section is shorewall
which is
> a brillia
On 7/3/07, Vassilii Khachaturov <[EMAIL PROTECTED]> wrote:
> Let me try explaining what is it that I find missing in Debian's
> iptables setup:
>
If you have console access, it's a different thing. I agree that,
perhaps, a mid or low priority debconf option to cha
> Let me try explaining what is it that I find missing in Debian's
> iptables setup:
>
> The most basic use case is for a sysadmin to configure rules and
> expect them to survive reboot. This is the behavior he is familiar
> with from nearly every enterprise FW device. He
On Tue, Jul 03, 2007, Amos Shapira wrote about "Re: Keeping iptables rules
across reboots on Debian (lenny) ?":
> Are you serious? You recommend people to edit a file with a syntax like:
Oh, and I forgot to mention the most important reason why I always - and in
this case as w
On Tue, Jul 03, 2007, Amos Shapira wrote about "Re: Keeping iptables rules
across reboots on Debian (lenny) ?":
> >The approach I like better is to edit
> >
> > /etc/sysconfig/iptables
>..
> Are you serious? You recommend people to edit a file w
d - it's a breeze to set up and
maintain iptables rules.
THere's even a "try" option which allows you to restart iptables reading
all configs from a separate subdirectory for testing. So it's quite easy
and safe (no messing with working
On Tue, 2007-07-03 at 21:16 +1000, Amos Shapira wrote:
> As a long-time debian advocate, I'm hanging my head in shame about
> this - the above behaviour is the single advantage I found with FC/RH
> over latest Debian. As far as I can tell, Debian Sarge used to have
> some provisions for saving/res
On Tue, 2007-07-03 at 21:24 +1000, Amos Shapira wrote:
> On 03/07/07, Nadav Har'El <[EMAIL PROTECTED]> wrote:
> The approach I like better is to edit /etc/sysconfig/iptables
> Are you serious? You recommend people to edit a file with a syntax
> like:
>
>
On 03/07/07, Nadav Har'El <[EMAIL PROTECTED]> wrote:
On Tue, Jul 03, 2007, Oded Arbel wrote about "Re: Keeping iptables rules
across reboots on Debian (lenny) ?":
> *) The SysV script offers the option of "save" to call iptables-store
> for you. The standar
On 03/07/07, Oded Arbel <[EMAIL PROTECTED]> wrote:
*) The SysV script offers the option of "save" to call iptables-store
for you. The standard sysadmin use case would be to setup the needed
rules, then run '/etc/init.d/iptables save' and then reboot the machine
an
On Tue, Jul 03, 2007, Oded Arbel wrote about "Re: Keeping iptables rules across
reboots on Debian (lenny) ?":
> *) The SysV script offers the option of "save" to call iptables-store
> for you. The standard sysadmin use case would be to setup the needed
> rules, then r
On Tue, 2007-07-03 at 12:23 +0300, Maxim Veksler wrote:
> On 7/2/07, Baruch Even <[EMAIL PROTECTED]> wrote:
> > * Maxim Veksler <[EMAIL PROTECTED]> [070702 03:32]:
> > > On 7/2/07, Lior Kaplan <[EMAIL PROTECTED]> wrote:
> > > >Maxim Veksler wrot
On 7/2/07, Baruch Even <[EMAIL PROTECTED]> wrote:
* Maxim Veksler <[EMAIL PROTECTED]> [070702 03:32]:
> On 7/2/07, Lior Kaplan <[EMAIL PROTECTED]> wrote:
> >Maxim Veksler wrote:
> >
> >Use iptables-save to save your current rules as to the iptables rules
* Maxim Veksler <[EMAIL PROTECTED]> [070702 03:32]:
> On 7/2/07, Lior Kaplan <[EMAIL PROTECTED]> wrote:
> >Maxim Veksler wrote:
> >
> >Use iptables-save to save your current rules as to the iptables rules
> >files. It will be loaded on the next reboot usin
On 7/2/07, Lior Kaplan <[EMAIL PROTECTED]> wrote:
Maxim Veksler wrote:
Use iptables-save to save your current rules as to the iptables rules
files. It will be loaded on the next reboot using iptables-restore.
Ha?
I must be missing something, I would like the rules to load
_automatical
ility to save iptables rules across
system reboots.
I've looked at bug listings for iptables, it seems that once there was
such script. It was called /etc/init.d/iptables but for some reason it
has been removed. Why?
Use iptables-save to save your current rules as to the iptables rules
files.
Hi list,
I've installed lenny on my parents home PC, it works great (as always).
They have russion login environment, the grandsons are happy with
hebrew (thanks user-he) and I myself am very satisfied with english.
I find something lacking - the ability to save iptables rules across
s
On Thu, Dec 09, 2004 at 01:12:52PM +0200, Alon Barzilai wrote:
> Hi,
>
> I plugged the cable to another port in the switch and that solved the
> problem.
> very strange.
I have at home a cheapo Edimax 8port switch that looses few of its ports
every few weeks. Rebooting it solves this. A newer on
ess, but I am not sure)
> >>
> >>I cannot also ping out from the machine to other on the same network,
> >>but surprisingly I can ping outside.
> >>
> >>
> >>I suspceted theiptables are involved in the process.
> >>I never used/configured
t; but surprisingly I can ping outside.
>
>
> I suspceted the iptables are involved in the process.
> I never used/configured iptabels on that machine
> when I issued "ifup eth0" I got messages saying "ip tabels (c) Netfilter
> core team"
> so I removed th
, but I am not sure)
I cannot also ping out from the machine to other on the same network,
but surprisingly I can ping outside.
I suspceted the iptables are involved in the process.
I never used/configured iptabels on that machine
when I issued "ifup eth0" I got messages saying &qu
Hi Josh,
there is no such module.
Alon.
Hi Alon,
If you suspect that iptables are involved check that you don't have any
iptables modules running. run:
lsmod|grep iptable
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the
Iptables is a part of kernel (either as module or compiled in), you cannot
deinstall the admin package and get rid of it that easily.
Check for iptables modules by running `lsmod` and then remove by `rmmod`.
If it is not running as module, then you will need to recompile the kernel
rprisingly I can ping outside.
>
>
> I suspceted the iptables are involved in the process.
> I never used/configured iptabels on that machine
> when I issued "ifup eth0" I got messages saying "ip tabels (c) Netfilter
> core team"
> so I removed the iptable
iptables are involved in the process.
I never used/configured iptabels on that machine
when I issued "ifup eth0" I got messages saying "ip tabels (c) Netfilter core
team"
so I removed the iptables packages, but that did not help.
when I try to ping into the same network I get
(
I
Hi,
I have an old RH9 box that suddenly stopped responding to pings( there
might be a restart in the process, but I am not sure)
I cannot also ping out from the machine to other on the same network,
but surprisingly I can ping outside.
I suspceted the iptables are involved in the process.
I
Hi all,
The topic of Monday's (3/5) lecture is:
How to protect your home/office network?
Using IPTables and building a firewall - background, motivation and concepts
Lecture slides are available at
http://www.haifux.org/lectures/98-sil/IPTablesPresentation.pdf
and in a sxi (OpenOffice) f
Next Monday (3/5/2004), 18:30, the Haifa Linux Club will once
again meet to hear Adir Abraham talk about:
How to protect your home/office network?
Using IPTables and building a Firewall
Background, Motivation and Concepts
This lecture is a "Stayi
On Tue, Apr 27, 2004 at 07:51:33PM +0300, Shachar Shemesh wrote:
> Noam Meltzer wrote:
>
> >Hi,
> >I was wondering if any1 knows if iptables has the ability to implement
> >"application intelligence"?
>
> The short answer is "no".
>
&g
Noam Meltzer wrote:
Hi,
I was wondering if any1 knows if iptables has the ability to implement
"application intelligence"?
My sepcific interest is to implement something like this:
I have a host, connected to the internet, and it runs iptables, while
ssh's tcp port is the only one
On Tuesday 27 April 2004 18:55, Noam Meltzer wrote:
> Hi,
> My sepcific interest is to implement something like this:
> I have a host, connected to the internet, and it runs iptables, while
> ssh's tcp port is the only one opened.
> Now, I want that instead of open
you cannot do this as suggested as the previous list members replied.
However, there are other means like openning an http server on the ssh
machine and adding a script that when the page opens requires a
user and password. this script will open iptables for that ip for the
remainder of
that
Noam Meltzer wrote:
Hi,
I was wondering if any1 knows if iptables has the ability to implement
"application intelligence"?
The short answer is "no".
A slightly longer answer is that, if you have a proxy software that can
act as a transparent proxy, you can direct all
al Message -
From: "Noam Meltzer" <[EMAIL PROTECTED]>
To: "Linux-IL mailing list" <[EMAIL PROTECTED]>
Sent: Tuesday, April 27, 2004 5:55 PM
Subject: iptables AI (application intelligence)
> Hi,
> I was wondering if any1 knows if iptables has the ability to imple
Hi,
I was wondering if any1 knows if iptables has the ability to implement
"application intelligence"?
My sepcific interest is to implement something like this:
I have a host, connected to the internet, and it runs iptables, while
ssh's tcp port is the only one opened.
Now, I wa
Alright folks. I've been gathering some information about the way the
connection is handled, and here's how it is.
Packets going through ppp0 are just regular packets. But the point is,
they're not going directly through ppp - assuming you are sending a
packet, it goes through ppp0, gets packed an
lack of success connecting through VPN?
i'll just say that i succeeded to connect to Netvision through pptp and even
with l2tp.
> ## start of rc.firewall
> ## define IPTABLES for late use
> IPTABLES="/sbin/iptables"
> ##
> ## define the network card used for exit
> EXTIF=eth
Thanks guys, I`ll look into it. I`ll report back if I found a solution.
--
Regards, Itamar Ravid.
pgp0.pgp
Description: PGP signature
Hello there,
You can try and look into my rc.firewall file, that works on 012.net at
AZTV. Bear in mind, that this is a constant connection, due to my (and the
supporters) lack of success to connect through VPN:
## start of rc.firewall
## define IPTABLES for late use
IPTABLES="/sbin/ipt
> Hi folks. I have a couple of questions regarding the use of IPTables
> alongside with the Israeli way of cables connection (PPTP on top of
> DHCP). Now, I`m using Firehol (http://firehol.sourceforge.net) to make
> IPTables configuration easier, however, adjusting the resulting
Hi folks. I have a couple of questions regarding the use of IPTables
alongside with the Israeli way of cables connection (PPTP on top of
DHCP). Now, I`m using Firehol (http://firehol.sourceforge.net) to make
IPTables configuration easier, however, adjusting the resulting script
isn't a pr
Can you advise about the following?
$ squidclient -h iptables-tutorial.frozentux.net -p 80 /iptables-tutorial.html
HTTP/1.0 504 Gateway Timeout
Date: Wed, 13 Aug 2003 05:38:09 GMT
Content-Length: 278
Content-Type: text/html
Server: NetCache appliance (NetApp/5.3.1R3D1)
504 Gateway Timeout
On Tuesday 01 July 2003 18:04, Nadav Har'El wrote:
NH>Paranoids (like me, for example) use several lines of defense.
NH>
NH>For example, here are 3 lines of defense:
That's exactly what I used (and use) before my paranoia progressed and i
started messing up with NIDS as a fourth line of defense
On Tuesday 01 July 2003 18:40, Mycroft wrote:
> AJ>
> AJ>If you want that functionality, google for "portsentry".
>
> Erm...it appears (to me at least) that portsentry has all the firewall
> ruleset blocking "functionality" that you recommended against
I *don't* recommend blocking hosts by detect
On Tuesday 01 July 2003 16:35, Shachar Shemesh wrote:
SS>
SS>The bottom line is this - if you have no open source, why do you care
SS>whether you are scanned?
SS>This mail brought to you by the person responsible for Check Point not
SS>sporting any easy-to-configure automatic retaliation system,
On Tuesday 01 July 2003 18:11, Aviram Jenik wrote:
AJ>
AJ>If you want that functionality, google for "portsentry".
Erm...it appears (to me at least) that portsentry has all the firewall ruleset
blocking "functionality" that you recommended against with the addition of
rather questionable detect
On Tuesday 01 July 2003 15:58, Mycroft wrote:
>
[snip]
> This box is my networked workstation at home, and i
> don't have open server ports. I'm merely dealing with a number of script
> kiddies that think scanning and DOSing people they meet on IRC channels
> makes them all-powerful.
[snip]
> howe
On Tue, Jul 01, 2003, Shachar Shemesh wrote about "Re: Snort - iptables addon":
> The bottom line is this - if you have no open source, why do you care
> whether you are scanned?
Paranoids (like me, for example) use several lines of defense.
For example, here are 3 lines of de
Hi,
On Tuesday 01 July 2003 17:46, josh wrote:
> > Your IDS will not block a simple connect scan (AFAIR snort does not save
> > packets and does not know that this is the 10,000th port in a row you are
> > trying to reach)
>
> FYI the portscan2 preprocessor on snort 2.0 tracks connection states.
L PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Snort - iptables addon
>
>
> On Tue, 1 Jul 2003, Aviram Jenik wrote:
>
> > "Idle scan" will actually work quite nicely here (I'm sure one of the servers
> > written above has its idle moments), but that's no
On Tue, 1 Jul 2003, Aviram Jenik wrote:
> "Idle scan" will actually work quite nicely here (I'm sure one of the servers
> written above has its idle moments), but that's not the way I would approach
> it as an attacker.
> Your IDS will not block a simple connect scan (AFAIR snort does not save
> p
Mycroft wrote:
Well I'm not securing a corporate web server here, most probably if i were,
I'd choose other means of security responce. Leaving it to professionals is
always a good idea :)). This box is my networked workstation at home, and i
don't have open server ports. I'm merely dealing wit
On Tuesday 01 July 2003 15:11, Tzafrir Cohen wrote:
TC>And suppose I don't really need the results of those scan? And this is
TC>all done just to make you block some computers?
TC>
TC>What traffic can someone make you drop?
TC>
What harm could that do? I do realize that you are right about the pot
On Tuesday 01 July 2003 15:18, Aviram Jenik wrote:
AJ>
AJ>(if my irony went undetected, I would really recommend against this
AJ>hair-triggered blocking system)
AJ>
Hmm, I am a big fan of constructive feedback. Don't we all?
AJ>"Idle scan" will actually work quite nicely here (I'm sure one of the
On Tuesday 01 July 2003 14:43, Mycroft wrote:
> On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote:
>
> TC>What happens if I spoof a portscan from a different address? Do you
> TC>block it? Now what was the IP of your DNS server?
> TC>
> That's what the "preprocessor portscan2-ignorehosts:" and "pr
On Tue, Jul 01, 2003 at 02:43:01PM +0300, Mycroft wrote:
> On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote:
>
> TC>What happens if I spoof a portscan from a different address? Do you
> TC>block it? Now what was the IP of your DNS server?
> TC>
> That's what the "preprocessor portscan2-ignorehos
On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote:
TC>What happens if I spoof a portscan from a different address? Do you
TC>block it? Now what was the IP of your DNS server?
TC>
That's what the "preprocessor portscan2-ignorehosts:" and "preprocessor
portscan-ignorehosts:" sections in the /etc/s
On Tue, Jul 01, 2003 at 02:14:12AM +0300, Mycroft wrote:
> Hello,
> Have anyone heard of/used an snort add-on that could manage iptables firewall
> in responce to a specific network events...like portscans or DOS attacks?
What happens if I spoof a portscan from a different address? Do
Yeah, look for PSAD, it is a an addon for snort that modifies iptables
automaticly in run-time :-)
Oleg.
- Original Message -
From: "Mycroft" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 01, 2003 1:14 AM
Subject: Snort - iptables addon
> H
Of Mycroft
> > Sent: Tuesday, July 01, 2003 1:14 AM
> > To: [EMAIL PROTECTED]
> > Subject: Snort - iptables addon
> >
> >
> > Hello,
> > Have anyone heard of/used an snort add-on that could manage iptables firewall
> > in responce to a specific ne
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mycroft
> Sent: Tuesday, July 01, 2003 1:14 AM
> To: [EMAIL PROTECTED]
> Subject: Snort - iptables addon
>
>
> Hello,
> Have anyone heard of/used an snort add-on that could manage iptables f
Hello,
Have anyone heard of/used an snort add-on that could manage iptables firewall
in responce to a specific network events...like portscans or DOS attacks?
I know once it's detected, snort is capable of blocking it, but i was looking
for more low-level approach to this issue, stoppin
* Subba Rao <[EMAIL PROTECTED]> [030622 01:16]:
> I am using iptables on my system. It is very basic setup that denies all
> outside connections. When an outside connection is attempted, the packet is
> dropped and logged into the syslog. When I run tcpdump on the same interfac
On Sat, 21 Jun 2003, Subba Rao wrote:
>
> I am using iptables on my system. It is very basic setup that denies all
> outside connections. When an outside connection is attempted, the packet is
> dropped and logged into the syslog. When I run tcpdump on the same interface,
> I
I am using iptables on my system. It is very basic setup that denies all
outside connections. When an outside connection is attempted, the packet is
dropped and logged into the syslog. When I run tcpdump on the same interface,
I do see a lot of ARP requests and bootps/bootpc (UDP) requests
1. Short question - is there any way for iptables to mangle the DESTINATION
ip address after routing a packet and the SOURCE ip address before
routing it?
2. Big question - I have the following network setup at home:
___
(linux
t;
> You may wish to check out Shorewall:
>
> http://www.shorewall.net/
>
> It is a standard firewall for iptables that is included with latest
> versions of Mandrake. I did not use it yet.
I'm currently using it (on debian woody).
iptables is, indeed, quite a low-lev
r someone with simple and
> standardized needs and wants just to get the job done without being
> bothered.
> Time permitting, I'll study it and make a recommendation for Israeli ADSL
> users.
You may wish to check out Shorewall:
http://www.shorewall.net/
It is a standard firewall
Hi,
Might I join the recommendation of the IPtables scripts at
http://www.linuxguruz.org/iptables/ . If you're looking for "strong"
configurations, then by judging from what I've found, there are some
pretty complicated configuration there (sorry, dont have the exact
tection, etc.
> > More recently I configured a 2.4.x Linux firewall with iptables.However
> > I am not happy with the iptables configuration used there.
> >
> > Does anyone know about a collection of recommended iptables scripts for
> > the following environments:
e recently I configured a 2.4.x Linux firewall with iptables. However
> I am not happy with the iptables configuration used there.
>
> Does anyone know about a collection of recommended iptables scripts for
> the following environments:
> 1. Single Linux PC at home (no need to expo
Here is something which should fit your needs (except maybe that I use a
fixed IP address).
Hope this helps.
BTW - once you setup the configuration you can save/restore it in the boot
scripts with iptables-save and iptables-restore.
--Amos
> -Original Message-
> From: Omer Zak
Once upon a time I configured a 2.2.x Linux firewall with ipchains, and
used a script with which I was happy, as it opened only certain ports, had
anti-spoofing protection, etc.
More recently I configured a 2.4.x Linux firewall with iptables. However
I am not happy with the iptables configuration
Hi,
I'm answering my own post, since the solution may help someone else.
I discovered that iptables refuses to run when ipchains is also active.
Disableing ipchains solved the problem. The error messages from iptables were
really not helpful. :-( And I didn't find any mention of th
[EMAIL PROTECTED] wrote:
> [root@shlomo1 root]# iptables -L
> /lib/modules/2.4.19-16mdk/kernel/net/ipv4/netfilter/ip_tables.o.gz:
> init_module: Device or resource busy
I never knew that kernel modules object files can be gzipped..
It does not work at my system though - is it requ
Hi,
I just installed MDK 9.0 and I'm having a problem with iptables. Here's what I
get when I run iptables -L:
[root@shlomo1 root]# iptables -L
/lib/modules/2.4.19-16mdk/kernel/net/ipv4/netfilter/ip_tables.o.gz:
init_module: Device or resource busy
Hint: insmod errors can be caused by
I don't know about iptables strange behavior, but you to have a mistake
here.
You say DROP, but do ACCEPT instead. :-)))
> # Set defaults to drop:
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -P FORWARD ACCEPT
---
Oleg Kobets
Network Administrator
w
Quoting Stiven Andre, from the post of Wed, 27 Nov:
> Hi List.
>
> I have my home network being masqueraded by linux router(RH8.0).
> Network topology:
> Linux router(192.168.1.1): eth0 to LAN, eth1 to adsl modem.
> LAN = 192.168.1.*
> I wrote iptables script that masquerade
Hi List.
I have my home network being masqueraded by linux router(RH8.0).
Network topology:
Linux router(192.168.1.1): eth0 to LAN, eth1 to adsl modem.
LAN = 192.168.1.*
I wrote iptables script that masquerades my network, but the problem is when
I run the script from the first time from /etc
Reformulation of Problem:
running
iptables -t nat -I PREROUTING -m mac --mac-source 00:02:2D:08:FD:67 -j
ACCEPT
then
iptables -t nat -I PREROUTING -m mac --mac-source 00:02:2D:08:FD:67 -j
DNAT --to-destination 10.0.10.2
does not work for established connections, like browsing CNN.COM
man
Hi there.
While playing with iptables building rules on the fly and reverting them
I found that it takes a while to take the new rule.
I am on kernel 2.4.18-17.7.x on RH7.3
iptables-1.2.5-3
I am DNATing all my pcs to my gateway ip, in that way the computer that
tries to connect to the internet
ahi Fadida [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 5:43 PM
To: Levy Ohad; [EMAIL PROTECTED]
Subject: RE: iptables flush doesn't kill RELATED packets
If you have adsl(which u didn't mention) The fact that u can go to walla
gives a hint that maybe you didn't flush every
Assaf Flatto wrote:
Message
stop the IPtables deamon running in the background
would be a good start
/etc/init.d/iptables stop
or
service iptables stop
The IPTables "service" is not a daemon, but a simple script that loads rules
from a file in sysconfin
1 - 100 of 127 matches
Mail list logo
