x27;m not disputing this. My comment below
> was to account for
> the syntax error when using the rpm command.
>
>
> >
> > --- Keith Morse <[EMAIL PROTECTED]> wrote:
> > > On Wed, 17 Sep 2003, David E. Williams wrote:
> > >
> > > &
IL PROTECTED]> wrote:
> > On Wed, 17 Sep 2003, David E. Williams wrote:
> >
> > > Hi all,
> > >
> > > I'm running iptables-1.2.6a-2 and am trying to
> > update the package to
> > > iptables-1.2.8-8.80.2. Doing "rpm -Fvh
> > ipt
According to an e-mail I read on this, stat is part of
the coreutils package.
--- Keith Morse <[EMAIL PROTECTED]> wrote:
> On Wed, 17 Sep 2003, David E. Williams wrote:
>
> > Hi all,
> >
> > I'm running iptables-1.2.6a-2 and am trying to
> update the packa
On Wed, 17 Sep 2003, David E. Williams wrote:
> Hi all,
>
> I'm running iptables-1.2.6a-2 and am trying to update the package to
> iptables-1.2.8-8.80.2. Doing "rpm -Fvh iptables*.rpm" I get a failed
> dependency "stat is needed by iptables-1.2.8-8.80.2"
Craig,
Thanks. You saved the day for me!
On Wed, 2003-09-17 at 15:52, Craig White wrote:
> On Wed, 2003-09-17 at 13:06, David E. Williams wrote:
> > Hi all,
> >
> > I'm running iptables-1.2.6a-2 and am trying to update the package to
> > iptables-1.2.8-8.80.2.
On Wed, 2003-09-17 at 13:06, David E. Williams wrote:
> Hi all,
>
> I'm running iptables-1.2.6a-2 and am trying to update the package to
> iptables-1.2.8-8.80.2. Doing "rpm -Fvh iptables*.rpm" I get a failed
> dependency "stat is needed by iptables-1.2.8-8.80
Hi all,
I'm running iptables-1.2.6a-2 and am trying to update the package to
iptables-1.2.8-8.80.2. Doing "rpm -Fvh iptables*.rpm" I get a failed
dependency "stat is needed by iptables-1.2.8-8.80.2". So I tried to
determine what package stat is in with "rpm -q -f
www.netfilter.org works, I get about 20 messages a day from there ( in
non-digest form of course)
mailing list and lots of help
hth
john
At 04:40 PM 6/3/2003 -0400, you wrote:
Where is the best place for iptables help?
Is there a mailing list? I've tried the one listed at
netfilter.org
Around Tue,Jun 03 2003, at 04:40, Allan M. Stewart, wrote:
>
> when I list the rules in effect: (partial display)
>
> #iptables -L
Try
iptables -L -v
Should list interfaces.
--
Roger Morris
[EMAIL PROTECTED]
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://www.redhat
Where is the best place for iptables help?
Is there a mailing list? I've tried the one listed at
netfilter.org, but that seems to be Tango Uniform (dead).
Setting default policy doesn't seem to work with "REJECT"
or "DENY". "ACCEPT" or "DROP&qu
>
> mmm... How about using a unique log prefix and then filtering?
> For example:
>
> # /sbin/iptables -A INPUT -j LOG --log-level DEBUG --log-prefix "vanecek: "
> ...
> # grep vanecek /var/log/packets
I use the --log-prefix to track each class of packets I am
Mike Vanecek wrote:
BTW, this works better if one uses the kern.=debug format.
You are right Mike!
kern.=debug is more efficient
Of course, I hope that nothing else is generating kern.debug messages
mmm... How about using a unique log prefix and then filtering?
For example:
# /sbin/iptables
irewall.
> Watch out for the size of /var/log/packets:
>
> # touch /var/log/packets
> # echo "kern.debug/var/log/packets" >> /etc/syslog.conf
BTW, this works better if one uses the kern.=debug format.
> # /sbin/iptables -A INPUT -j LOG --log-level DEBUG
> # /
irewall.
> Watch out for the size of /var/log/packets:
I will just add the appropriate stuff to logrotate (much as I am doing now for
messages).
>
> # touch /var/log/packets
> # echo "kern.debug/var/log/packets" >> /etc/syslog.conf
> # /sbin/iptables -A INPUT
"kern.debug/var/log/packets" >> /etc/syslog.conf
# /etc/init.d/syslog restart
# /sbin/iptables -P INPUT ACCEPT
# /sbin/iptables -P OUTPUT ACCEPT
# /sbin/iptables -P FORWARD ACCEPT
# /sbin/iptables -F ; /sbin/iptables -X
# /sbin/iptables -A INPUT -j LOG --log-level DEBUG
# /usr/bin/
I would like to log iptable -j LOG to something like local5 rather than to
messages. However, based on my reading of the doco I do not see a way to
change the logging facility for iptables.
The iptables man talks about a -j ULOG. However, searches for information on
how to use it (with specific
I've tried several times to get on the netfilter mailing list, but the
confirmation never works. Is that mailing list still active?
Is this or another place the best place for iptables questions?
Thanks,
Allan
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redha
ivirus 2K2.
> -Ursprungligt meddelande-
> Från: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] För Jack Bowling
> Skickat: den 13 mars 2003 17:26
> Till: [EMAIL PROTECTED]
> Ämne: Re: SV: Problem with IPtables
>
>
> ** Reply to message from Tomas Larsson
> &l
your default FORWARD policy? If it is DROP then you need to specifically allow
packets both ways.
/sbin/iptables -L -v -n | grep FORWARD
jb
--
Jack Bowlingmailto:[EMAIL PROTECTED]
Prince George, BC
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
I can connect to Apache from within internal network with internal
> IP or host I can connect to external web servers.
>
> Everything is working
>
> Except
>
> I cannot connect to apache with domain or external IP
>
> When I do a iptables -L -v -n (-t nat) I can see
ernal web servers.
Everything is working
Except
I cannot connect to apache with domain or external IP
When I do a iptables -L -v -n (-t nat) I can see that packets are forwarded
to Apache, but nothing more happens.
Is there something more and obvious I am missing
With best regards
Tomas La
"Tomas Larsson" <[EMAIL PROTECTED]> wrote:
> I have some problems setting up iptables.
> Background: RH8 box as firewall and router.
> Second RH8 box as apache server
> I can reach the www-server from the internal network, but not from internet.
I
From: "Tomas Larsson" <[EMAIL PROTECTED]>
> $IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
> $IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
> $IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
> $IPTABLES -A INPUT -i
Hi group.
I have some problems setting up iptables.
Background: RH8 box as firewall and router.
Second RH8 box as apache server
I can reach the www-server from the internal network, but not from internet.
My script looks basically like this, what am I missing?
$IPTABLES -A INPUT
nished?
>
> To make it more permanent, put in /etc/sysconfig/iptables something like
> this (note the default policy is drop, and packets are logged so you can
> see who's being bounced).
- -snip-
Editing /etc/sysconfig/iptables is not such a good idea because it
might trigger bug
e reasons I prefer to use shorewall. Well documented
frontend to iptables. Doesn't forget a "key ingredient" (as my
Grandmother used to do with her cookies). No need to learn the syntax yet
you have every opportunity to learn about security. And, it has the
facility to
On Monday 24 February 2003 14:02, Jack Bowling wrote:
> U, guys. No way these rules are going to work without a jump target.
> So add:
>
> -j ACCEPT
>
> to the end of both given rules.
Whoops! I knew I was forgetting something (;
--
Jesse Keating RHCE MCSE
http://geek.j2solutions.net
Mondo
On Mon, Feb 24, 2003 at 12:45:46PM -0800, Jesse Keating wrote:
> On Monday 24 February 2003 12:43, Hans Scheffers wrote:
> > Hello Jesse,
> > What about outgoing?
> >
> > iptables -a OUTPUT -p tcp --sport 80 -d XXX.XXX.XXX.XXX
> > maybe even including state=ESTABLI
On Tue, 2003-02-25 at 03:19, Leonard Miller wrote:
> How do I allow incoming http port 80 from only one machine and
> deny all others? Is it easy to turn off when testing is finished?
To make it more permanent, put in /etc/sysconfig/iptables something like
this (note the default policy i
On Monday 24 February 2003 12:43, Hans Scheffers wrote:
> Hello Jesse,
> What about outgoing?
>
> iptables -a OUTPUT -p tcp --sport 80 -d XXX.XXX.XXX.XXX
> maybe even including state=ESTABLISHED?
I suppose you should add that. Not all firewalls block outgoing traffic, just
incom
Hello Jesse,
What about outgoing?
iptables -a OUTPUT -p tcp --sport 80 -d XXX.XXX.XXX.XXX
maybe even including state=ESTABLISHED?
Monday, February 24, 2003, 6:57:17 PM, you wrote:
JK> On Monday 24 February 2003 09:49, Leonard Miller wrote:
>> How do I allow incoming http port 80 from
On Monday 24 February 2003 09:49, Leonard Miller wrote:
> How do I allow incoming http port 80 from only one machine and
> deny all others? Is it easy to turn off when testing is finished?
iptables -a INPUT -p tcp --dport 80 -s XXX.XXX.XXX.XXX
Where XXX.XXX.XXX.XXX is the IP of the machi
Hi,
This was just dumped on my shoulders, so I'm coming here for help.
I have not used iptables yet, although it is on my To-Do list.
I have a test box and one of my co-horts wanted to test I-chain
and asked me to allow incoming port 80 only from one address.
I looked briefly at the doc
Iain Buchanan wrote:
The best thing to do when debugging services that fail due to firewalls
is to add a logging rule just before any reject/drop rules. Make your
log rule match the same as the following REJECT rule, then you can watch
your logs while you try to connect and see why its failing.
On Wed, 2003-02-19 at 00:42, Antonio Montagnani wrote:
> I built the iptables file with Lokkit and I added only the masquerading
> line...everything is o.k. on my network: then added
> the lines that should have made shares available between my firewalled
> machine (192.168.0.1)
I noticed that I wasn’t able to connect to RHN and was
able to troubleshoot the problem down to a DNS problem. However, I’m able to ping the DNS IP’s. I’m not able to dig them though.
I thought the problem might be with iptables, so I tried to
flush it by:
#iptables –F
I get
Carlo Borelli wrote:
You must specify in your rules what interfaces are you using.
Ciao.
I built the iptables file with Lokkit and I added only the
masquerading
line...everything is o.k. on my network: then added
the lines that should have made shares available between my
firewalled
You must specify in your rules what interfaces are you using.
Ciao.
> I built the iptables file with Lokkit and I added only the
> masquerading
> line...everything is o.k. on my network: then added
> the lines that should have made shares available between my
> firewa
I built the iptables file with Lokkit and I added only the masquerading
line...everything is o.k. on my network: then added
the lines that should have made shares available between my firewalled
machine (192.168.0.1) and my other machine (192.168.0.10).
What is wrong??? as I cannot share what I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 15 Feb 2003 00:28:10 -0500 (EST), Justin Zygmont wrote:
> does anyone have a basic ip masquerading script that they use in
> /etc/sysconfig/iptables. It cannot set ip forwarding from there.
What have you tried?
/etc/sysconfig/iptab
does anyone have a basic ip masquerading script that they use in
/etc/sysconfig/iptables. It cannot set ip forwarding from there.
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
Hello psyche-list,
I've got a couple of RH 8.0 systems on a network. On one of these,
I've set up a couple of entries in /etc/exports and set up NFS. On
this (server) machine, I have opened up the iptables firewall to allow
incoming tcp/udp ports 111 and 2049.
On another (client) sy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 1 Feb 2003 15:06:22 -0800, Charles A. Crayne wrote:
> :I don't have a stock Psyche machine for testing here, but I cannot
> :reproduce anything like that with Valhalla or updated Phoebe 8.0.93
> :or Psyche's iptabl
thats because of the format of /etc/sysconfig/iptables is not a script..
it is the format generated by iptables-save..
make the top part (the *nat) section of /etc/sysconfig/iptables look
similar to the following to make it work "properly" :)
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUT
I had a similar problem a year or two ago. It's a bit hazy but from what I
remember the iptables script wouldn't run if put in /etc/sysconfig/iptables,
I actually had to run it separately after networking had been brought up
(ran from rc.local I think). All I could put it down to was t
On Sat, 1 Feb 2003 21:33:06 +0100
Michael Schwendt <[EMAIL PROTECTED]> wrote:
:I don't have a stock Psyche machine for testing here, but I cannot
:reproduce anything like that with Valhalla or updated Phoebe 8.0.93
:or Psyche's iptables-1.2.6a-3 package installed on Phoebe.
Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 1 Feb 2003 11:53:33 -0800, Charles A. Crayne wrote:
> :If the file /lib/iptables/libipt_MASQUERADE.so is not missing and
> :the same rule is accepted on the command-line, find out a
> :reproducible test-case.
>
> My t
On Sat, 1 Feb 2003 16:01:19 +0100
Michael Schwendt <[EMAIL PROTECTED]> wrote:
:If the file /lib/iptables/libipt_MASQUERADE.so is not missing and
:the same rule is accepted on the command-line, find out a
:reproducible test-case.
My test case is 100% reproducible.
:Try shortening your scr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 31 Jan 2003 19:11:14 -0800, jdow wrote:
> > In building a script for my iptables commands, I find that if I
> > enter the command:
> >
> > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp+ -j
> > MASQ
On Fri, 31 Jan 2003 19:11:14 -0800
"jdow" <[EMAIL PROTECTED]> wrote:
:Yeah, is the ipchains emulation turned off and expunged from your
system?
Yes -- any other thoughts?
-- Chuck
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
From: "Charles A. Crayne" <[EMAIL PROTECTED]>
> In building a script for my iptables commands, I find that if I enter
> the command:
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp+ -j MASQUERADE
>
> from a command prompt, then it executes correct
In building a script for my iptables commands, I find that if I enter
the command:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp+ -j MASQUERADE
from a command prompt, then it executes correctly, but if I place the
identical command into a file and invoke it as a script, then it fails
;> > I send this question again if is possible to anyone help me. or if
>> is possble.
>> >
>> > > Hi, Me AGAIN and my iptables problem.! :(
>> > >
>> > > again description my net and my problem.
>> > >
>> > > Have a
ble to anyone help me. or if is
> > possble.
> >
> > > Hi, Me AGAIN and my iptables problem.! :(
> > >
> > > again description my net and my problem.
> > >
> > > Have a 200.40.226.64 /28 net *public NET
> > > have a 192.168.1.0 /24 n
On Wednesday 29 January 2003 09:38, Pablo Allietti wrote:
> I send this question again if is possible to anyone help me. or if is
> possble.
>
> > Hi, Me AGAIN and my iptables problem.! :(
> >
> > again description my net and my problem.
> >
> > Have a 200.4
On Wed, Jan 29, 2003 at 08:21:48AM -0800, Jack Bowling wrote:
> From: Jack Bowling <[EMAIL PROTECTED]>
> Subject: Re: Newest Iptables Again! :(
> To: [EMAIL PROTECTED]
> X-Mailer: The Polarbar Mailer; version=1.25rc3; build=1953
> X-BeenThere: [EMAIL PROTECTED]
> X-Mailma
** Reply to message from Pablo Allietti <[EMAIL PROTECTED]> on Wed, 29 Jan 2003
11:38:56 +0300
> I send this question again if is possible to anyone help me. or if is
> possble.
>
>
> >
> > Hi, Me AGAIN and my iptables problem.! :(
> >
> > aga
I send this question again if is possible to anyone help me. or if is
possble.
>
> Hi, Me AGAIN and my iptables problem.! :(
>
> again description my net and my problem.
>
> Have a 200.40.226.64 /28 net *public NET
> have a 192.168.1.0 /24 net *private NET
>
>
> Have you created an alias eth0:0 on your external nic, for the second
> external ip?
>
Yes, all function ok, but all clientes 192.168.1.x go outside with the
server ip, this is the problem.
>
>
>
>
> _
> The new MSN 8: sma
Have you created an alias eth0:0 on your external nic, for the second
external ip?
_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
--
Psyche-list mailing list
[EMAIL PROT
Hi, Me AGAIN and my iptables problem.! :(
again description my net and my problem.
Have a 200.40.226.64 /28 net *public NET
have a 192.168.1.0 /24 net *private NET
have a 200.40.226.66 server running iptables * Is the gateway
have a VoIp box THIS is the PROBLEM.
i need to put behind the
-- Original Message ---
From: Jay Turner <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Fri, 24 Jan 2003 02:27:53 -0500
Subject: Re: iptables netmask
> On Thu, Jan 23, 2003 at 07:12:31PM -0600, Mike Vanecek wrote:
> > I am configuring RH 8 iptables. I have read
From: "Jay Turner" <[EMAIL PROTECTED]>
> Would cover from 65.32.0.1 to 65.63.255.254
>
> >
> > Will ip address 64.255.0.0 trigger a hit?
>
> No.
>
> >
> > Will ip address 65.55.1.1 trigger a hit?
>
> Yes.
>
> >
> > How do I test the incoming source address against the above rule and
determine
> >
On Thu, Jan 23, 2003 at 07:12:31PM -0600, Mike Vanecek wrote:
> I am configuring RH 8 iptables. I have read several sources, but am still
> unclear on the impact of a netmask on the source/destination definitions.
>
> For example, -s 65.50.0.0/11 would have a hit on what range of inco
I am configuring RH 8 iptables. I have read several sources, but am still
unclear on the impact of a netmask on the source/destination definitions.
For example, -s 65.50.0.0/11 would have a hit on what range of incoming packets?
If I understand it correctly, which I really do not, the 11 means
this do:
192.168.1.4 \
192.168.1.5 --> 200.40.226.x
192.168.1.45/
> Its this possible with iptables or something and the inverse mode
> too.
You can do this with masquerading, through iptables. Established and
related connections can get back in, and other connections can be
92.168.1.45 ---> 200.40.226.75
>
> Its this possible with iptables or something and the inverse mode
> too.
This is called NAT, see the NAT howto at
http://www.iptables.org/documentation/index.html
--
Markku Kolkka
[EMAIL PROTECTED]
--
Psyche-list mailing list
[E
8.1.45 ---> 200.40.226.75
Its this possible with iptables or something and the inverse mode
too.
When in other network make a ssh 200.40.226.99 go to 192.168.1.4
Thanks a lot
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 111 --syn -j ACCEPT
I believe you will need to remove the above rule and replace it w/ these
two following rules.
-A RH-Lokkit-0-50-INPUT -i -p tcp -m tcp --dport nfs -j ACCEPT
-A RH-Lokkit-0-50 INPUT -p -p tcp -m tcp --dport sunrpc -j
ACCEPT
You
Hello
I am using an RH8 box as an NFS server. The clients are a combination
of Solaris 8 and RH7.2-8. The NFS server works great when iptables is
turned off, but not when its on. What ports need to be open to make
this work. I have included my /etc/sysconfig/iptables file below. Any
Hi, all!
Thanks to everyone with replies to my question about iptables! I'm new
in Linux world and know not much.
Vasyl
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 16 Jan 2003 10:38:58 +0700, David Sudjiman wrote:
> # Default Policy I/O DROP
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
>
> # Rules
> iptables -A INPUT -i eth0 -p tcp -d your_ip --dport 80 -j ACCEPT
> iptables
# Default Policy I/O DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
# Rules
iptables -A INPUT -i eth0 -p tcp -d your_ip --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d your_ip --dport 80 -j ACCEPT
thx
.dave
ps. I'm not really sure about what you ask for
- Original Me
Hi!
How can I using iptables deny anything incoming and outgoing except port
80 for Internet and Apache?
Thanks!
Vasyl
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
using lokkit you will need to do custom setting and let in access to tcp
port 53 to allow dns to work
Dennis
On Thu, 2003-01-09 at 00:30, Bret Chrismer wrote:
> I have a new machine (Redhat 8.0) that I am trying to get working as a
> primary DNS machine, but also wanting to use iptables t
> -Original Message-
> From: Bret Chrismer
> Sent: Wednesday, January 08, 2003 8:31 AM
> Subject: Lokkit (iptables) and DNS updates
>
>
> I have a new machine (Redhat 8.0) that I am trying to get working
> as a primary DNS machine, but also wanting to use iptables
I have a new machine (Redhat 8.0) that I am trying
to get working as a primary DNS machine, but also wanting to use iptables to
help secure the box. One issue that I am having is that when iptables is
running, the primary machine denies access to DNS services to all
machines. If I take
Usually, you have to specify the interface. For example, I run a
caching-only nameserver on my firewall that I don't want anyone to be able
to query from outside the firewall, so I run this command:
iptables -A INPUT -i eth0 -p tcp --dport 53 -j DROP
Hope that syntax helps. Might also wa
I am attempting to create a iptables firewall for a server with two
ethernet cards/two ip addresses. It is just your average webserver that
has two domain names/webpages in it (virtual hosting with Apache).
I can get iptables to work with one ip address, but not the 2nd one. It
seems to ignore
On Mon, 2002-12-16 at 01:13, Deng Guang wrote:
> When iptables is up, my computer can't mount remote fs.The error message
> is "RPC time out". After I stop it, nfs client works fun. I deleted some
> rules one by one to find which rule blocked the access. The result is
>
Psyche default firewalling is a bit brut force. I would recommend using one
of the iptables scripts available on the net. I like gShield, shorewall
gets some good press also. As far as which ports you should open do a
google search on "common tcp ports nfs" In the case of nfs I belie
When iptables is up, my computer can't mount remote fs.The error message
is "RPC time out". After I stop it, nfs client works fun. I deleted some
rules one by one to find which rule blocked the access. The result is
the rule of 0:1023 port udp rejection. I am anxious to know whi
I think you really mean to have 192.168.1.76 and 192.168.1.79 (instead of
192.164.1.76 and 192.164.1.79 respectively), don't you?
Assuming that, and assuming you have PUBLIC_INTERFACE=, you need to have:
iptables --table nat --append POSTROUTING --out-interface
${PUBLIC_INTERFACE} --s
Pablo:
I have a private nework with dhcp, 192.168.1.1
i need thats my clients give internet acces with diferents reals ips.
examples
the client 192.164.1.76 go outside with 200.40.197.68
the client 192.164.1.79 go outside with 200.40.197.69
--
Psyche-list mailing list
[EMAIL PROTECTED]
https:
On Thu, 2002-12-12 at 02:20, Bill Rugolsky Jr. wrote:
> On Mon, Dec 02, 2002 at 11:34:54AM +0930, Iain Buchanan wrote:
> > I've got iptables to log what it drops with various options, but its
> > filling up my log files (theres a lot of traffic at work). Can I
> > someh
You can simply run
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j
MASQUERADE
If you want something a little more robust, you can check out
http://www.xthorsworld.com/rc.firewall
On Wed, 11 Dec 2002, Pablo Allietti wrote:
> How is the method to configure iptables for m
How is the method to configure iptables for make a conecction between my
private network 192.168.1.1/24 to have internet access from my
200.40.197.66/28
in resuming need to make nat with a pool of real address.
Thanks and sorry for my wnglish
--
Psyche-list mailing list
[EMAIL PROTECTED
On Mon, Dec 02, 2002 at 11:34:54AM +0930, Iain Buchanan wrote:
> I've got iptables to log what it drops with various options, but its
> filling up my log files (theres a lot of traffic at work). Can I
> somehow get it to log to a file other than /var/log/messages?
Look into the UL
CCEPT
> -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
> -A INPUT -p udp --sport 137 --dport 137 -j DROP
>
> and
>
> /sbin/iptables --table nat --delete-chain
> /sbin/iptables --table nat --append POSTROUTING --out-interface eth0:0
> -j MASQUERADE
> /sbin/iptables --appe
> Begin of Quote Hidemasa Yamakawa :
> >Hi, all,
> >
> >I assigned 2 ip address to one ethernet card.
> >One is eth0 and another is eth0:1.
> >INPUT and FORWARD policy is DROP
> >When I input
> >iptables -A INPUT -i eth0:1 -j ACCEPT
> >I got war
r is eth0:1.
> > INPUT and FORWARD policy is DROP
> > When I input
> > iptables -A INPUT -i eth0:1 -j ACCEPT
> > I got warning
> > Warning: wierd character in interface `eth0:1' (No aliases, :, ! or *).
> > and no packet come through this interface.
> &g
e:
Hi, all,
I assigned 2 ip address to one ethernet card.
One is eth0 and another is eth0:1.
INPUT and FORWARD policy is DROP
When I input
iptables -A INPUT -i eth0:1 -j ACCEPT
I got warning
Warning: wierd character in interface `eth0:1' (No aliases, :, ! or *).
and no packet come through thi
check the ipv4 foward line in /etc/sysctl.conf it needs to be changed
from 0 -> 1
then run "sysctl -p"
Tommy
--On Tuesday, December 03, 2002 07:05:49 PM -0500 Pablo Allietti
<[EMAIL PROTECTED]> wrote:
Hi i have a problem with iptables in RH8.
I still have a firew
--On Friday, December 06, 2002 10:16:19 AM -0500 Hidemasa Yamakawa
<[EMAIL PROTECTED]> wrote:
Hi, all,
I assigned 2 ip address to one ethernet card.
One is eth0 and another is eth0:1.
INPUT and FORWARD policy is DROP
When I input
iptables -A INPUT -i eth0:1 -j ACCEPT
I got warning
W
Around Fri,Dec 06 2002, at 10:16, Hidemasa Yamakawa, wrote:
> Hi, all,
>
> I assigned 2 ip address to one ethernet card.
> One is eth0 and another is eth0:1.
> INPUT and FORWARD policy is DROP
> When I input
> iptables -A INPUT -i eth0:1 -j ACCEPT
> I got warning
>
** Reply to message from Hidemasa Yamakawa <[EMAIL PROTECTED]> on Fri, 06
Dec 2002 10:16:19 -0500
> Hi, all,
>
> I assigned 2 ip address to one ethernet card.
> One is eth0 and another is eth0:1.
> INPUT and FORWARD policy is DROP
> When I input
> iptables -A INPUT
Hi!
Try sepparately for each ETH card or not put "-i" parameter.
Josep
Begin of Quote Hidemasa Yamakawa :
>Hi, all,
>
>I assigned 2 ip address to one ethernet card.
>One is eth0 and another is eth0:1.
>INPUT and FORWARD policy is DROP
>When I input
>iptables -
Hi, all,
I assigned 2 ip address to one ethernet card.
One is eth0 and another is eth0:1.
INPUT and FORWARD policy is DROP
When I input
iptables -A INPUT -i eth0:1 -j ACCEPT
I got warning
Warning: wierd character in interface `eth0:1' (No aliases, :, ! or *).
and no packet come through
Hi i have a problem with iptables in RH8.
I still have a firewall function in rh7 but in the time to upgrade to 8,
the machines behind a firewall dont access to INTERNET.
my private network dont have access to outside. This is my old iptables
please help me
-A FORWARD -j ACCEPT -i eth0 -o
On Monday 02 December 2002 23:41, Joshua Melbourne White uttered:
> I see many references to running the command iptables. However, when I
> try to do that in the terminal window, it says it isnt a command. The
> iptables service is running however... Any suggestions?
Yes, use (su -)
1 - 100 of 202 matches
Mail list logo
