Re: iptables --> nftables?

> On 20/12/2022 05.01, ToddAndMargo via users wrote: >> Hi All, >> >> Anyone have a favorite how to migrate >> iptables to nftables? >> >> I found this so far: >> >> https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables >> >> I'd rather one specifically with Fedora i

Re: iptables --> nftables?

This was valid in 2016 for Fedora and Centos 7: In the package iptables-nft you will find the following conversion programs: iptables-to-nft-conversion iptables-restore-translate (RUN AS ROOT) ** https://wiki.nftables.org/wiki-nftables/index.php/Main_Page suomi On 20/12/2022 05.01, T

Re: iptables-restore-translate

Bonjour François I have created a note in 2016 (appartently when I changed from iptables to nftables): The package for the conversion program is iptables-nft. The program is iptables-restore-translate. suomi On 24/02/2022 14.52, François Patte wrote: Bonjour, I would like to move from ipt

Re: Iptables->Firewalld Upgrade: Really Necessary?

Data Sat, 20 Jul 2019 06:53:56 +0800 Ed Greshko napisał(a): > On 7/20/19 6:20 AM, Tim Evans wrote: > > Installing F30, adding iptables and my current ruleset, and > > disabling firewalld looks very simple and quick. Why shouldn't I do > > it? > > > > If necessary, I can post an anonymized copy of

Re: Iptables->Firewalld Upgrade: Really Necessary?

Hi On Fri, 19 Jul 2019 18:20:35 -0400 Tim Evans wrote: > I really, really need to figure out how to port my iptables ruleset to > work with firewalld. You may try first to port your iptables by using the "Direct Options" that provides firewall-cmd. I plan to use it for a while ... Example (

Re: Iptables->Firewalld Upgrade: Really Necessary?

On 7/19/19 3:20 PM, Tim Evans wrote: I'm planning on upgrading that system to Fedora 30, and am wondering if I really, really need to figure out how to port my iptables ruleset to work with firewalld.  Other than the need to be up to date (I am originally from Kansas City), what're the advantag

Re: Iptables->Firewalld Upgrade: Really Necessary?

On Fri, 19 Jul 2019 18:20:35 -0400 Tim Evans wrote: > wondering if > I really, really need to figure out how to port my iptables ruleset to > work with firewalld Nope, not yet. Just disable every service that has firewall in the name systemctl list-unit-files | fgrep -i firewall Then enable i

Re: Iptables->Firewalld Upgrade: Really Necessary?

On 7/20/19 6:20 AM, Tim Evans wrote: > I've been running an CentOS 6.x firewall/NAT router, using iptables for many > years.  My > very simple iptables ruleset is based on the venerable Oskar Andreasson > tutorial > (https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html). > > I'm pla

Re: Iptables rules dont copy to vsphere clone template

On 04/25/2018 05:03 AM, Elham Sadat Azarian via users wrote: > Hi > I set a rule in iptables(firewall-cmd) and try to clone a template from my > server with vsphere. but my template didnt inherit this rules! > whats the problem? Are you certain you made the rule permanent? If it was only the "run

Re: iptables

On 31/03/16 08:26 PM, jd1008 wrote: > Has fedora dropped support for iptables in favor of firewalld? firewalld configures iptables. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? -- users mailing

Re: iptables address range -

On 02/16/16 13:17, Gordon Messmer wrote: On 02/16/2016 09:00 AM, Bob Goodwin wrote: But get "parse errors" when restarting iptables with everything I've tried. Obviously I'm in over my head here, just trying to follow examples. You're probably better off asking these questions on the open

Re: iptables address range -

On 02/16/2016 09:00 AM, Bob Goodwin wrote: But get "parse errors" when restarting iptables with everything I've tried. Obviously I'm in over my head here, just trying to follow examples. You're probably better off asking these questions on the openwrt forums. The rules you're sharing aren't

Re: iptables address range -

On 02/16/2016 09:00 AM, Bob Goodwin wrote: I have a rule: # config rule option src lan option dest wan option src_ip 192.168.1.150 option proto all option extra '-m time --weekdays Sat,Sun,Mon,Tue,Wed,Thu,Fri --timestart 05:00 --timestop 24:00' option target REJECT

Re: iptables -

On 02/09/16 04:06, j.witvl...@mindef.nl wrote: Hi Bob, As many said before, due to the lack of info, will result in only partly helpful replies. 1) Decent firewall's have all policies firmly to "DROP" (instead of the default "ACCEPT") 2) Assuming eth0 is your lan-device, (connected to 192

RE: iptables -

like timebased rules and so on -Original Message- From: users-boun...@lists.fedoraproject.org [mailto:users-boun...@lists.fedoraproject.org] On Behalf Of Mike Wright Sent: maandag 8 februari 2016 23:25 To: Community support for Fedora users Subject: Re: iptables - On 02/08/2016 02

Re: iptables -

On 02/08/16 17:24, Mike Wright wrote: On 02/08/2016 02:10 PM, Bob Goodwin wrote: Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access? Hi Bob, Decided lack of info to go on but th

Re: iptables -

On 02/08/16 17:21, Richard Shaw wrote: On Mon, Feb 8, 2016 at 4:10 PM, Bob Goodwin > wrote: Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping norma

Re: iptables -

On 02/08/2016 02:10 PM, Bob Goodwin wrote: Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access? Hi Bob, Decided lack of info to go on but this will accomplish that. If you just want

Re: iptables -

Of course, after I replied it made me think of some additional words to search for and I found this, HTH: http://www.tuxradar.com/answers/131 Thanks, Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman

Re: iptables -

On Mon, Feb 8, 2016 at 4:10 PM, Bob Goodwin wrote: > > Can someone give me an example [for my router] of the iptables code needed > to prevent 192.168.1.17 from connecting to the internet while keeping > normal LAN access? This is a complete SWAG but I think you would have to add two rules, one

Re: iptables and ruleset

On 07/20/2015 11:57 AM, jd1008 wrote: Is firewalld similar to fbsd's firewall app as far as rulesets are concerned? I don't know enough about fbsd to answer that. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/

Re: iptables and ruleset

On 07/20/2015 12:37 PM, Gordon Messmer wrote: On 07/20/2015 10:55 AM, jd1008 wrote: These are NOT what I have in /etc/sysconfig/iptables at all!!! Is there more than one service setting firewall rules on your system? Because iptables.service is deprecated, you probably also need to disabl

Re: iptables and ruleset

On 07/20/2015 10:55 AM, jd1008 wrote: These are NOT what I have in /etc/sysconfig/iptables at all!!! Is there more than one service setting firewall rules on your system? Because iptables.service is deprecated, you probably also need to disable firewalld. -- users mailing list users@lists.f

Re: iptables and ruleset

On 07/20/2015 11:47 AM, Gordon Messmer wrote: On 07/20/2015 09:59 AM, jd1008 wrote: So, where should I place the ruleset file /etc/sysconfig/iptables so that when iptables.service is started, the ruleset I want is what is used? That's the place for it. Run "/usr/libexec/iptables/iptables.i

Re: iptables and ruleset

On 07/20/2015 09:59 AM, jd1008 wrote: So, where should I place the ruleset file /etc/sysconfig/iptables so that when iptables.service is started, the ruleset I want is what is used? That's the place for it. Run "/usr/libexec/iptables/iptables.init start" in a terminal and see if there is any

Re: iptables with logging vs denyhosts

On 07/07/2015 05:07 AM, sb...@mississippi.com wrote: Have you looked at fail2ban? It watches /var/log/secure for break in attempts/failed logins and dynamically adds iptables rules to block the bad guys. It will do (automatically) pretty much what you're doing manually. Thanks for your quick

RE: iptables with logging vs denyhosts

Have you looked at fail2ban? It watches /var/log/secure for break in attempts/failed logins and dynamically adds iptables rules to block the bad guys. It will do (automatically) pretty much what you're doing manually. - Original Message - From: dwoody5654 [mailto:dwoody5...@gmail.com]

Re: IPTables not starting automatically with F21

On 01/03/15 17:18, Philip Rhoades wrote: > I have got a script that quickly sets up iptables for me - firewalld is too > complicated so I have been uninstalling firewalld and activating iptables for > the last couple of versions - this worked fine for F20 but although I have > done: > > system

Re: iptables adding rules not in /etc/sysconfig/iptables

On 30.10.2014 19:11, Tom Horsley wrote: ... > does. Also the default libvirtd service starts a bunch of > networking things for providing a default network that includes > some firewall tinkering (or used to, anyway). > $ rpm -qil libvirt-daemon-config-nwfilter Only for virtual network, therefore

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/31/14 11:37, Tim wrote: > Allegedly, on or about 31 October 2014, Ed Greshko sent: >> I've not used iptables service for a long time >> >> I don't recall if starting certain services open ports on their own. > I've never seen that. That sort of (dynamic) behaviour is what > firewalld is

Re: iptables adding rules not in /etc/sysconfig/iptables

Allegedly, on or about 31 October 2014, Ed Greshko sent: > I've not used iptables service for a long time > > I don't recall if starting certain services open ports on their own. I've never seen that. That sort of (dynamic) behaviour is what firewalld is supposed to do. I could see the sen

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/31/14 11:29, jd1008 wrote: > > On 10/30/2014 08:51 PM, Ed Greshko wrote: >> netstat -tnap | grep 53 | grep -i listen >> netstat -tnap | grep 67 | grep -i listen > tcp0 0 0.0.0.0:53 0.0.0.0:* LISTEN > 3591/dnsmasq > tcp6 0 0 :::53 :::*

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/30/2014 08:51 PM, Ed Greshko wrote: netstat -tnap | grep 53 | grep -i listen netstat -tnap | grep 67 | grep -i listen tcp0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3591/dnsmasq tcp6 0 0 :::53 :::*LISTEN 3591/dnsmasq tcp0

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/31/14 10:30, jd1008 wrote: > I disabled firewalld and rebooted. Still ... > > # iptables -L -n > Chain INPUT (policy DROP) > target prot opt source destination > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0udp dpt:53 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0tcp dpt:53 >

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/30/2014 07:59 PM, Ed Greshko wrote: On 10/31/14 09:51, jd1008 wrote: # systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since Thu 2014-10-30 19:44:

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/31/14 09:51, jd1008 wrote: > # systemctl status firewalld.service > firewalld.service - firewalld - dynamic firewall daemon >Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) >Active: inactive (dead) since Thu 2014-10-30 19:44:22 MDT; 4min 2s ago > Main PID: 659 (co

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/30/2014 07:11 PM, Ed Greshko wrote: On 10/31/14 09:04, jd1008 wrote: On 10/30/2014 05:12 PM, Ed Greshko wrote: On 10/31/14 02:11, Tom Horsley wrote: On Thu, 30 Oct 2014 12:00:28 -0600 jd1008 wrote: Why is this taking place? Lots of things fiddle with iptables rules. If you have the

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/31/14 09:04, jd1008 wrote: > > On 10/30/2014 05:12 PM, Ed Greshko wrote: >> On 10/31/14 02:11, Tom Horsley wrote: >>> On Thu, 30 Oct 2014 12:00:28 -0600 >>> jd1008 wrote: >>> Why is this taking place? >>> Lots of things fiddle with iptables rules. >>> >>> If you have the new firewalld se

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/30/2014 05:12 PM, Ed Greshko wrote: On 10/31/14 02:11, Tom Horsley wrote: On Thu, 30 Oct 2014 12:00:28 -0600 jd1008 wrote: Why is this taking place? Lots of things fiddle with iptables rules. If you have the new firewalld service running, God knows what it does. Also the default libvi

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/31/14 02:11, Tom Horsley wrote: > On Thu, 30 Oct 2014 12:00:28 -0600 > jd1008 wrote: > >> Why is this taking place? > Lots of things fiddle with iptables rules. > > If you have the new firewalld service running, God knows what it > does. Also the default libvirtd service starts a bunch of > n

Re: iptables adding rules not in /etc/sysconfig/iptables

On 10/30/2014 12:11 PM, Tom Horsley wrote: On Thu, 30 Oct 2014 12:00:28 -0600 jd1008 wrote: Why is this taking place? Lots of things fiddle with iptables rules. If you have the new firewalld service running, God knows what it does. Also the default libvirtd service starts a bunch of networki

Re: iptables adding rules not in /etc/sysconfig/iptables

On Thu, 30 Oct 2014 12:00:28 -0600 jd1008 wrote: > Why is this taking place? Lots of things fiddle with iptables rules. If you have the new firewalld service running, God knows what it does. Also the default libvirtd service starts a bunch of networking things for providing a default network tha

Re: IPTables not flushing?

On 06/04/2013 03:53 AM, Ed Greshko wrote: > On 06/04/13 05:35, Anthony wrote: >> I'm playing around with iptables and have inserted a few new rules. >> Now, I want to flush them all so I use >> >> iptables -F >> >> Then, I restart the firewall with >> >> service iptables restart >> >> and everythin

Re: IPTables not flushing? (SOLVED)

On 06/03/2013 06:30 PM, Ed Greshko wrote: > On 06/04/13 07:21, Ed Greshko wrote: >> Start here https://fedoraproject.org/wiki/FirewallD > > You may also benefit from this > > http://fedoraproject.org/wiki/Systemd Thank you! -- Anthony Papillion Phone: 1.918.533.9699 SIP: sip:ca

Re: IPTables not flushing?

On 06/04/13 07:21, Ed Greshko wrote: > Start here https://fedoraproject.org/wiki/FirewallD You may also benefit from this http://fedoraproject.org/wiki/Systemd -- The only thing worse than a poorly asked question is a cryptic answer. -- users mailing list users@lists.fedoraproject.org

Re: IPTables not flushing?

On 06/04/13 07:07, Anthony wrote: > On 06/03/2013 05:23 PM, Ed Greshko wrote: >> First, I think it is best to confirm the version of Fedora you're running. >> Also, you're wanting to use the iptables service so, you've disabled >> firewalld and enabled iptables? > I'm running F18 and, no, I did

Re: IPTables not flushing?

On 06/03/2013 05:23 PM, Ed Greshko wrote: > On 06/04/13 05:35, Anthony wrote: >> I'm playing around with iptables and have inserted a few new >> rules. Now, I want to flush them all so I use >> >> iptables -F >> >> Then, I restart the firewall with >> >> service iptables restart >> >> and every

Re: IPTables not flushing?

On 06/04/13 05:35, Anthony wrote: > I'm playing around with iptables and have inserted a few new rules. > Now, I want to flush them all so I use > > iptables -F > > Then, I restart the firewall with > > service iptables restart > > and everything looks like it's restarting alright. But when I list

Re: Iptables problem

Thank you. Sent from my BlackBerry® smartphone powered by Mobilicity -Original Message- From: Reindl Harald Sender: users-boun...@lists.fedoraproject.org Date: Sat, 09 Mar 2013 14:40:44 To: Reply-To: Community support for Fedora users Subject: Re: Iptables problem -- users mailing

Re: Iptables problem

Am 09.03.2013 14:29, schrieb davidscha...@mobilicity.blackberry.com: > Sorry about the last post. New phone and I am not used to sending emails from > it. > Command line: iptables -A INPUT -p tcp -dport 20 -j ACCEPT results in error > Bad argument 20 fix your typos WRONG: iptables -A INPUT

Re: Iptables problem

Am 09.03.2013 14:23, schrieb davidscha...@mobilicity.blackberry.com: > Using > iptables -A INPUT -p tcp -dport 20 -j ACCEPT this is a useless problem description at all since our glass balls are broken 20 is active FTP and will not work until the client's firewall opens the random port of the

Re: Iptables problem

On Sat, 2013-03-09 at 13:23 +, davidscha...@mobilicity.blackberry.com wrote: > Using > iptables -A INPUT -p tcp -dport 20 -j ACCEPT > Sent from my BlackBerry® smartphone powered by Mobilicity If you don't state what the problem actually was, I doubt that anyone can help you. poc -- users m

Re: iptables bug? (Was RE: F18: post-friday updates + ssh ports + iptables)

On Tue, 29 Jan 2013 04:00:05 +0100 Suvayu Ali wrote: > On Mon, Jan 28, 2013 at 08:23:11PM -0600, Ranjan Maitra wrote: > > On Tue, 29 Jan 2013 03:01:30 +0100 Suvayu Ali > +li...@gmail.com> wrote: > > > > I am not sure how to figure out what were in those updates. Is there a > > way? I am not eve

Re: iptables bug? (Was RE: F18: post-friday updates + ssh ports + iptables)

On Mon, Jan 28, 2013 at 08:23:11PM -0600, Ranjan Maitra wrote: > On Tue, 29 Jan 2013 03:01:30 +0100 Suvayu Ali +li...@gmail.com> wrote: > > I am not sure how to figure out what were in those updates. Is there a > way? I am not even sure that this is an iptables issue, only that > restarting it ap

Re: iptables bug? (Was RE: F18: post-friday updates + ssh ports + iptables)

On Tue, 29 Jan 2013 03:01:30 +0100 Suvayu Ali wrote: > On Mon, Jan 28, 2013 at 03:47:50PM -0800, Ranjan Maitra wrote: > > OK, I believe this is a bug (or a feature I can not fathom) > > > > I reboot the machine, and lose access to the ssh port. Restarting iptables > > fixes the problem. This

Re: iptables bug? (Was RE: F18: post-friday updates + ssh ports + iptables)

On Mon, Jan 28, 2013 at 03:47:50PM -0800, Ranjan Maitra wrote: > OK, I believe this is a bug (or a feature I can not fathom) > > I reboot the machine, and lose access to the ssh port. Restarting iptables > fixes the problem. This is problematic because the machine can not be > rebooted remote

Re: iptables is like alchemy

On Thu, Jan 3, 2013 at 3:37 AM, Jorge Fábregas wrote: > Ok, I've posted a similar setup I've used in the past that worked like a > charm. The script is the actual /etc/sysconfig/iptables. You'll notice > the syntax there is somehow different than when you manually create the > rules (or put in a

Re: iptables is like alchemy

Jorge Fábregas wrote: Ok, I've posted a similar setup I've used in the past that worked like a charm. The script is the actual /etc/sysconfig/iptables. You'll notice the syntax there is somehow different than when you manually create the rules (or put in a script) but you get the idea. Those r

Re: iptables is like alchemy

2013/1/3 Jorge Fábregas : > Ok, I've posted a similar setup I've used in the past that worked like a > charm. The script is the actual /etc/sysconfig/iptables. You'll notice > the syntax there is somehow different than when you manually create the > rules (or put in a script) but you get the idea

Re: iptables is like alchemy

On 01/02/2013 06:54 PM, Alan Evans wrote: This is really related to iptables, not I presume Fedora-specific. But I'm really hoping that somebody here will be able to school me on iptables, so I don't have to find and subscribe to some other list just to ask one question. For what it is worth

Re: iptables is like alchemy

Ok, I've posted a similar setup I've used in the past that worked like a charm. The script is the actual /etc/sysconfig/iptables. You'll notice the syntax there is somehow different than when you manually create the rules (or put in a script) but you get the idea. Those rules WERE THE MINIMUM re

Re: iptables is like alchemy

I'll try this tomorrow when I get into work. But at first look it seems awfully familiar, like it's something that I've already tried. Thanks, though. At this point I'll try whatever somebody thinks might work. -Alan Maybe I should have put it this way. This one does the redirect. iptables -t

Re: iptables is like alchemy

On 01/03/2013 03:47 AM, Alan Evans wrote: > Anyway, the rule I posted is the only rule in use here. I have tried other > iterations that did involve a MASQUERADE rule, but they didn't work either. > Like I said, I've been scouring google to solve this for a long time. I see but this doesn't makes

Re: iptables is like alchemy

On Wed, Jan 2, 2013 at 7:50 PM, Gary Hodder wrote: try this > ppp0=Internet connection > eth0=local area network connection > This will forward port 22 on the Internet to machine 192.168.0.2 port 22 > on local network. > > iptables -A FORWARD -p tcp -i ppp0 -o eth0 -d 192.168.0.2 --dport 22 -j > A

Re: iptables is like alchemy

On Wed, Jan 2, 2013 at 6:13 PM, Jorge Fábregas wrote: > > Please elaborate more. I'll try. > Why does 192.168.0.35 perform DNS queries > against the "external interface" of the firewall? Why not use the > internal ip? It doesn't. I'll try to be more specific: There are at least four machin

Re: iptables is like alchemy

On Wed, 2013-01-02 at 15:54 -0800, Alan Evans wrote: > This is really related to iptables, not I presume Fedora-specific. But > I'm really hoping that somebody here will be able to school me on > iptables, so I don't have to find and subscribe to some other list > just to ask one question. > > >

Re: iptables is like alchemy

On 01/02/2013 07:54 PM, Alan Evans wrote: > DNS queries (portal is also a DNS server) to the external > interface stop working. Hi, Please elaborate more. Why does 192.168.0.35 perform DNS queries against the "external interface" of the firewall? Why not use the internal ip? If you manually pe

Re: IPTABLES and EBTABLES

Lázaro Morales wrote: Hello, How can be used EBTABLES in addition to IPTABLES to forward traffic from an internal LAN to an external? Suppose that I have an internal LAN with private IPs, and a Gateway that control the traffic to the outside, and I only need forward traffic for certain MAC addr

RE: IPTABLES and EBTABLES

your commands are for iptables not ebtables. another way you could do this is to use system-config-firewall to setup masquerading and a stock set of rules for you since you’re not familiar with netfilter, and then add your custom rules later. From: Lázaro Morales Sent: ‎31‎ ‎October‎ ‎2012 ‎3‎

Re: iptables fubared?

Tim wrote: On Thu, 2012-10-04 at 12:45 -0700, Mark Space wrote: I'm not sure where I could have fubared this. I did try to redirect the ports from 80 to 8080, perhaps that was done incorrectly? You've tested that you can browse to localhost on port 80, but have you also tested that web server

Re: iptables fubared?

jdow wrote: On 2012/10/07 10:46, Eddie G. O'Connor Jr. wrote: On 10/07/2012 01:27 PM, Joe Zeff wrote: On 10/07/2012 10:04 AM, Eddie G. O'Connor Jr. wrote: .I HATE help-desk. I spent over seven years doing tech support for an ISP. I stuck with it because I found out that I enjoyed the proble

Re: iptables fubared?

On 2012/10/07 18:58, Eddie G. O'Connor Jr. wrote: On 10/07/2012 09:55 PM, jdow wrote: On 2012/10/07 16:12, Eddie G. O'Connor Jr. wrote: On 10/07/2012 05:17 PM, jdow wrote: On 2012/10/07 13:33, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:27 PM, Joe Zeff wrote: On 10/07/2012 01:17 PM, Eddi

Re: iptables fubared?

On 10/07/2012 09:55 PM, jdow wrote: On 2012/10/07 16:12, Eddie G. O'Connor Jr. wrote: On 10/07/2012 05:17 PM, jdow wrote: On 2012/10/07 13:33, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:27 PM, Joe Zeff wrote: On 10/07/2012 01:17 PM, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:03 PM, J

Re: iptables fubared?

On 2012/10/07 16:12, Eddie G. O'Connor Jr. wrote: On 10/07/2012 05:17 PM, jdow wrote: On 2012/10/07 13:33, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:27 PM, Joe Zeff wrote: On 10/07/2012 01:17 PM, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:03 PM, Joe Zeff wrote: On 10/07/2012 12:43 P

Re: iptables fubared?

On 10/07/2012 07:12 PM, Joe Zeff wrote: On 10/07/2012 02:17 PM, jdow wrote: Child, eh? Those were the years I was a lousy date at least one night a week while I was in college and even after I'd graduated - with an advanced degree. I just saw that there's a review of my book over at Goodrea

Re: iptables fubared?

On 10/07/2012 05:17 PM, jdow wrote: On 2012/10/07 13:33, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:27 PM, Joe Zeff wrote: On 10/07/2012 01:17 PM, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:03 PM, Joe Zeff wrote: On 10/07/2012 12:43 PM, jdow wrote: Eddie and Joe, there is nothing more

Re: iptables fubared?

On 10/07/2012 02:17 PM, jdow wrote: Child, eh? Those were the years I was a lousy date at least one night a week while I was in college and even after I'd graduated - with an advanced degree. I just saw that there's a review of my book over at Goodreads: "I'm glad there are kids out there to

[Fluff] Re: iptables fubared?

On 10/07/2012 02:03 PM, Tim wrote: On Sun, 2012-10-07 at 10:27 -0700, Joe Zeff wrote: and was better at it than at least 90% of my cow-orkers Hmm, I see that I'm not the only one who sees that word something like that, it always looks just wrong. Though, I tend to misread it like cow-workers.

Re: iptables fubared?

On 2012/10/07 13:33, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:27 PM, Joe Zeff wrote: On 10/07/2012 01:17 PM, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:03 PM, Joe Zeff wrote: On 10/07/2012 12:43 PM, jdow wrote: Eddie and Joe, there is nothing more frustrating than being in a critical

Re: iptables fubared?

On Sun, 2012-10-07 at 10:27 -0700, Joe Zeff wrote: > and was better at it than at least 90% of my cow-orkers Hmm, I see that I'm not the only one who sees that word something like that, it always looks just wrong. Though, I tend to misread it like cow-workers. -- [tim@localhost ~]$ uname -r 2.

Re: iptables fubared?

On 10/07/2012 04:27 PM, Joe Zeff wrote: On 10/07/2012 01:17 PM, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:03 PM, Joe Zeff wrote: On 10/07/2012 12:43 PM, jdow wrote: Eddie and Joe, there is nothing more frustrating than being in a critical hurry while a first string tech support guy rigidly

Re: iptables fubared?

On 10/07/2012 01:17 PM, Eddie G. O'Connor Jr. wrote: On 10/07/2012 04:03 PM, Joe Zeff wrote: On 10/07/2012 12:43 PM, jdow wrote: Eddie and Joe, there is nothing more frustrating than being in a critical hurry while a first string tech support guy rigidly follows the "is it plugged in" script.

Re: iptables fubared?

On 10/07/2012 04:03 PM, Joe Zeff wrote: On 10/07/2012 12:43 PM, jdow wrote: Eddie and Joe, there is nothing more frustrating than being in a critical hurry while a first string tech support guy rigidly follows the "is it plugged in" script. Yup! That's why I always make sure that the member

Re: [OT] Was: Re: iptables fubared?

On 10/07/2012 02:38 PM, Joe Zeff wrote: On 10/07/2012 10:46 AM, Eddie G. O'Connor Jr. wrote: ...maybe it's just that because of the "abuse" I've suffered at the hands of those relentless users who feel that because you're on the other end of the phone.that they can treat you like trash and

Re: iptables fubared?

On 10/07/2012 12:43 PM, jdow wrote: Eddie and Joe, there is nothing more frustrating than being in a critical hurry while a first string tech support guy rigidly follows the "is it plugged in" script. Yup! That's why I always make sure that the member of the phone firewall knows that I have a

Re: iptables fubared?

On 2012/10/07 10:46, Eddie G. O'Connor Jr. wrote: On 10/07/2012 01:27 PM, Joe Zeff wrote: On 10/07/2012 10:04 AM, Eddie G. O'Connor Jr. wrote: .I HATE help-desk. I spent over seven years doing tech support for an ISP. I stuck with it because I found out that I enjoyed the problem solving (an

[OT] Was: Re: iptables fubared?

On 10/07/2012 10:46 AM, Eddie G. O'Connor Jr. wrote: ...maybe it's just that because of the "abuse" I've suffered at the hands of those relentless users who feel that because you're on the other end of the phone.that they can treat you like trash and not have to pay for it... As I point out

Re: iptables fubared?

On 10/07/2012 01:27 PM, Joe Zeff wrote: On 10/07/2012 10:04 AM, Eddie G. O'Connor Jr. wrote: .I HATE help-desk. I spent over seven years doing tech support for an ISP. I stuck with it because I found out that I enjoyed the problem solving (and was better at it than at least 90% of my cow-or

Re: iptables fubared?

On 10/07/2012 10:04 AM, Eddie G. O'Connor Jr. wrote: .I HATE help-desk. I spent over seven years doing tech support for an ISP. I stuck with it because I found out that I enjoyed the problem solving (and was better at it than at least 90% of my cow-orkers.) and liked the idea that at least

Re: iptables fubared?

You HATE administration?..Wow!I HATE help-desk.I would LOVE to be in administrationwhere you don't have users screaming at you because they're too "dense" to figure out MS Office 2010!LoL! I would give anything to sit in some cubicle...or officewith nothing but me and so

Re: iptables fubared?

On Fri, 2012-10-05 at 17:25 -0700, Mark Space wrote: > I didn't see any of these messages until the last one. Is > the list fubared? Messages aren't always delivered in order, especially if they end up travelling through different routes. Because of that, some of them can get seriously delayed.

Re: iptables fubared?

supported under Java... PK -Original message- From: Bruno Wolff III Sent: Fri 05-10-2012 13:22 Subject: Re: iptables fubared? To: Patrick Kobly ; CC: "Community support for Fedora users" ; On Fri, Oct 05, 2012 at 12:50:30 -0600, Patrick Kobly wrote:

RE: iptables fubared?

Unfortunately, neither of those being platform-independent, it's somewhat unlikely that this will be supported under Java... PK -Original message- From: Bruno Wolff III Sent: Fri 05-10-2012 13:22 Subject: Re: iptables fubared? To: Patrick Kobly ; CC: "

Re: iptables fubared?

On Fri, Oct 05, 2012 at 12:50:30 -0600, Patrick Kobly wrote: He's running JBoss... Java apps won't drop privs. Non-root can't bind to 80, so he gets JBoss to bind to 8080 then redirects. Yuck. There are other ways to do that. I think the systemd route is probably the way to do it in curre

Re: iptables fubared?

He's running JBoss... Java apps won't drop privs. Non-root can't bind to 80, so he gets JBoss to bind to 8080 then redirects. PK On 2012-10-05, at 12:01 PM, "Tim" wrote: > Tim: >>> Why are you redirecting, though? If there's a block on port 80, then >>> your attempt to get in on port 80 and

Re: iptables fubared?

Tim: >> Why are you redirecting, though? If there's a block on port 80, then >> your attempt to get in on port 80 and redirect to port 8080 isn't >> going work. Which way are you *trying* to redirect? > Mark Space > Just that I understand it's good practice to never run apps as root. > If I lis

Re: iptables fubared?

On 10/5/2012 1:37 AM, Tim wrote: On Thu, 2012-10-04 at 12:45 -0700, Mark Space wrote: I'm not sure where I could have fubared this. I did try to redirect the ports from 80 to 8080, perhaps that was done incorrectly? You've tested that you can browse to localhost on port 80, but have you also te

Re: iptables fubared?

On 10/5/2012 1:00 AM, Bill Shirley wrote: Maybe I didn't understand correctly. You're wanting to redirect traffic received on eth0 port 80 to port 8080. Is this correct? "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 8080" If so, then you wouldn't expect to s

Re: iptables fubared?

On Thu, 2012-10-04 at 12:45 -0700, Mark Space wrote: > I'm not sure where I could have fubared this. I did try to redirect > the ports from 80 to 8080, perhaps that was done incorrectly? You've tested that you can browse to localhost on port 80, but have you also tested that web server is listenin

Re: iptables fubared?

On 10/5/2012 3:18 AM, Mark Space wrote: On 10/4/2012 11:27 PM, NOSpaze wrote: On Thu, 2012-10-04 at 15:00 -0700, Mark Space wrote: I tried this with tcpdump running on the server. It surprised me when I saw tcpdump respond. Firefox still says "cannot connect" from an external workstation, b

  1   2   3   >