Re: [gentoo-user] iptables wiki page questions

сб, 15 авг. 2020 г. в 01:34, tastytea : > Note that, if you set rc_depend_strict="NO" in /etc/rc.conf, the > dependency “net” is satisfied if only one net.* service is started. If I remember correctly, it happened sometimes that iptables loaded after net.eth0 service even with

Re: [gentoo-user] iptables wiki page questions

On 2020-08-14 22:17- Grant Edwards wrote: > […] > ### "rc-service iptables" vs. "/etc/init.d/iptables" rc-service runs the same service scripts that are in /etc/init.d/, so it's the same. However the manpage of rc-service(8) mentions that “Service scripts could be in different places on

Re: [gentoo-user] iptables-1.8.1 build failure

On Wednesday, 24 October 2018 15:30:06 BST Peter Humphrey wrote: > On Wednesday, 24 October 2018 12:52:24 BST Neil Bothwick wrote: > > On Wed, 24 Oct 2018 10:29:03 +0100, Peter Humphrey wrote: > > > Today's update of iptables to 1.8.1 failed here because I didn't have > > > USE=nftables set. After

Re: [gentoo-user] iptables-1.8.1 build failure

On Wednesday, 24 October 2018 12:52:24 BST Neil Bothwick wrote: > On Wed, 24 Oct 2018 10:29:03 +0100, Peter Humphrey wrote: > > Today's update of iptables to 1.8.1 failed here because I didn't have > > USE=nftables set. After setting that in package.use it was fine. Before > > I submit a bug

Re: [gentoo-user] iptables-1.8.1 build failure

On Wed, 24 Oct 2018 10:29:03 +0100, Peter Humphrey wrote: > Today's update of iptables to 1.8.1 failed here because I didn't have > USE=nftables set. After setting that in package.use it was fine. Before > I submit a bug report, though, I'd like to understand one thing: > > $ grep nftables

Re: [gentoo-user] IPTABLES

"siefke_lis...@web.de" writes: > Hello, > > i try to run iptables, block bad ips and close the system. > > I want run firewall which block all INPUT, only ALLOW services i defined. > Ipset want to use to block spam ips, make it sure awesome as ever set rules > manuell.

Re: [gentoo-user] IPTABLES

Hello, On Thu, 24 Dec 2015 15:11:55 +0300 Andrew Savchenko wrote: > ... > It is a bit old and isn't an ultimate description of all > iptables features (you have manuals for that), but will give you a > good understanding of how packet flow works and how they should be >

Re: [gentoo-user] IPTABLES

Hi, On Tue, 22 Dec 2015 22:45:12 +0100 siefke_lis...@web.de wrote: > i try to run iptables, block bad ips and close the system. > > I want run firewall which block all INPUT, only ALLOW services i defined. > Ipset want to use to block spam ips, make it sure awesome as ever set rules > manuell.

Re: [gentoo-user] iptables tunneling a chrooted Linux?

On Sat, Aug 15, 2015 at 2:53 AM, Andrew Savchenko birc...@gentoo.org wrote: On Sat, 15 Aug 2015 06:53:30 +0200 meino.cra...@gmx.de wrote: on my Android tablet I have installed a Gentoo rootfs. I can start this by chgrooting it after Android has booted. Via xvnc I can connect from a running

Re: [gentoo-user] iptables tunneling a chrooted Linux?

Hi, On Sat, 15 Aug 2015 06:53:30 +0200 meino.cra...@gmx.de wrote: on my Android tablet I have installed a Gentoo rootfs. I can start this by chgrooting it after Android has booted. Via xvnc I can connect from a running Android to the also running Gentoo Linux. If I set up a firewall as root

Re: [gentoo-user] iptables tunneling a chrooted Linux?

Rich Freeman ri...@gentoo.org [15-08-15 13:04]: On Sat, Aug 15, 2015 at 2:53 AM, Andrew Savchenko birc...@gentoo.org wrote: On Sat, 15 Aug 2015 06:53:30 +0200 meino.cra...@gmx.de wrote: on my Android tablet I have installed a Gentoo rootfs. I can start this by chgrooting it after Android

Re: [gentoo-user] iptables tunneling a chrooted Linux?

On Sat, Aug 15, 2015 at 7:45 AM, meino.cra...@gmx.de wrote: Last chance: Installing a fully functional chrooted Linux, setup some handcrafted iptables/ipset/sidmat stuff (which I still have to do) and...get a Yes, network is shared on kernel level as answer from this thread. :) And I got

Re: [gentoo-user] IPTables question... simple as possible for starters

On Dec 30, 2013 7:31 PM, shawn wilson ag4ve...@gmail.com wrote: Minor additions to what Pandu said... On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan pa...@poluan.info wrote: On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl tansta...@libertytrek.org wrote: The numbers within [brackets] are

Re: [gentoo-user] IPTables question... simple as possible for starters

On Tue, Dec 31, 2013 at 9:08 AM, Pandu Poluan pa...@poluan.info wrote: On Dec 30, 2013 7:31 PM, shawn wilson ag4ve...@gmail.com wrote: Minor additions to what Pandu said... On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan pa...@poluan.info wrote: On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl

Re: [gentoo-user] IPTables question... simple as possible for starters

On 2013-12-29 1:39 PM, shawn wilson ag4ve...@gmail.com wrote: On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl tansta...@libertytrek.org wrote: Hi all, Ok, I'm setting up a new server, and I'd like to rethink my iptables rules. I'd like to start with something fairly simple: 1. Allow connections

Re: [gentoo-user] IPTables question... simple as possible for starters

On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl tansta...@libertytrek.org wrote: [-- LE SNIP --] Ok, well, maybe I should have posted my entire ruleset... I have this above where I define my chains: # *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] # Does it matter where

Re: [gentoo-user] IPTables question... simple as possible for starters

Minor additions to what Pandu said... On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan pa...@poluan.info wrote: On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl tansta...@libertytrek.org wrote: The numbers within [brackets] are statistics/countes. Just replace them with [0:0], unless you really really

Re: [gentoo-user] IPTables question... simple as possible for starters

On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl tansta...@libertytrek.org wrote: Hi all, Ok, I'm setting up a new server, and I'd like to rethink my iptables rules. I'd like to start with something fairly simple: 1. Allow connections from anywhere ONLY to certain ports ie, for encrypted

[gentoo-user] Re: [gentoo-user] IPTables - Going Stateless

Вторник, 21 мая 2013, 11:07 -04:00 от Nick Khamis sym...@gmail.com: Hello Everyone, We recently moved our stateful firewall inside, and would like to strip down the firewall at our router connected to the outside world. The problem I am experiencing is getting things to work properly

Re: [gentoo-user] Re: [gentoo-user] IPTables - Going Stateless

Looks like the packet never gets to the tcp chain. what is --syn? It seems that way I am not sure what --syn is actually. But even if I comment it out it does not work. Also, for testing I changed the SSH rule to allow bidirectional traffic until this is fixed: -A TCP -p tcp -m tcp --dport

Re: [gentoo-user] IPTables - Going Stateless

On 21/05/2013 17:07, Nick Khamis wrote: Hello Everyone, We recently moved our stateful firewall inside, and would like to strip down the firewall at our router connected to the outside world. The problem I am experiencing is getting things to work properly without connection tracking. Now

Re: [gentoo-user] IPTables - Going Stateless

Hello Everyone, Thank you so much for your responses. I agree Alan, total pain in the neck!!! But it's a ticket that was passed down to me. We moved the stateful firewalls inside the network, broken down to each department. But as a first on site defense on our BGP router running Quagga, we only

Re: [gentoo-user] iptables (not) started?

On Friday 29 Mar 2013 18:25:11 Jarry wrote: Hi Gentoo-users, I noticed one thing on my server: during boot-up no message about firewall being started is printed on console. I always have to check manually if iptables-rules have been loaded. Strange thing, when doing shutdown, I see messages

Re: [gentoo-user] iptables (not) started?

On 29-Mar-13 19:43, Mick wrote: On Friday 29 Mar 2013 18:25:11 Jarry wrote: Hi Gentoo-users, I noticed one thing on my server: during boot-up no message about firewall being started is printed on console. I always have to check manually if iptables-rules have been loaded. Strange thing, when

Re: [gentoo-user] iptables (not) started?

On Mar 30, 2013 1:27 AM, Jarry mr.ja...@gmail.com wrote: Hi Gentoo-users, I noticed one thing on my server: during boot-up no message about firewall being started is printed on console. I always have to check manually if iptables-rules have been loaded. Strange thing, when doing shutdown, I

Re: [gentoo-user] iptables (not) started?

On Friday 29 Mar 2013 19:03:57 Jarry wrote: On 29-Mar-13 19:43, Mick wrote: On Friday 29 Mar 2013 18:25:11 Jarry wrote: Hi Gentoo-users, I noticed one thing on my server: during boot-up no message about firewall being started is printed on console. I always have to check manually if

Re: [gentoo-user] iptables (not) started?

On Friday 29 Mar 2013 19:34:39 Mick wrote: On Friday 29 Mar 2013 19:03:57 Jarry wrote: On 29-Mar-13 19:43, Mick wrote: On Friday 29 Mar 2013 18:25:11 Jarry wrote: Hi Gentoo-users, I noticed one thing on my server: during boot-up no message about firewall being started is printed

Re: [gentoo-user] iptables (not) started?

On Fri, 29 Mar 2013 19:44:14 +, Mick wrote: Why do wikis and the like suggest that iptables should be in default rather than boot runlevel? Why not? There's no need to start it especially early, as long as it is running before the network comes up, and the init script takes care of that.

Re: [gentoo-user] iptables (not) started?

On Friday 29 Mar 2013 20:37:20 Neil Bothwick wrote: On Fri, 29 Mar 2013 19:44:14 +, Mick wrote: Why do wikis and the like suggest that iptables should be in default rather than boot runlevel? Why not? There's no need to start it especially early, as long as it is running before the

Re: [gentoo-user] iptables (not) started?

On Fri, 29 Mar 2013 23:29:39 +, Mick wrote: Why do wikis and the like suggest that iptables should be in default rather than boot runlevel? Why not? There's no need to start it especially early, as long as it is running before the network comes up, and the init script takes

Re: [gentoo-user] IPTABLES syntax change?

On Sat, Jan 05, 2013 at 11:57:10AM +, Mick wrote It will, but only partially. It seems that the list is long and it is getting longer and longer! Check this out: whois -h whois.radb.net -- '-i origin AS32934' | grep ^route (as advised by

Re: [gentoo-user] IPTABLES syntax change?

On Wed, Jan 02, 2013 at 11:32:58PM -0500, Michael Orlitzky wrote On 12/30/2012 10:21 PM, Walter Dnes wrote: [0:0] -A FECESBOOK -j LOG --log-prefix FECESBOOK: --log-level 6 [0:0] -A FECESBOOK -j DROP [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT [0:0] -A INPUT -s 169.254.0.0/16 -i

Re: [gentoo-user] IPTABLES syntax change?

On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes waltd...@waltdnes.org wrote: On Wed, Jan 02, 2013 at 11:32:58PM -0500, Michael Orlitzky wrote On 12/30/2012 10:21 PM, Walter Dnes wrote: [0:0] -A FECESBOOK -j LOG --log-prefix FECESBOOK: --log-level 6 [0:0] -A FECESBOOK -j DROP [0:0] -A INPUT -s

Re: [gentoo-user] IPTABLES syntax change?

On Fri, Jan 04, 2013 at 03:27:59PM -0500, Michael Mol wrote On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes waltd...@waltdnes.org wrote: The mere fact that you haven't manually typed in... http://www.facebook.com/blah_blah_blah does not mean you're not connecting to it. But all that's

Re: [gentoo-user] IPTABLES syntax change?

On Jan 4, 2013 8:33 PM, Walter Dnes waltd...@waltdnes.org wrote: On Fri, Jan 04, 2013 at 03:27:59PM -0500, Michael Mol wrote On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes waltd...@waltdnes.org wrote: The mere fact that you haven't manually typed in...

Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?

On 2013-01-02 7:14 PM, Mick michaelkintz...@gmail.com wrote: On Wednesday 02 Jan 2013 19:47:11 Tanstaafl wrote: Oh, ok - so, if I don't have any rules that use the 'mangle' command, then I can safely remove mangle support from my kernel and lose the mangle table altogether? Yes, I would

Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?

On 01/02/13 08:38, Tanstaafl wrote: Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but nothing that really explains what this table is or does, and when or why I would

Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?

On Wednesday 02 Jan 2013 13:38:27 Tanstaafl wrote: Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but nothing that really explains what this table is or does, and when

Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?

On 2013-01-02 2:01 PM, Mick michaelkintz...@gmail.com wrote: If you have a look at 'man iptables-extensions' it gives some examples of using -t mangle. I haven't looked in Google recently, but there should be some examples there too. Oh, ok - so, if I don't have any rules that use the

Re: [gentoo-user] IPTABLES syntax change?

On 12/30/12 22:21, Walter Dnes wrote: OK, here is version 2. I had an excellent adventure along the way. I'm doing the upgrade on our servers right now, and there's another possible gotcha: the newer iptables (requiring conntrack) requires NETFILTER_XT_MATCH_CONNTRACK support in the kernel.

Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?

On Wednesday 02 Jan 2013 19:47:11 Tanstaafl wrote: On 2013-01-02 2:01 PM, Mick michaelkintz...@gmail.com wrote: If you have a look at 'man iptables-extensions' it gives some examples of using -t mangle. I haven't looked in Google recently, but there should be some examples there too.

Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?

On Jan 3, 2013 1:57 AM, Michael Orlitzky mich...@orlitzky.com wrote: On 01/02/13 08:38, Tanstaafl wrote: Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but

Re: [gentoo-user] IPTABLES syntax change?

On Jan 3, 2013 4:40 AM, Michael Orlitzky mich...@orlitzky.com wrote: On 12/30/12 22:21, Walter Dnes wrote: OK, here is version 2. I had an excellent adventure along the way. I'm doing the upgrade on our servers right now, and there's another possible gotcha: the newer iptables

Re: [gentoo-user] IPTABLES syntax change?

On 12/30/2012 10:21 PM, Walter Dnes wrote: [0:0] -A FECESBOOK -j LOG --log-prefix FECESBOOK: --log-level 6 [0:0] -A FECESBOOK -j DROP [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT [0:0] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -m

Re: [gentoo-user] IPTABLES syntax change?

On 12/29/2012 01:32 PM, Walter Dnes wrote: Two questions I'm not sure about. 1) I run a desktop, and use passive ftp. Is there any need for me to accept RELATED packets? Probably not, I think the server needs it though. 2) Does a -j LOG return to the chain it was called from, or does

Re: [gentoo-user] IPTABLES syntax change?

2) Does a -j LOG return to the chain it was called from, or does it do an implicit DROP? It returns to spot where it was called from. Yep, so you could create a new chain to drop and log; /sbin/iptables -N logdrop /sbin/iptables -A logdrop -j LOG --log-prefix 'DROP ' /sbin/iptables -A

Re: [gentoo-user] IPTABLES syntax change?

OK, here is version 2. I had an excellent adventure along the way. * At the very last line (COMMIT), iptables-restore said it failed, but no clue whatsoever as to why. * I copied the rules file to a scratch-file, and converted it to a bash script that called iptables each time. * This

Re: [gentoo-user] IPTABLES syntax change?

Two questions I'm not sure about. 1) I run a desktop, and use passive ftp. Is there any need for me to accept RELATED packets? 2) Does a -j LOG return to the chain it was called from, or does it do an implicit DROP? -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I

Re: [gentoo-user] IPTABLES syntax change?

On 29-Dec-12 19:32, Walter Dnes wrote: 1) I run a desktop, and use passive ftp. Is there any need for me to accept RELATED packets? No, but you must take care of related connections. Even passive ftp opens command (1023 - 21) and data (1023 - 1023) channel. BTW, icmp-error (i.e. host

Re: [gentoo-user] IPTABLES syntax change?

On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote On 12/27/2012 10:59 PM, Walter Dnes wrote: Here's my revised Paranoia Plus ruleset. Any comments? Because I'm behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. However, I do have a backup dialup

Re: [gentoo-user] IPTABLES syntax change?

Walter Dnes wrote: On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote On 12/27/2012 10:59 PM, Walter Dnes wrote: Here's my revised Paranoia Plus ruleset. Any comments? Because I'm behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. However, I do have a

Re: [gentoo-user] IPTABLES syntax change?

Michael Orlitzky mich...@orlitzky.com writes: The 'conntrack' module is supposed to be a superset of 'state', so most things should be compatible. You really have two warnings there; the first is for the state - conntrack switch, and the second is because you're missing the --state flag in

Re: [gentoo-user] IPTABLES syntax change?

On 12/27/12 06:28, Graham Murray wrote: Michael Orlitzky mich...@orlitzky.com writes: The 'conntrack' module is supposed to be a superset of 'state', so most things should be compatible. You really have two warnings there; the first is for the state - conntrack switch, and the second is

Re: [gentoo-user] IPTABLES syntax change?

Michael Orlitzky wrote: My first -m state rule is, iptables -A INPUT -p ALL -m state \ --state ESTABLISHED,RELATED -j ACCEPT That was mine, too (you can omit -p in this case, can't you?). And if what you say is true, I'd be in deep shit if it reset to, iptables -A INPUT -p ALL -m

Re: [gentoo-user] IPTABLES syntax change?

On 12/27/12 12:52, Matthias Hanft wrote: Michael Orlitzky wrote: My first -m state rule is, iptables -A INPUT -p ALL -m state \ --state ESTABLISHED,RELATED -j ACCEPT That was mine, too (you can omit -p in this case, can't you?). Yeah, it just makes the indentation line up in my

Re: [gentoo-user] IPTABLES syntax change?

On Thu, Dec 27, 2012 at 11:28:15AM +, Graham Murray wrote The problem is not really the OP's fault. The problem is that if you have tables with the form -m state --state XXX at the point you upgrade, iptables-save (quite possibly called automatically by /etc/init.d/iptables stop) will

Re: [gentoo-user] IPTABLES syntax change?

On 12/27/2012 06:11 PM, Walter Dnes wrote: On Thu, Dec 27, 2012 at 11:28:15AM +, Graham Murray wrote The problem is not really the OP's fault. The problem is that if you have tables with the form -m state --state XXX at the point you upgrade, iptables-save (quite possibly called

Re: [gentoo-user] IPTABLES syntax change?

On Thu, Dec 27, 2012 at 06:50:07PM -0500, Michael Orlitzky wrote Once you've upgraded, you should be able to add all of your old --state rules normally, albeit with a warning. The new iptables will translate them to conntrack rules, and you can `/etc/init.d/iptables save` the result. The

Re: [gentoo-user] IPTABLES syntax change?

On 12/27/2012 10:59 PM, Walter Dnes wrote: Here's my revised Paranoia Plus ruleset. Any comments? Because I'm behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. However, I do have a backup dialup connection in case of problems, so most of my rules don't specify the

Re: [gentoo-user] IPTABLES syntax change?

I'm sure I made more than one typo, but the ALLOWED_ICMP below definitely needs a dollar sign. for ok_icmp in ALLOWED_ICMP; do iptables -A ICMP_IN -p icmp --icmp-type ${ok_icmp} -j ACCEPT done

Re: [gentoo-user] IPTABLES syntax change?

On 12/26/2012 07:47 PM, Walter Dnes wrote: Many years ago, I understood IPCHAINS, and the first versions of IPTABLES. However, IPTABLES has followed the example of Larry Wall's Practical Extraction and Reporting Language and turned into a pseudo-OS that I barely comprehend. Some rules

Re: [gentoo-user] iptables question...

On 12/16/11 22:17, Tanstaafl wrote: Hi all, I was reading up on some iptables rules in the gentoo security handbook: http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1chap=12style=printable It mentions DROPing packets with an INVALID state. It sounded/sounds like a good

Re: [gentoo-user] iptables question...

On 2011-12-17 11:34 AM, Hari Purnama h...@mapits.com wrote: Did you put the log-prefix rule before or after the LOG rule? After - the log prefix rule is last... Or why didn't you put it in a 1liner, say: -A INPUT -i eth0 -m state --state INVALID -j LOG --log-level 7 --log-prefix (fw-drop):

Re: [gentoo-user] iptables: how can I include multiple hosts/IPs in -s and -d?

Hi, you can define a rule like that: iptables -A FORWARD -s 192.168.235.43,192.168.235.46 -d 10.0.0.1,192.168.0.1 -j ACCEPT it will create 4 rules. be sure to activate Networking support-Networking options-Network packet filtering framework-Core Netfilter Configuration-iprange address range

Re: [gentoo-user] iptables: how can I include multiple hosts/IPs in -s and -d?

On Mon, 2010-04-05 at 19:32 +0200, Jarry wrote: Hi I'd like to ask if there is some way to include multiple discrete hosts/IP's in --source and --destination options of iptables. I'm trying to write firewall rules for my server, but it has 12 IP's from different segments (and maybe it

Re: [gentoo-user] iptables: how can I include multiple hosts/IPs in -s and -d?

Jarry writes: I'd like to ask if there is some way to include multiple discrete hosts/IP's in --source and --destination options of iptables. I'm trying to write firewall rules for my server, but it has 12 IP's from different segments (and maybe it gets a few more later), and the script

Re: [gentoo-user] iptables firewall script

2009/7/17 Dave dave.meh...@gmail.com: Hello,        Can anyone good with iptables give this script a once over? It is working, but in a very inconsistent manner, sometimes it lets traffic in, other times not. Two things it does not have are dhcp rules as this box gets it's address via dhcp

Re: [gentoo-user] iptables

Hi Dave, this one is rather informative: http://www.novell.com/coolsolutions/feature/18139.html Also, this one from gentoo (although for 2.4) is worth reading: http://www.gentoo.org/doc/en/articles/linux-24-stateful-fw-design.xml HTH! -- Regards, Marco On Thu, Jul 16, 2009 at 5:32 AM,

Re: [gentoo-user] iptables

Maybe this thread could be helpful as well: http://marc.info/?l=gentoo-userm=124058693215810w=2 -- Regards, Marco On Thu, Jul 16, 2009 at 10:41 AM, Marcolistwo...@gmail.com wrote: Hi Dave, this one is rather informative: http://www.novell.com/coolsolutions/feature/18139.html Also, this

Re: [gentoo-user] iptables

2009/7/16 Marco listwo...@gmail.com Maybe this thread could be helpful as well: http://marc.info/?l=gentoo-userm=124058693215810w=2 -- Regards, Marco On Thu, Jul 16, 2009 at 10:41 AM, Marcolistwo...@gmail.com wrote: Hi Dave, this one is rather informative:

Re: [gentoo-user] iptables

Alejandro wrote: On Thu, Jul 16, 2009 at 5:32 AM, Davedave.meh...@gmail.com mailto:dave.meh...@gmail.com wrote: Hello, I'm looking for a guide for iptables specifically for gentoo 2.6. I was also wondering if anyone was using apf Advanced

Re: [gentoo-user] iptables configuration problem

Chuanwen Wu wrote: I have tried set all the gw in my subnet to 192.168.1.254 or 192.168.1.1. Is't all right? I don't know, it depends on what's your gw's IP is. Let's say you have this setup: GW: 192.168.1.1 Other PCs are: 192.168.1.2... 192.168.1.3... and so on. On the GW you need:

Re: [gentoo-user] iptables configuration problem

2007/5/14, Norberto Bensa [EMAIL PROTECTED]: Chuanwen Wu wrote: I have tried set all the gw in my subnet to 192.168.1.254 or 192.168.1.1. Is't all right? I don't know, it depends on what's your gw's IP is. Let's say you have this setup: GW: 192.168.1.1 Other PCs are: 192.168.1.2...

Re: [gentoo-user] iptables configuration problem

On Mon, May 14, 2007 8:23 am, Chuanwen Wu wrote: Thank you!I think i have done what you meant. Here is the information: /etc/conf.d/net in the server config_eth0=( 202.114.10.134 netmask 255.255.255.0 brd 202.114.10.255 ) routes_eth0=( default gw 202.114.10.129 ) OK config_eth1=(

Re: [gentoo-user] iptables configuration problem

Greetings all. Hope the weather in bejing is pleasant, Mr Wu. On Mon, 14 May 2007 11:58:34 -0300 (ART) Norberto Bensa [EMAIL PROTECTED] wrote: On Mon, May 14, 2007 8:23 am, Chuanwen Wu wrote: Thank you!I think i have done what you meant. Here is the information: /etc/conf.d/net in

Re: [gentoo-user] iptables configuration problem

Thank Norberto and Dan Farrell!I think i had a misunderstand and made some mistakes.I hope I have correct it now. /etc/conf.d/net in the server config_eth0=( 202.114.10.134 netmask 255.255.255.0 brd 202.114.10.255 ) routes_eth0=( default gw 202.114.10.129 ) config_eth1=( 192.168.1.1 netmask

Re: [gentoo-user] iptables configuration problem

On Tue, 15 May 2007 10:35:38 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: Does it mean that eth1(the interface in my subnet) receive the request but don't post forward it? Perhaps you should attach the output of iptables -t nat -L -v; iptables -L -v; so I can see the rules... while you're at it,

Re: [gentoo-user] iptables configuration problem

2007/5/15, Dan Farrell [EMAIL PROTECTED]: On Tue, 15 May 2007 10:35:38 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: Does it mean that eth1(the interface in my subnet) receive the request but don't post forward it? Perhaps you should attach the output of iptables -t nat -L -v; iptables -L -v;

Re: [gentoo-user] iptables configuration problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Wu, Instead of the commands you posted, you should use echo 1 /proc/sys/net/ipv4/ip_forward iptables --table nat -A POSTROUTING -s 192.168.8.0/24 -j MASQUERADE Long explanation: The first command enables the kernel to _forward_ packets from

Re: [gentoo-user] iptables configuration problem

2007/5/13, Fabio A Correa [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Wu, Instead of the commands you posted, you should use echo 1 /proc/sys/net/ipv4/ip_forward iptables --table nat -A POSTROUTING -s 192.168.8.0/24 -j MASQUERADE I have tried.But still not work.

Re: [gentoo-user] iptables configuration problem

Chuanwen Wu wrote: Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 192.168.1.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination

Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 - 2.6.20-r6) SOLVED

On Saturday 21 April 2007 20:34, Mark Shields wrote: On 4/21/07, Dan Johansson [EMAIL PROTECTED] wrote: On Saturday 21 April 2007 15:53, Uwe Thiem wrote: On 21 April 2007, Dan Johansson wrote: After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my firewall won't start

Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 - 2.6.20-r6)

On 21 April 2007, Dan Johansson wrote: After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my firewall won't start (shorewall). The here's the error: iptables: Invalid argument ERROR: Command /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT Failed

Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 - 2.6.20-r6)

On Saturday 21 April 2007 15:53, Uwe Thiem wrote: On 21 April 2007, Dan Johansson wrote: After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my firewall won't start (shorewall). The here's the error: iptables: Invalid argument ERROR: Command /sbin/iptables -A FORWARD

Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 - 2.6.20-r6)

On 4/21/07, Dan Johansson [EMAIL PROTECTED] wrote: On Saturday 21 April 2007 15:53, Uwe Thiem wrote: On 21 April 2007, Dan Johansson wrote: After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my firewall won't start (shorewall). The here's the error: iptables: Invalid

Re: [gentoo-user] IPtables question

Dnia środa, 31 stycznia 2007, James Colby napisał: I have a small home server that I have connected to the internet through a linksys router and cable modem. The linksys router is currently forwarding all ssh traffic to my gentoo box. What I would ^ Take note, that

Re: [gentoo-user] IPtables question

Hi, On Fri, 2 Feb 2007 09:45:53 +0100 Pawel Kraszewski [EMAIL PROTECTED] wrote: Dnia środa, 31 stycznia 2007, James Colby napisał: I have a small home server that I have connected to the internet through a linksys router and cable modem. The linksys router is currently forwarding all

Re: [gentoo-user] IPtables question

Dnia piątek, 2 lutego 2007, Hans-Werner Hilse napisał: Nope, just the target Adress is rewritten (by routing). DNAT is Destination NAT! I.e. the target IP of the packet is rewritten. Since the Linksys is the default gateway, packets can keep their source IP address. Of course, the source MAC

Re: [gentoo-user] IPtables question

On Wednesday 31 January 2007 20:56, Albert Hopkins wrote: On Wed, 2007-01-31 at 15:36 -0500, James Colby wrote: List members - I have a small home server that I have connected to the internet through a linksys router and cable modem. The linksys router is currently forwarding all ssh

Re: [gentoo-user] IPtables question

James Colby wrote: currently forwarding all ssh traffic to my gentoo box. What I would like to do is set up iptables to only allow ssh logins from a small number of internet hosts, iptables -A INPUT -s ip-address-of-know-host --dport 22 -j ACCEPT and to reject and log all other ssh

Re: [gentoo-user] Iptables

On Thursday 18 January 2007 17:58, Fabrício L. Ribeiro wrote: How can I install and run iptables (with conntrack and all other modules) in a Gentoo 2006.1 box with kernel generated by genkernel? I tried emerge iptables, but when I type iptables -F I get something like this: FATAL: Module

Re: [gentoo-user] Iptables

Alan IPTables support must be compiled into the kernel. I am not in front of my gentoo system so cannot help you find the location in make menuconfig but if you poke around you should be able to locate it. Pete On 1/19/07, Alan McKinnon [EMAIL PROTECTED] wrote: On Thursday 18 January 2007

Re: [gentoo-user] Iptables

People, The response is in Nelson's mail. Thanks Nelson and thanks to all. On 1/19/07, Pete Pardoe [EMAIL PROTECTED] wrote: Alan IPTables support must be compiled into the kernel. I am not in front of my gentoo system so cannot help you find the location in make menuconfig but if you poke

Re: [gentoo-user] Iptables

How can I install and run iptables (with conntrack and all other modules) in a Gentoo 2006.1 box with kernel generated by genkernel? I tried emerge iptables, but when I type iptables -F I get something like this: FATAL: Module ip_tables not found. iptables v1.3.5: can't initialize iptables

RE: [gentoo-user] Iptables

-Original Message- From: Fabrício L. Ribeiro [mailto:[EMAIL PROTECTED] Sent: 18 January 2007 15:59 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Iptables How can I install and run iptables (with conntrack and all other modules) in a Gentoo 2006.1 box with kernel generated by

Re: [gentoo-user] iptables error

On Wed, 8 Nov 2006 10:19:10 -0700 Richard Fish wrote: On 11/8/06, Arnau Bria [EMAIL PROTECTED] wrote: I'd suggest you make a copy of this file and try to identify which rule from this file is causing the error. It is a plain text file, so you can comment out (with '#' characters) various

Re: [gentoo-user] iptables error

On Thu, 9 Nov 2006 08:40:12 -0800 Tim Garton wrote: xt_multiport Oh! I've not looked for the solution yet :-( Thanks a lot! that solved my problem! -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas

Re: [gentoo-user] iptables error

Hi, On Wed, 8 Nov 2006 16:29:45 +0100 Arnau Bria [EMAIL PROTECTED] wrote: I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop working. As iptables is very depending on the kernel's API, did you - change kernel configuration? - try re-emerging iptables? -hwh --

Re: [gentoo-user] iptables error

Perhaps try these modules as well?gentoo sbin # lsmodModule Size Used byxt_tcpudp 7936 1 iptable_nat 10756 1 ip_nat 21292 1 iptable_nat ip_conntrack 51332 2 iptable_nat,ip_natiptable_filter 7296 0 ip_tables 22760 2 iptable_nat,iptable_filterx_tables 18568 3 xt_tcpudp,iptable_nat,ip_tables TimOn

Re: [gentoo-user] iptables error

On Wed, 8 Nov 2006 17:16:20 +0100 Hans-Werner Hilse wrote: Hi, On Wed, 8 Nov 2006 16:29:45 +0100 Arnau Bria [EMAIL PROTECTED] wrote: I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop working. As iptables is very depending on the kernel's API, did you - change

  1   2   >