did you try running it with the fixed /proc/sys/net/ipv4/ip_forward instead of /proc/sys/net/upv4/ip_forward?
On Thu, Jun 19, 2003 at 05:12:57PM +0800, Gerald Abrigo wrote (wyy sez): > > Thanks for some advice, I already did running or issuing the command one by > one but theres no problem occur. After running it one by one, I restart > network service and try those pc behind firewall to connect the internet but > those machine failed to download any site.(workstations are configured > correctly). > > " different versions of the iptables tools and the module resolution is > different for both. " > > If this statement is the possible cause, please give me some steps to > resolve or to do this. > > Again thank you very much. > > > Message: 2 > Date: Thu, 19 Jun 2003 13:00:20 +0800 > From: "Horatio B. Bogbindero" <[EMAIL PROTECTED]> > Subject: Re: [plug] IPtables > To: Philippine Linux Users Group Mailing List <[EMAIL PROTECTED]> > Cc: 'PH-Linux-Newbie' <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > > try running it one command at a time. this way you can determine which line > has problems. > > it maybe not necessary be kernel problem. it maybe that you are using > different versions of the iptables tools and the module resolution is > different for both. > > good luck! > > On Wed, Jun 18, 2003 at 11:17:28AM +0800, Gerald Abrigo wrote (wyy sez): > > Hello everyone > > > > I know anybody can answer my probs regarding scripts on IPtables. > > Im running RH9 kernel 2.4.20-8.IPTABLES is enable, Network service is > > running but when I issue sh command or run this script manually, the > system > > display an error message = > > > > no such file or directory /proc/sys/net/upv4/ip_forward > > iptables: Bad Policy Name > > and so on....... > > > > heres the script: > > > > #!/bin/sh > > IPTABLES=/sbin/iptables > > #Enable forwarding > > echo "1" > /proc/sys/net/ipv4/ip_forward > > $IPTABLES -P INPUT ACCEPT > > $IPTABLES -F INPUT > > #The following three lines are not necessary for NAT, but provide some > > security > > #by blocking any connections from being initiated from outside the > network. > > $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > $IPTABLES -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT > > $IPTABLES -A INPUT -j DROP > > $IPTABLES -P OUTPUT ACCEPT > > $IPTABLES -F OUTPUT > > $IPTABLES -P FORWARD DROP > > $IPTABLES -F FORWARD > > $IPTABLES -t nat -F > > $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED > -j > > ACCEPT > > $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT > > $IPTABLES -A FORWARD -j LOG > > $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > > I also try this script at home using RH 7.3 but it runs smoothly > > Is this error have something to do with my kernel? > > > > Thanks to all > > > > > > > -- > > Philippine Linux Users' Group (PLUG) Mailing List > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > Official Website: http://plug.linux.org.ph > > Searchable Archives: http://marc.free.net.ph > > . > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > . > > Are you a Linux newbie? To join the newbie list, go to > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > -- > > ------------------------------------------- > William Emmanuel S. Yu > Ateneo Campus Network Group (AteneoCNG) > email : wyy at admu dot edu dot ph > web : http://CNG.ateneo.net/wyu/ > phone : +63(2)4266001-4186 > GPG : http://CNG.ateneo.net/wyu/wyy.pgp > > War spares not the brave, but the cowardly. > -- Anacreon > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 232 bytes > Desc: not available > Url : > http://mail.q-linux.com/pipermail/plug/attachments/20030619/e726eff0/attachm > ent-0001.bin > > ------------------------------ > > Message: 3 > Date: Thu, 19 Jun 2003 14:12:27 +0000 > From: "Kelsey Hartigan Go" <[EMAIL PROTECTED]> > Subject: Re: [plug] misc processes > To: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII > > ncsd -- I have a feeling the system has been hacked through > bind ...and ncsd corrupted. > > > On 18 Jun 03 at 14:20, Rick Moen wrote: > > > Quoting Maria Aurora de la Vega ([EMAIL PROTECTED]): > > > > > > > Date: Tue, 18 Jun 2002 21:07:40 +0800 > > ^^^^ > > > > Would you like to buy some stock tips? > > > > > we need to take off a few processes from our server > > > we'd like to know what the following processes are for... > > > and if we really need them hanging around... > > > > > > bin 208 1 0 12:41 ? 00:00:00 /sbin/portmap > > > root 226 1 0 12:41 ? 00:00:00 /usr/sbin/syslogd > > > root 230 1 0 12:41 ? 00:00:00 /usr/sbin/klogd -c 1 > > > root 451 1 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 453 451 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 454 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 455 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 456 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 457 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 458 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > root 505 1 0 12:41 tty1 00:00:00 /sbin/mingetty --noclear > > > tty1 > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > root 508 1 0 12:41 tty4 00:00:00 /sbin/mingetty tty4 > > > root 509 1 0 12:41 tty5 00:00:00 /sbin/mingetty tty5 > > > root 510 1 0 12:41 tty6 00:00:00 /sbin/mingetty tty6 > > > root 558 511 0 12:50 ? 00:00:10 kwm > > > root 644 1 0 12:50 ? 00:00:00 kfm > > > root 647 1 0 12:50 ? 00:00:00 krootwm > > > root 653 1 0 12:50 ? 00:00:00 kbgndwm > > > root 654 1 0 12:50 ? 00:00:00 kpanel > > > > > > OK, here goes: > > > > "nscd" is the glibc nameservice caching daemon, used almost entirely in > > NIS-based networks to ease network performance problems on account of > > the nameservice overhead. Unless you're running a very > > performance-sapping network nameservice such as NIS, NIS+, or LDAP, you > > should turn this _off_. > > > > Even if you elect to leave it turned on, you should disable its caching > > of DNS information, because it has a habit of caching DNS data past its > > time-to-live expiration. > > > > "portmap" is the Sun Microsystems RPC portmapper, a network service used > > primarily as a transport for NIS and NFS on the server end (only). If > > your machine isn't functioning as an NFS or NIS server, then turn it > > off. > > > > "syslogd" and "klogd" are important system logging daemons. Leave them > > on. > > > > "mingetty" (minimum-sized get TTY service) is what provides you with > > your six virtual consoles, the ones you can switch among using > > Ctrl-Alt-F1, Ctrl-Alt-F2, etc. You probably don't need six, and can > > save some RAM by commenting out four of the lines in /etc/inittab, the > > ones that look like this: > > > > 1:2345:respawn:/sbin/getty 38400 tty1 > > 2:23:respawn:/sbin/getty 38400 tty2 > > 3:23:respawn:/sbin/getty 38400 tty3 > > 4:23:respawn:/sbin/getty 38400 tty4 > > 5:23:respawn:/sbin/getty 38400 tty5 > > 6:23:respawn:/sbin/getty 38400 tty6 > > > > Put a "#" character in front of the lines starting with 3 through 6. > > Next time you enter your default runlevel, you'll have only two copies > > of mingetty running. > > > > All those processes at the end of the list starting with "k" are KDE > > pieces. If I were you, I simply wouldn't run those or any X11 stuff on > > a server at all. Change your configuration (using YaST2 or whatever) to > > just not start up XFree86. That will save a whole lot of RAM. > > > > -- > > Cheers, First they came for the verbs, and I said nothing, > for > > Rick Moen verbing weirds language. Then, they arrival for the > nouns > > [EMAIL PROTECTED] and I speech nothing, for I no verbs. - Peter Ellis > > -- > > Philippine Linux Users' Group (PLUG) Mailing List > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > Official Website: http://plug.linux.org.ph > > Searchable Archives: http://marc.free.net.ph > > . > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > . > > Are you a Linux newbie? To join the newbie list, go to > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > > > ------------------------------ > > Message: 4 > Date: Thu, 19 Jun 2003 14:32:25 +0800 > From: -JhAzEr- <[EMAIL PROTECTED]> > Subject: Re: [personal] [plug] misc processes > To: [EMAIL PROTECTED], Philippine Linux Users Group Mailing List > <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: Text/Plain; charset="iso-8859-1" > > On Tuesday 18 June 2002 21:07, Maria Aurora de la Vega wrote: > > Listers, > > > > we need to take off a few processes from our server > > we'd like to know what the following processes are for... > > and if we really need them hanging around... > > <snip> ... > > > What we basically need is a barebone system running only the basics. > > We consume 300MB of RAM after startup...which I think is too much... > > considering we have not started the applications yet. > > OS is Suse 7.0 by the way. > > ;) care for an alternative? try Slackware instead! hehehe > > > -- > -JhAzEr- > > "I use Slackware at home with X and WindowMaker to play music (xmms), watch > > vcd's (xine), learn typing (tuxtype), play games (lbreakout2, raptor, > oilwar, > tux vs clippy, zsnes, etc.) on a 545MB hardisk...running on top of a Linux > Monolithic Kernel 2.4.20 w/ Con Kolivas patch." > > > > > ------------------------------ > > Message: 5 > Date: Thu, 19 Jun 2003 14:38:43 +0800 > From: "Oliver A. Rojo" <[EMAIL PROTECTED]> > Subject: [plug] autofs with ipchains problem > To: <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > I've configured my machine to mount a partition from remote machine using > autofs. I just had a problem on it when i installed ipchain. Everytime I use > to mount the remote machine and access its directory, ipchain rejects my > connection. I added the ff. lines into my ipchain rule > > ipchains -A input -p udp -s <ip of remote machine>/32 -d 0/0 2049 -j ACCEPT > ipchains -A input -p tcp -s <ip of remote machine>/32 -d 0/0 2049 -j ACCEPT > > since nfs is using 2049 port but to no avail... it still didn't work... > > what's wrong with my rule here? Did i missed something? > > Best regards, > > Oliver > > > > > > > > ------------------------------ > > Message: 6 > Date: 19 Jun 2003 15:13:39 +0800 > From: "Gideon N. Guillen" <[EMAIL PROTECTED]> > Subject: Re: [plug] Linus leaves transmeta > To: [EMAIL PROTECTED], Philippine Linux Users Group Mailing List > <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain > > On Thu, 2003-06-19 at 06:15, optimus wrote: > > * o Caldera/SCO's management are delusional and acting against the > > * company interest. > > > > This is more like it: > > > > Caldera/SCO's management strings are currently pulled by Microsoft FUD PR > > machinery. SCO's sounding like Ballmer nowadays. > > Ha! I won't be surprised if some or all $CO's executives gets hired at > M$ when $CO closes down due to the lo$$e$ incurred from their crazy > lawsuits. The fact that one of their lawyers (forgot the name) was also > one of the lawyers for M$ during the anti-trust trials, and M$ getting a > Unix license a few weeks ago is very suspicious. > > -- > ======================================================================= > > Gideon N. Guillen > E-mail: [EMAIL PROTECTED] > > PGP Public Keys: > > DSS/Diffie-Hellman > mailto:[EMAIL PROTECTED] > > RSA Key: > mailto:[EMAIL PROTECTED] > > ======================================================================= > > > ------------------------------ > > Message: 7 > Date: Thu, 19 Jun 2003 16:22:40 +0800 > From: Maria Aurora de la Vega <[EMAIL PROTECTED]> > Subject: Re: [plug] misc processes > To: [EMAIL PROTECTED], Philippine Linux Users Group Mailing List > <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii > > Thanks everyone! > > Kelsey Hartigan Go wrote: > > > ncsd -- I have a feeling the system has been hacked through > > bind ...and ncsd corrupted. > > > > On 18 Jun 03 at 14:20, Rick Moen wrote: > > > > > Quoting Maria Aurora de la Vega ([EMAIL PROTECTED]): > > > > > > > > > > Date: Tue, 18 Jun 2002 21:07:40 +0800 > > > ^^^^ > > > > > > Would you like to buy some stock tips? > > > > > > > we need to take off a few processes from our server > > > > we'd like to know what the following processes are for... > > > > and if we really need them hanging around... > > > > > > > > bin 208 1 0 12:41 ? 00:00:00 /sbin/portmap > > > > root 226 1 0 12:41 ? 00:00:00 /usr/sbin/syslogd > > > > root 230 1 0 12:41 ? 00:00:00 /usr/sbin/klogd -c 1 > > > > root 451 1 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 453 451 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 454 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 455 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 456 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 457 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 458 453 0 12:41 ? 00:00:00 /usr/sbin/nscd > > > > root 505 1 0 12:41 tty1 00:00:00 /sbin/mingetty > --noclear > > > > tty1 > > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > > root 506 1 0 12:41 tty2 00:00:00 /sbin/mingetty tty2 > > > > root 507 1 0 12:41 tty3 00:00:00 /sbin/mingetty tty3 > > > > root 508 1 0 12:41 tty4 00:00:00 /sbin/mingetty tty4 > > > > root 509 1 0 12:41 tty5 00:00:00 /sbin/mingetty tty5 > > > > root 510 1 0 12:41 tty6 00:00:00 /sbin/mingetty tty6 > > > > root 558 511 0 12:50 ? 00:00:10 kwm > > > > root 644 1 0 12:50 ? 00:00:00 kfm > > > > root 647 1 0 12:50 ? 00:00:00 krootwm > > > > root 653 1 0 12:50 ? 00:00:00 kbgndwm > > > > root 654 1 0 12:50 ? 00:00:00 kpanel > > > > > > > > > OK, here goes: > > > > > > "nscd" is the glibc nameservice caching daemon, used almost entirely in > > > NIS-based networks to ease network performance problems on account of > > > the nameservice overhead. Unless you're running a very > > > performance-sapping network nameservice such as NIS, NIS+, or LDAP, you > > > should turn this _off_. > > > > > > Even if you elect to leave it turned on, you should disable its caching > > > of DNS information, because it has a habit of caching DNS data past its > > > time-to-live expiration. > > > > > > "portmap" is the Sun Microsystems RPC portmapper, a network service used > > > primarily as a transport for NIS and NFS on the server end (only). If > > > your machine isn't functioning as an NFS or NIS server, then turn it > > > off. > > > > > > "syslogd" and "klogd" are important system logging daemons. Leave them > > > on. > > > > > > "mingetty" (minimum-sized get TTY service) is what provides you with > > > your six virtual consoles, the ones you can switch among using > > > Ctrl-Alt-F1, Ctrl-Alt-F2, etc. You probably don't need six, and can > > > save some RAM by commenting out four of the lines in /etc/inittab, the > > > ones that look like this: > > > > > > 1:2345:respawn:/sbin/getty 38400 tty1 > > > 2:23:respawn:/sbin/getty 38400 tty2 > > > 3:23:respawn:/sbin/getty 38400 tty3 > > > 4:23:respawn:/sbin/getty 38400 tty4 > > > 5:23:respawn:/sbin/getty 38400 tty5 > > > 6:23:respawn:/sbin/getty 38400 tty6 > > > > > > Put a "#" character in front of the lines starting with 3 through 6. > > > Next time you enter your default runlevel, you'll have only two copies > > > of mingetty running. > > > > > > All those processes at the end of the list starting with "k" are KDE > > > pieces. If I were you, I simply wouldn't run those or any X11 stuff on > > > a server at all. Change your configuration (using YaST2 or whatever) to > > > just not start up XFree86. That will save a whole lot of RAM. > > > > > > -- > > > Cheers, First they came for the verbs, and I said nothing, > for > > > Rick Moen verbing weirds language. Then, they arrival for > the nouns > > > [EMAIL PROTECTED] and I speech nothing, for I no verbs. - Peter Ellis > > > -- > > > Philippine Linux Users' Group (PLUG) Mailing List > > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > > Official Website: http://plug.linux.org.ph > > > Searchable Archives: http://marc.free.net.ph > > > . > > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > > . > > > Are you a Linux newbie? To join the newbie list, go to > > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > > > > > -- > > Philippine Linux Users' Group (PLUG) Mailing List > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > Official Website: http://plug.linux.org.ph > > Searchable Archives: http://marc.free.net.ph > > . > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > . > > Are you a Linux newbie? To join the newbie list, go to > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > ------------------------------ > > Message: 8 > Date: Thu, 19 Jun 2003 16:36:14 +0800 > From: -JhAzEr- <[EMAIL PROTECTED]> > Subject: [plug] ATX Problem > To: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: Text/Plain; charset="us-ascii" > > Is there any way i can boot an atx pc without using the power button? > > > -- > -JhAzEr- > > "I use Slackware at home with X and WindowMaker to play music (xmms), watch > > vcd's (xine), learn typing (tuxtype), play games (lbreakout2, raptor, > oilwar, > tux vs clippy, zsnes, etc.) on a 545MB hardisk...running on top of a Linux > Monolithic Kernel 2.4.20 w/ Con Kolivas patch." > > > > > ------------------------------ > > Message: 9 > Date: Thu, 19 Jun 2003 16:46:08 +0800 > From: "Aris Santillan" <[EMAIL PROTECTED]> > Subject: RE: [plug] ATX Problem > To: "Philippine Linux Users Group Mailing List" > <[EMAIL PROTECTED]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > yes, u can do it directly on the motherboard by touching the pin > where the power button is connected with any conductor / (screw driver) > > -----Original Message----- > From: -JhAzEr- [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 19, 2003 1:36 AM > To: [EMAIL PROTECTED] > Subject: [plug] ATX Problem > > > Is there any way i can boot an atx pc without using the power button? > > > -- > -JhAzEr- > > "I use Slackware at home with X and WindowMaker to play music (xmms), watch > > vcd's (xine), learn typing (tuxtype), play games (lbreakout2, raptor, > oilwar, > tux vs clippy, zsnes, etc.) on a 545MB hardisk...running on top of a Linux > Monolithic Kernel 2.4.20 w/ Con Kolivas patch." > > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > ------------------------------ > > _______________________________________________ > plug mailing list > [EMAIL PROTECTED] > http://lists.q-linux.com/mailman/listinfo/plug > > > End of plug Digest, Vol 1, Issue 2500 > ************************************* > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- ------------------------------------------- William Emmanuel S. Yu Ateneo Campus Network Group (AteneoCNG) email : wyy at admu dot edu dot ph web : http://CNG.ateneo.net/wyu/ phone : +63(2)4266001-4186 GPG : http://CNG.ateneo.net/wyu/wyy.pgp War spares not the brave, but the cowardly. -- Anacreon
pgp00000.pgp
Description: PGP signature
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
