Hi I had this problem and you need to open udp ports 1100 & 1182.
However these ports need to be open on the machine on the machine man is
using msn VOIP.
So for for each user DNAT those ports to their machine.
If you use shorewall
in rules
DNATnet loc:udp1100,1182
That also a
Don't know what port should be open, but
you could find out by using some -j LOG
rules and checking out what port is it that
the other side tries to reach...
El dom, 09-11-2003 a las 23:57, Leonardo Sá escribió:
> I'm currently running a server who shares a adsl connection (masquerade nat)
>
I'm currently running a server who shares a adsl connection (masquerade nat)
without any problems.
But users inside the network are complaining that they can't use msn
messenger's voice chat feature.
I've googled and found out some ports to be open. I opened them but voice
still doesn't seems to w
On Sat, 2003-08-30 at 10:44, Mark Weaver wrote:
> David Guntner wrote:
> > Jack Coates grabbed a keyboard and wrote:
> >
> >>On Fri, 2003-08-29 at 13:51, David Guntner wrote:
> >>
> >>>I'm setting up some iptables rules to block certain kinds of packets on
> >>>my ML 9.1 machine. The man page tal
Bill grabbed a keyboard and wrote:
>
> On Star Date Saturday 30 August 2003 11:17 am, David Guntner sent this
> sub-space message.
>>
>> I am trying to use "-j REJECT" because I want to reject the packet. I
>> also want to log it. However, I see that my problem was that I was
>> trying to do a "-
Good question. Im still trying to see when I get a droped packet form an ip
that I have set to have its packets droped when it trys to connect. Its an
email server that has been sending out those .pif virus files. I get logs
for everything but havnt seen any that say droped. Maybe someone here
Bill grabbed a keyboard and wrote:
>
> You can look on the web for iptables log which is where I found what I
> use.
>
> -A INPUT -i eth0 -p udp -m limit --limit 10/hour -j LOG --log-prefix
> "IPTABLES UDP-IN: "
Ah, ok. Now I see what I was doing wrong.
I am trying to use "-j REJECT" because I w
David Guntner wrote:
Jack Coates grabbed a keyboard and wrote:
On Fri, 2003-08-29 at 13:51, David Guntner wrote:
I'm setting up some iptables rules to block certain kinds of packets on
my ML 9.1 machine. The man page talks about logging options to have it
^
Jack Coates grabbed a keyboard and wrote:
> On Fri, 2003-08-29 at 13:51, David Guntner wrote:
>>
>> I'm setting up some iptables rules to block certain kinds of packets on
>> my ML 9.1 machine. The man page talks about logging options to have it
^
You can look on the web for iptables log which is where I found what I use.
-A INPUT -i eth0 -p udp -m limit --limit 10/hour -j LOG --log-prefix
"IPTABLES UDP-IN: "
-A INPUT -i eth0 -p icmp -m limit --limit 10/hour -j LOG --log-prefix
"IPTABLES ICMP-IN: "
-A INPUT -i eth0 -p tcp -m limit --lim
On Fri, 2003-08-29 at 13:51, David Guntner wrote:
> Hi all,
>
> I'm setting up some iptables rules to block certain kinds of packets on my
> ML 9.1 machine. The man page talks about logging options to have it log to
> the syslog, but I can't seem to figure out the exact syntax to make it
> wor
Hi all,
I'm setting up some iptables rules to block certain kinds of packets on my
ML 9.1 machine. The man page talks about logging options to have it log to
the syslog, but I can't seem to figure out the exact syntax to make it
work. No matter how I try, I keep getting a bad option message i
The file you seek: /etc/sysconfig/iptables
It's format is that of iptables-save redirected to a file. You
can either manually edit that file and do:
service iptables restart
or modify iptables in memory and do:
iptables-save > /etc/sysconfig/iptables
Enjoy,
Woody
Bill said:
Is there a file that holds the rules for ipitables that I can edit to add
lines manually? I tried to google for it but with no luck.
I need to set iptables to log matching ip addys to syslog so I can monitor
how often I get a certain ip that trys to connect but is droped due to a rule
I set.
>
> Here's the output of 'iptables -L -n -v':
>
> Chain INPUT (policy ACCEPT 1613 packets, 96669 bytes)
Even though you are specifically allowing port 135 without the syn the
default rules will accept packets that do not match any REJECT or DROP
rules. I bet you are running ethereal from the FW
I have been trying to get iptables set up on my gateway machine, but it isn't
working like I think it should. I have the following entry in the
rc.firewall script to block incoming SYN packets:
EXT_IF="ppp0"
IPTABLES="//sbin/iptables"
$IPTABLES -A INPUT -i $EXT_IF -p tcp ! --syn -j ACCEPT
yet
Jack Coates schrieb:
If you want a firewall, urpmi shorewall or look at gshield or something
else to do this stuff for you.
If you want to learn netfilter & iptables, I can highly recommend
"Policy Routing Using Linux" by Matthew Marsh, see Amazon or similar.
You probably have something else matc
El mié, 13-08-2003 a las 05:07, Thomas Gamble escribió:
> I have been trying to get iptables set up on my gateway machine, but it isn't
> working like I think it should. I have the following entry in the
> rc.firewall script to block incoming SYN packets:
>
> EXT_IF="ppp0"
> IPTABLES="//sbin/ip
If you want a firewall, urpmi shorewall or look at gshield or something
else to do this stuff for you.
If you want to learn netfilter & iptables, I can highly recommend
"Policy Routing Using Linux" by Matthew Marsh, see Amazon or similar.
You probably have something else matching above those rule
On Wednesday 13 August 2003 06:55 am, t_gecks wrote:
> Jack Coates schrieb:
> > If you want a firewall, urpmi shorewall or look at gshield or something
> > else to do this stuff for you.
> >
> > If you want to learn netfilter & iptables, I can highly recommend
> > "Policy Routing Using Linux" by Ma
On Sat, 8 Mar 2003 19:57:57 -0800 (PST) [EMAIL PROTECTED] (David
E. Fox) wrote:
> I am a pretty fair newbie in internet security issues, use of iptables
> and so forth. But I already have been attacked by some variant of a
> worm that attacked certain ports on my system, slowing my internet
> conn
I am a pretty fair newbie in internet security issues, use of iptables
and so forth. But I already have been attacked by some variant of a
worm that attacked certain ports on my system, slowing my internet
connection etc. I noticed before certain udp checksom problems when
that happened, and at the
At 03:57 PM 3/3/2003 -0800, you wrote:
> iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
> I logged out and then tried to ssh back in and I was in just fine! Tried
> to reach the web site
> and again, no trouble. I then switched to this:
Most likely, something before it is allowing it. I suggest th
On Tue, 04 Mar 2003 07:28:40 -0500 Mark Weaver
<[EMAIL PROTECTED]> wrote:
> Pierre Fortin wrote:
> > On Sun, 02 Mar 2003 17:45:12 -0500 Mark Weaver
> > <[EMAIL PROTECTED]> wrote:
> >
> >
> >>Scott St. John wrote:
> >>
> >>>Until I can migrate my clients over to Postfix I have been using the
> >
On Mon, 3 Mar 2003 21:55:55 -0800 Todd Lyons <[EMAIL PROTECTED]>
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Pierre Fortin wrote on Mon, Mar 03, 2003 at 08:54:40PM -0500 :
> > > >
> > > > So I would use /16 for a Class C network?
> > > Not quite:
> > > /8 is Class A
> > > /16 is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pierre Fortin wrote on Mon, Mar 03, 2003 at 08:54:40PM -0500 :
> > >
> > > So I would use /16 for a Class C network?
> > Not quite:
> > /8 is Class A
> > /16 is Class B
> > /24 is Class C
> Not quite:)
> 0... is Class
On Mon, 3 Mar 2003 15:55:37 -0800 Todd Lyons <[EMAIL PROTECTED]>
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Scott St. John wrote on Sun, Mar 02, 2003 at 09:19:04AM -0500 :
> >
> > So I would use /16 for a Class C network?
>
> Not quite:
> /8 is Class A
> /16 is Class B
> /24 i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott St. John wrote on Mon, Mar 03, 2003 at 08:38:28AM -0500 :
> iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
> I logged out and then tried to ssh back in and I was in just fine! Tried
> to reach the web site
> and again, no trouble. I then switch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott St. John wrote on Sun, Mar 02, 2003 at 09:19:04AM -0500 :
>
> So I would use /16 for a Class C network?
Not quite:
/8 is Class A
/16 is Class B
/24 is Class C
Blue skies... Todd
- --
Never take no as an answer from someone w
At 03:57 PM 3/3/2003 -0500, you wrote:
>If you want to block access to a specific service then just modify the
rule to appear this way. Something I forgot to ask is how many nics are you
using? you may also have to >specify the interface they're coming in on as
well.
Ex: iptables -A INPUT -p tc
Scott St. John wrote:
Heh, call me the idiot! It works *WHEN* I stop Bastille :) I am
guessing that
some rule in Bastille is over riding my iptables commands to allow the
traffic!
So, now I have to figure out the rules that Bastille is putting in place
and write
my own iptables script.
Thank
Heh, call me the idiot! It works *WHEN* I stop Bastille :) I am guessing that
some rule in Bastille is over riding my iptables commands to allow the traffic!
So, now I have to figure out the rules that Bastille is putting in place
and write
my own iptables script.
Thank you to everyone!
-Scott
On Mon, 03 Mar 2003 08:38:28 -0500 "Scott St. John" <[EMAIL PROTECTED]>
wrote:
> At 09:48 PM 3/2/2003 -0500, you wrote:
> > > > iptables -A INPUT -s 209.8.161.0/24 -j DROP
>
> Ok, perhaps I am doing something wrong, I decided to test blocking my
> home connection
> to the server just to see if it
At 09:48 PM 3/2/2003 -0500, you wrote:
> > iptables -A INPUT -s 209.8.161.0/24 -j DROP
Ok, perhaps I am doing something wrong, I decided to test blocking my home
connection
to the server just to see if it would work. Doing this:
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
I logged out and then
On Sun, 02 Mar 2003 17:45:12 -0500 Mark Weaver
<[EMAIL PROTECTED]> wrote:
> Scott St. John wrote:
> > Until I can migrate my clients over to Postfix I have been using the
> > access lists in Sendmail to block certain repeat spammers. I am
> > wondering if I could just use iptables to block them
Scott St. John wrote:
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail to block certain repeat spammers. I am wondering
if I could just use iptables to block them and take the load off Sendmail?
My question would be 1)Is that practical 2)Is the prope
On Sat, 1 Mar 2003 22:09:04 -0500 (EST) "Scott St. John"
<[EMAIL PROTECTED]> wrote:
> Until I can migrate my clients over to Postfix I have been using the
> access lists in Sendmail to block certain repeat spammers. I am
> wondering if I could just use iptables to block them and take the load
>
Ok, I have a spam place this morning trying multiple servers to get into my
mail server:
216.95.201.18, 216.95.201.31, etc. Let's say I want to block him totally
at the mail server
using iptables before he gets to Sendmail.
I would do:
iptables -A FORWARD 216.95.201.0/24 -p tcp --dport 25 -j D
On Sun, 2 Mar 2003, . wrote:
> 209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get
> 209.8.0.0 - 209.8.255.255
That is what I put in, yet this spammer still got through to Sendmail.
> Is iptables running on your firewall, with the mail server behind it, or
> on your mail server?
On Sat, 1 Mar 2003, Dave Laird wrote:
> iptables -A INPUT -s 209.82.110.17/16 -j DROP will work to drop *everything*
> from 209.82.110.x, regardless of the the fourth digits in the network
> address. Unless I've gotten it backwards again (it's past my bedtime) 24 only
> drops the 0 of your address,
On Sat, 1 Mar 2003, tarvid wrote:
> I do this at the border gateway for bulk mailers that present a heavy load to
> my postfix mail server.
The owner of the company is against blocking at the router so I am trying
to do it on the mail server.
> I use spamcop and a local RBL to catch some more.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good evening...
On Saturday 01 March 2003 10:48 pm, . wrote:
> 209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get
> 209.8.0.0 - 209.8.255.255
>
> Is iptables running on your firewall, with the mail server behind it, or
> on your mail s
209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get
209.8.0.0 - 209.8.255.255
Is iptables running on your firewall, with the mail server behind it, or
on your mail server? If the former, you might need to add this on the
FORWARD chain, not INPUT.
Keep in mind that you're block
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good evening,
On Saturday 01 March 2003 07:09 pm, Scott St. John wrote:
> My question would be 1)Is that practical 2)Is the proper way to block an
> entire network this:
>
> iptables -A INPUT -s 209.8.161.0/24 -j DROP
>
> I added this, however traff
On Saturday 01 March 2003 10:09 pm, Scott St. John wrote:
> Until I can migrate my clients over to Postfix I have been using the
> access lists in Sendmail to block certain repeat spammers. I am wondering
> if I could just use iptables to block them and take the load off Sendmail?
>
> My question
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail to block certain repeat spammers. I am wondering
if I could just use iptables to block them and take the load off Sendmail?
My question would be 1)Is that practical 2)Is the proper way to block an
ent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gonzalo Avaria wrote:
| Hi experts, i know that this question maybe sounds for a newbia list
but i
| loose nothing asking it.
| Do you know any tutotial, but EASY tutorial about setting the iptables
as a
| firewall that only allows ssh/sftp connections
Hi experts, i know that this question maybe sounds for a newbia list but i
loose nothing asking it.
Do you know any tutotial, but EASY tutorial about setting the iptables as a
firewall that only allows ssh/sftp connections?? I've been looking on the net
but i get lost on the -A,-D,-s,-p,etc comm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 24 November 2002 12:06 am, Woody Green wrote:
> On the sharing machine, run iptables-save and post the output here.
>
Hello,
After some fiddling I managed to get things working again, though I only
barely understand what I did. Below is t
On the sharing machine, run iptables-save and post the output here.
Woody
Praedor Atrebates said:
> I am having problems with a internet connection share. Oddly, I had it
> working for a while last evening but then, suddenly, it died and I was
> unable to communication computer to computer
I am having problems with a internet connection share. Oddly, I had it
working for a while last evening but then, suddenly, it died and I was unable
to communication computer to computer via wlan (sharing a modem connection on
one of them).
Running Mandrake 8.2, I have a usb wlan device on my
Hi all,
well I solved my problem. Thanks to all that read this. Since there is a
guy which can't run his Mon Mothma firewall (funky name ain't it?) and
another with problems with a webserver, let me tell you what I did. And
in the end someone may tell me *why* it did work. I must confess I don'
Wooky,
just a hunch here. But about 2 years ago we had this problem with a
FreeBSD box. pinging sites worked fine but when we tried to ftp or http
we got broken and hung sites. Turns out that the proxy set up on it set
the Fragmentation config to <1500 don't fragment >1500 fragment... now
i
Todd Lyons wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeferson Lopes Zacco wrote on Wed, Nov 13, 2002 at 07:59:19PM -0200 :
yep it is. SainTiss told me that in the newbie list (thanks!). As I
said, I can ping/resolve hosts fromthe client, but it does not transfer
(large chunks of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeferson Lopes Zacco wrote on Wed, Nov 13, 2002 at 07:59:19PM -0200 :
> yep it is. SainTiss told me that in the newbie list (thanks!). As I
> said, I can ping/resolve hosts fromthe client, but it does not transfer
> (large chunks of?) data. Weird. Pe
yep it is. SainTiss told me that in the newbie list (thanks!). As I
said, I can ping/resolve hosts fromthe client, but it does not transfer
(large chunks of?) data. Weird. Perhaps it has smthing to do with msec?
Sridhar wrote:
Check if ip_forward is set to 1 in /etc/sysctl.conf
-Sridhar
Jefe
Check if ip_forward is set to 1 in /etc/sysctl.conf
-Sridhar
Jeferson Lopes Zacco wrote:
Hi all,
I've been spending some time trying to migrate from MDK 8.1 to 9.0. I
faced numerous problems, but now there is one left which I can't figure
out.
I have a script for IPTABLES which act as a fire
Hi all,
I've been spending some time trying to migrate from MDK 8.1 to 9.0. I
faced numerous problems, but now there is one left which I can't figure out.
I have a script for IPTABLES which act as a firewall and doubles as a
NAT/MASQ for the other machine in my tiny network. The script functions
Hi Hans -
What you're trying to do is actually a pretty common setup, which is
good, cus there are lots of examples. To save yourself some time, there
is a program that ships with mandrake called 'draknet' and could be
really helpfull for you. Its a nice utility that will walk you through
sett
hi Dan,
first at all - have a lot of thanks to say for helps in every case.
the example I have posted, I had found in an example of a doc-file,
where iptables would be explained --:))) but as in the most cases it
will happen, that some things are not running in that way, it should.
And then the sur
hans privat wrote:
hi Ron,
first - thanks for your answer.
but have a lot of open questions anyway.
the script you mentioned, I have downloaded. but for example, I don't
have a setted up DNS yet.
Now - I have 3 workstations and 1 (designated) firewall. and maybe, the
workstations would be grow in
On 18 Oct 2002, hans privat wrote:
> Reading the docs about DHCP shows a big disadvantage, if using a
> DHCP-server :
> the connected clients does NOT have some knowledge of the neighbourhouds
> of clients.
> to circumvent this problem, the docs talks about setting up a real DNS
> within the local
hi Ron,
first - thanks for your answer.
but have a lot of open questions anyway.
the script you mentioned, I have downloaded. but for example, I don't
have a setted up DNS yet.
Reading the docs about DHCP shows a big disadvantage, if using a
DHCP-server :
the connected clients does NOT have some k
-
From: [EMAIL PROTECTED]
[mailto:expert-owner@;linux-mandrake.com]On Behalf Of Ron Stodden
Sent: Friday, 18 October 2002 8:45 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] iptables in mdk 8.2
Ron Stodden wrote:
> A very simple way to get set up is to download to /etc/iptables the
> rc.ip
Ron Stodden wrote:
A very simple way to get set up is to download to /etc/iptables the
rc.iptables-2.3.8pre7 script from:
Should be:
rc.firewall-2.3.8pre7 script from:
http://monmotha.mplug.org/firewall/index.php
cd to /etc/iptables, and customise it with an editor as explained in the
script
hi Daniel,
thanks a lot, your hint does the trick - am happy now for the first
time. Can do now my first bloody steps.
in the meantime I have downloaded some docs based on www.linuxguruz.org.
Seems to be a really good docaddress for getting an understanding of
this big theme security.
thanks and
hans privat wrote:
hi,
in a sysadmin-book I've read, that with kernel 2.4 the "iptables"
should be used.
now I have done a lookup with lsmod and have seen, that there was NO
iptables but an ipchains.
You have the iptables RPM installed. Good! But you must now delete the
ipchains ROPM - use
hi,
in a sysadmin-book I've read, that with kernel 2.4 the "iptables"
should be used.
now I have done a lookup with lsmod and have seen, that there was NO
iptables but an ipchains.
then I have done a rmmod ipchains and was trying at first a modprobe
iptables. the answer was " there is no iptable
Hi Hans -
Try: insmod ip_tables
instead of iptables, that should work for ya.
Dan
http://five2one.org/
hans privat wrote:
hi,
in a sysadmin-book I've read, that with kernel 2.4 the "iptables"
should be used.
now I have done a lookup with lsmod and have seen, that there was NO
iptables but an
On Tuesday 13 August 2002 04:02 am, you wrote:
> Ron,
>
> I responded to you private on this, but I just thought of something else
> also that you can try.
>
> First the original suggestion for everyone elses benefit, as root:
>
> /etc/rc.d/init.d/iptables stop
>
> Then
>
> /etc/rc.d/init.d/iptab
On Mon, 2002-08-12 at 14:23, Ronald J. Hall wrote:
> I'm posting this here, because I figured it was a bit above the newbie level.
> If wrong, I apologise...
>
> I ran BastilleChooser, I added a rule to iptables, and I'm not able to get
> Quake 3, v1.31 to find my other 2 Linux comps. (or them
On Monday 12 August 2002 02:23 pm, you wrote:
> I'm posting this here, because I figured it was a bit above the newbie
> level. If wrong, I apologise...
Sorry, forgot to post Quake3's error output:
--- Common Initialization Complete ---
Opening IP socket: localhost:27960
Hostname: darkforce.com
I'm posting this here, because I figured it was a bit above the newbie level.
If wrong, I apologise...
I ran BastilleChooser, I added a rule to iptables, and I'm not able to get
Quake 3, v1.31 to find my other 2 Linux comps. (or them find me). I've got
Mandrake v8.2.
Networking is up:
eth0
hi,
firstly, go easy on me, i'm still new to the list and linux.
i'm running LM 8.1 with kernel 2.4.16-6mdk
browsing thru the logs, i came across this in /var/log/messages
Mar 4 00:20:52 infiniti bastille-firewall: iptables v1.2.4:
Mar 4 00:20:52 infiniti bastille
Following the content of the very good article in GNU/Linux magazine France
& in Linux Journal I configured the netfilter with the script here below &
end up being able to ping any host (inside or outside my private network). I
cannot however do any TCP connexions what so ever I did a MDK
>does he send to that smtp while connected to the same isp that provides
>the smtp service ? because some isp's reject addresses that are not coming
>from their domain's (address calss)
Of course he is.
Everything else works well in his network share system.
So I had to ideas :
1. his pro
FL wrote:
>>Not sure I understand.
>>
>>He can send mail out, but he's getting a "rejected -relay not allowed" or
>>something back from the destination?
>>
>
> Yes, he can check mail via pop.provider.net but can't send it via
> smtp.provider.net. He's getting a "rejected -relay not allowed".
>
PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: [expert] iptables : SMTP reject relay
>
> >Not sure I understand.
> >
> >He can send mail out, but he's getting a "rejected -relay not allowed" or
> >something ba
>Not sure I understand.
>
>He can send mail out, but he's getting a "rejected -relay not allowed" or
>something back from the destination?
Yes, he can check mail via pop.provider.net but can't send it via
smtp.provider.net. He's getting a "rejected -relay not allowed".
>From where does it come
Not sure I understand.
He can send mail out, but he's getting a "rejected -relay not allowed" or
something back from the destination?
If so, check the postfix configuration.
--- FL <[EMAIL PROTECTED]> wrote:
>
> Hi!
>
> A friend of mine is trying to setup a MDK 8.0 as a ADSL gateway for his
Hi!
A friend of mine is trying to setup a MDK 8.0 as a ADSL gateway for his
local network. Everything is working well with the internet sharing
connection wizard but his SMTP doesn't accept his connection.
I have read in IPCHAINS How-To that I must use REJECT and not DENY in the
rules. I have l
Just a quick easy question (if you know the answer) ?
What is PUB_IN when you do a:
iptables -v -L INPUT
I am worried by the line:
PUB_IN all -- ppp+ any anywhere anywhere
What does this line mean, open ppp+ to anyone!!! from anywhere?
TIA
Dave
Want t
L PROTECTED]
Subject: [expert] iptables and ipip tunnels
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
I have been asking for help on both lists for 2 weeks , it seems that
unless your face fits , its a very private club
bg Richard
system now hacked as I cant put a firewall up wi
On Sun, 2002-01-06 at 16:52, nds wrote:
> richard wrote:
>
> >Hi
> >will this work
> >/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
> >
>
> Hindsight:
>
> reverse the numbers of your ip for what you are trying to do or
> substitute them for values/variables like "localip", "remoteip",
> "l
richard wrote:
>Hi
>will this work
>/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
>
>I have been asking for help on both lists for 2 weeks , it seems that
>unless your face fits , its a very private club
>
>bg Richard
>system now hacked as I cant put a firewall up without destroying the ip
>tu
cc:
Sent by: Subject: [expert] IPTABLES AND
TUNNELS
expert-owner@linux-ma
ndrak
Thanks Mat I'll try it on input and output.
On Sun, 2002-01-06 at 11:04, [EMAIL PROTECTED] wrote:
>
> richard <[EMAIL PROTECTED]>
> >
> >Hi
> >will this work
> >/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
>
> It looks good to me, although I wouldn't include the interface part. You
> may ha
richard <[EMAIL PROTECTED]>
>
>Hi
>will this work
>/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
It looks good to me, although I wouldn't include the interface part. You
may have to add this to your OUTPUT chain as well. If the firewall were to
live on a different box, you would want this ru
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
I have been asking for help on both lists for 2 weeks , it seems that
unless your face fits , its a very private club
bg Richard
system now hacked as I cant put a firewall up without destroying the ip
tunnel,.
Strange that after
HI ALL.
RE: IPTABLES AND TUNNELING
ANY CHANCE , REMOTE , SMALL ETC
/sbin/bastille-netfilter
what do I need to add to the script to allow Protocol 93 (IPIP)
to pass unheeded in both directions thru the public interface, ie. the
ethernet port connected to the cable modem. I can get some thru but
Hi all, after the original posting to this list and to the bastille
list,
and just 1 reply which was to forward the last archieve from the
bastille list, at least a reply but the contents were my original mail
and another very unrelated.. so althogh the intent was there, no a lot
of help.
Now will
Kevin wrote:
>
> As a side note, the man page for iptables is pretty clear that --dport is
> only effective when -p is given. Try a look at the man page next
> time you get stuck. :)
>
indeed...i had been through there a few times but for what ever reason
missed that part. not a good part to
On Tue, 11 Dec 2001 13:12:13 +1100
Tarragon Allen <[EMAIL PROTECTED]> wrote:
> I think the technical reason it gave the "option unknown" response is because
> those options (--dport, --sport) only become available to iptables when the
> specific protocol module (tcp, udp) gets loaded. If you do
On Tue, 11 Dec 2001 00:06, Mark Weaver wrote:
> t,
>
> adding the "-p" (protocol) was the missing link. why in the world didn't
> iptables just say that's what it was missing instead of the generic error
> message it was giving me?
I think the technical reason it gave the "option unknown" respons
On Monday 10 December 2001 03:06 am, Mark Weaver wrote:
> On Mon, 10 Dec 2001 14:24:14 +1100
>
> Tarragon Allen <[EMAIL PROTECTED]> wrote:
> > On Mon, 10 Dec 2001 14:27, Mark Weaver wrote:
> > > Hi List
> > >
> > > It was my understanding that with the latest version of Iptables
> > > "--dport"
On Mon, 10 Dec 2001 14:24:14 +1100
Tarragon Allen <[EMAIL PROTECTED]> wrote:
> On Mon, 10 Dec 2001 14:27, Mark Weaver wrote:
> > Hi List
> >
> > It was my understanding that with the latest version of Iptables "--dport"
> > which is an alias for "--destination-port" is a legal argument. However,
On Mon, 10 Dec 2001 14:27, Mark Weaver wrote:
> Hi List
>
> It was my understanding that with the latest version of Iptables "--dport"
> which is an alias for "--destination-port" is a legal argument. However,
> when i attempt to add the below into the ruleset of iptables,
>
> iptables -A IN
Hi List
It was my understanding that with the latest version of Iptables "--dport" which is an
alias for "--destination-port" is a legal argument. However, when i attempt to add the
below into the ruleset of iptables,
iptables -A INPUT -s 199.224.86.15 --dport 53 -j ACCEPT
...this is
install a
> cooker kernel
>
> Bye
> Andy
> - Original Message -
> From: "richard" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, November 26, 2001 3:23 PM
> Subject: [expert] iptables for 2.4.13 and later
>
>
> &g
IL PROTECTED]>
Sent: Monday, November 26, 2001 3:23 PM
Subject: [expert] iptables for 2.4.13 and later
> Hi all,,
> has the version requirement for ip tables changed from 2.4.13-2mdk and
> later
> I'm having probs getting NAT working on 2.4.13-7mdk, after a kernel
> bui
1 - 100 of 119 matches
Mail list logo