can I masquerade through eth0:1 ?
thanks,
petre
--
10:06am up 9 min, 1 user, load average: 0.16, 0.22, 0.14
Hi All,
***
First I'd like to appologise for polluting list with discussion about
outrageously excessive use of html in posts to this list. I'll think
much more carefully about it in future, before posting.
(ref thread: The posting of HTML format messages to this List)
Also, I
Hi,
As I said earlier I am using Mdk Linux 8.2 with kernel 2.4.18. I am trying to
shift from ipchains to iptables for a simple reson that I cannot connect to
one particular ftp site where ip_masq_ftp was required in earlier versions of
kernel. Now this module is no longer available. So, I have
Antony Stone [EMAIL PROTECTED] wrote:
On Wednesday 12 June 2002 5:33 pm, Nathan Cassano wrote:
Well you learn something new every day. Today I learned inetd does ident
checks on it's clients.
Yes, it's called tcpwrappers, and has been pretty standard on systems for I'd
say about four
Use
#iptables -t nat -L
-Sathayn
- Original Message -
From: Payal [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 3:28 PM
Subject: iptables : masq
Hi,
As I said earlier I am using Mdk Linux 8.2 with kernel 2.4.18. I am trying
to
shift from ipchains to iptables
I was wondering whether Netfilter can filter away packets handled by Linux
bridge. If the bridge forwards the packet to another port, the packet
never goes through IP routing, so Netfilter should handle it inside the
bridge.
Also, is it possible to apply rules to packets according to the
hi:
i try to set some rules at mangle table.
if rule 1 match, rule2 seems still be checked.
can i leave mangle table if rule 1 match?
eg: if rule 1 match, then rest of rules are not checked,
just like filter table..
do i need to create a new chain to do this?
example:
rule1:
On Thursday 13 June 2002 10:59 am, Juri Haberland wrote:
This is annoying, is there a way you can turn
this off inside inetd?
Yes, it's the bit on each line of /etc/inetd.conf which says
/usr/sbin/tcpd - it does an ident lookup and logs the access to syslog
before handing the
Hi
On Tuesday 11 June 2002 04:26, Payal wrote:
Hi,
Thanks for the mails.
iptables -A POSTROUTING -o $EXT_IF -j MASQUERADE
Warning: wierd character in interface `-j' (No aliases, :, ! or
Is it possible that EXT_IF is not set? This really looks like
EXT_IF=. Try expicitly iptables -A
hi,
I have a *very* standard situation:
network: 10.1.1.97/27
small router 10 PCs
---[ 10.1.1.97 / 27 ] - [ 10.1.1.98-108 ]
Now I want to create a firewall between the small router and 10 PCs.
The only problem is: nobody should change configuration
Hi All,
I hope somebody can assist me in finding information about this...
Please consider the following argument:
Although the TCP sequence numbers may get sent to the log file (if
logging is turned on for a rule), if it not present in the state table
(/proc/net/ip_conntrack), then it is not
is there Microsoft Messenger module which masq file transfers for
netfilter?
thanks a lot in advanced !:)
Good morning,
just wondering if the behavior i discovered yesterday on our iptables-
firewall is ok:
I connect from Box A via SSH to Box B, where the firewall runs, and i
get the state NEW on the first packet.
Then - the first connection is still established - i connect AGAIN from
Box A to Box
Hello,
I have a question, on IPTables behavior in the following scenario. I have
not subscribed to the netfilter list, so please CC me when answering.
First, I am using Linux kernel version 2.4.9, and IPTables v1.2.
The scenario is the following:
I have a private network, with 192.168.x.x
Hi,
I would like to know if we can write filter for protocols running over UDP/IP in
netfilter. Any info in this regard will be useful.
thanks
amit.
DISCLAIMER: This message is proprietary to Hughes Software Systems
Limited (HSS) and is intended solely for the use of the individual
to whom
Hi all,
I use following rules (not only :-) in my fw script:
$IPTABLES -A INPUT -i $INTERNAL -m state --state INVALID -j DROP
$IPTABLES -A INPUT -i $INTERNAL -m state --state RELATED,ESTABLISHED -j
ACCEPT
but when I try to connect to w98 using smbmount or smbclient it still
drops returning
Hello everyone,
Let me preface this by saying that I am seriously disappointed by my failure
to figure out what I'm doing wrong here, and any admonitions I receive from
ramin for being an idiot will be appreciated. I've been using ipchains for a
over a year for simple packet filtering and am now
On Wed, 8 May 2002 16:07:05 +0200 Harald Welte [EMAIL PROTECTED] wrote:
Hi!
Workarounds
===
Filter out untracked local packets:
iptables -A OUTPUT -m state -p icmp --state INVALID -j DROPUnfortunately there is a
very unpopular
announcement to be made on this
If i have default
I use the DOS ping command. The -l option allow to specify
the length ot the icmppackets.
iptables -A FORWARD ! -f -p icmp -j DROP should only drop
the first fragment or the unfragmented packets
Greg
I can confirm your finding. iptables -A FORWARD -f -p
icmp -j DROP
does not drop the second
I have been using iptables-netfilter for a while and wish to clarify in my mind for once how to do the following.
Scenario: An iptables firewall has 2 interfaces, which are a public and a private interface, for simpilicty's sake. Behind the firewall a service runs which needs to be visible
I am having trouble applying the H323 patch to the 2.4.18
kernel source. Is the H323 built into any development kernels at www.kernel.org? I used the following process:
[starting with working 2.4.18 kernel]
/usr/src
freeswan-snap2002may7d -
/usr/local/src/freeswan-snap2002may7d/
I have been using iptables-netfilter for a while and wish to clarify in
my mind for once how to do the following.
Scenario: An iptables firewall has 2 interfaces, which are a public and
a private interface, for simpilicty's sake. Behind the firewall a
service runs which needs to be visible to
Hi
I use this script
http://www.linuxguruz.org/iptables/scripts/rc.firewall_023.txt
for my box as a firewall/router for my windows
computer. And i have problems with MIRC/IRC. I tried
all the options in the local info in the mirc options
with no results. If o choose Lookup method Normal i
can
Dear, Rusty Russell.
I'm sorry. I don't speck English.
I am not understand.
I want to that you expatiate on me about follow
sentence.
(which would leave all but the hardiest souls
confused, paranoid and seeking heavy weaponry)
Source of above sentence is 1.Introduction of Linux
2.4 Packet
Hi All,
I've sat down and written up some Traffic Accounting Software for some of my
clients. I felt that it might be of some interest to those on this list.
Here is an exerpt from my README file: -
ulogd_ACCOUNT
Hi All,
I've sat down and written up some Traffic Accounting Software for some of my
clients. This part of it is the Web Front End that they see. I thought this
would be
of interest to some of you.
If you prefer to see a working (sane chrooted) example, click through to:
Hi,
I'm trying to do a basic port redirect load balancing, here is what I tried :
while true; do echo serv1 | nc -l -p 4001; done
while true; do echo serv2 | nc -l -p 4002; done
iptables -t nat -F PREROUTING
iptables -t nat -I PREROUTING -p tcp --destination-port 1234 -j REDIRECT --to
[To Moderator if Any]: My apologies on last emails.
They had a typo in the return address. Resent with correct address.
Hi All,I've sat down and written up some Traffic Accounting
Software for some of myclients. I felt that it might be of some interest to
those on this list.Here is an
[To Moderator if Any]: My apologies on last emails.
They had a typo in the return address. Resent with correct address.
Hi All,I've sat down and written up some Traffic Accounting
Software for some of myclients. This part of it is the Web Front End that
they see. I thought thiswould beof
Is it possible to view some sort of cache for the current
mappings NAT is handling?
Thanks
Justin Schroeder
Network Security Analyst
Virginia Tech Transportation Institute
[EMAIL PROTECTED]
540-231-1578
Greetings,
I apologise in case this is a question that
you all are often faced with.. Unfortunately, I'm unable to find the answer in
any of the documentation.
I'm trying to find out how to set
masquerading nat timeouts for tcp/udp/icmp sessions.. Also, does anyone know of
a script that
On Sun, May 12, 2002 at 01:29:09PM -0400, Kramer wrote:
Windows client hosts on the NATed LAN can't find the NT4 Domain for
logon. Therefore Network Neighborhood browsing doesn't work. Strangely
direct UNC connections will work if logon credentials are not required.
In normal IP networks
- Original Message -
From: Kramer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, May 12, 2002 7:29 PM
Subject: MS Windows domain logon via netfilter NAT
I have gotten a RedHat 7.3 box operating as a router/filter to a private
(192.168.132.0/24) with dhcp without too much
Help!! I have no hair left!
I have been over the HOWTO, most exampes I can find
and I still can't get things working entirely correct.
I've looked in the archives, and that's gotten me
about 95% of the way. But that last 5% is killing
me.
external net-firewall/dns-internal net
I had this same problem, but everything is working fine now for me.
You must apply first all pending patches otherwise it will fail. (If a
pending patch cannot be applied/failed at applying, that does not
matter.)
I suggest using make patch-o-matic from userspace/.
There are pre-requisite
Howdy,
Im working on a thesis and I'm learning Linux as I go along.
I tried to compile the 1.2.6a IPtables at my RedHat-machine with kernel 2.4.18.
I get the following message when running make.
gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g -I../include-glibc -include
Hello All
I configure Iptables with 3 cards external,lan and dmz.
I have 2 http servers in the dmz .Packets that coming in to port 80 I am doing DNAT to
a
web server in the DMZ.I try to do apache redirect from this web server (in the
httpd.conf -redirect option
Redirect /
Hello All
I configure Iptables with 3 cards external,lan and dmz.
I have 2 http servers in the dmz .Packets that coming in to port 80 I am doing DNAT to
a
web server in the DMZ.I try to do apache redirect from this web server (in the
httpd.conf -redirect option
Redirect / http://192.168.1.3)
Hello All
I configure Iptables with 3 cards external,lan and dmz.
I have 2 http servers in the dmz .Packets that coming in to port 80 I am doing DNAT to
a
web server in the DMZ.I try to do apache redirect from this web server (in the
httpd.conf -redirect option
Redirect / http://192.168.1.3)
Hello.
I was wondering whether Netfilter can filter away packets handled by Linux
bridge. If the bridge forwards the packet to another port, the packet
never goes through IP routing, so Netfilter should handle it inside the
bridge.
Also, is it possible to apply rules to packets according to
I am wondering what is the best way to specify an odd group of hosts. For
example, I want to allow managment hosts access to 192.168.0.5. The
managment hosts are 192.168.1.4, 192.168.1.12, 192.168.1.96.
As far as I can tell from the iptables docs you can only specify groups by
netmask
I built the iptables ruleset (/etc/sysconfig/iptables) in my RH7.2. It seems
to work okay when booting my system as it shows when 'iptables -L -n' but
some rules are not okay, I can't connect to the internet from my internal
network even though the rule '-A INPUT -s 192.168.1.0/255.255.255.0 -i
Eugene:
I made a couple of changes to your script. I added the ip_conntrack module.
I rewrote your forwarding rules near the end. I would recommend that you
make all
Your default policies drop, and then open up what you need to. Try those
changes.
If they don't work do a iptables -v -L
Hi,
consider the following:
You want to connect to an ftp server running on, say,
port 5432 from Your internal LAN. Between is a Linux
box with netfilter, masquerading or S'natting respectively
the internal addresses.
All works fine with ftp servers on port 21, but on port
5432 connection
Hello all
I need to do a complicated configuration of NAT over that iptables.
I have varius Network Access Server under Linux with PPP
interfaces.
Each time a client connect to one of these machines the final user will
receive an IP like 10.10.x.x.
Now.. These NAS server has a static defualt
ich verwende noch ipchains, weil ich dazu erfahrung
habe und momentan erst andere Dinge lösen möchte. Ich habe auf kernel 2.4.18
umgesattelt. mein firewall leuft j auch schön braf bis auf ftp. unter Kernel
2.2.19 war dafür das modul ip_masq_ftp zuständig. dieses finde ich unter
kernel
I'm just trying to teach myself how to configure a filewall using
iptables. This is my current script:
# Set up a default DROP policy for the built-in chains.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
## LOOPBACK
# Allow unlimited traffic on the loopback interface.
On Thursday 09 May 2002 6:33 pm, patrick conlin wrote:
Hello everyone,
Let me preface this by saying that I am seriously disappointed by my
failure to figure out what I'm doing wrong here, and any admonitions I
receive from ramin for being an idiot will be appreciated.
Will you appreciate
On Thursday 09 May 2002 9:11 pm, alan barrow wrote:
Now behind the firewall are 2 separate servers, each running a web
service and each running on port 80.
1) The question is, with only 1 real world address available to you,
what suggestions do you guy's have as to the configuration
I would be grateful for expert opinion on a simple matter:
I am trying to reconcile the traffic charges of my ISP with my own
counts.
I have a plain 1500/256 bridged ADSL connection (i.e. no connection
software or overhead) to eth0 on a lightly-loaded web/mail server.
My traffic counter is
Sorry if this is someplace else but can't find the
answer.
There are 8 default tables INPUT, OUTPUT, FORWARD,
nat/PREROUTING, nat/OUTPUT, nat/POSTROUTING,
mangle/PREROUTING, mangle/OUTPUT. For a packet coming
into an interface and going to leave another interface
(not going to userspace), what
I haven't seen this addressed in any FAQ or HOWTO
on netfilter.samba.org so I hope this is an appropriate place.
I'd like to do Masquerading on to 2 different ppp
interfaces. So when a packet reaches the gateway from the internal LAN
(the first packet of its connection) the gateway should
Hello all,
Please pardon me if this is answered elsewhere. I have tried looking through
all of the documentation, but I am still left wondering what are the
advantages/disadvantages of the DROP, REJECT, and MIRROR targets? I know
what they do, but I'm not quite certain as to what are some of
Hello.
I have a problem with dcc send in irc.I've read past posts on the lists and
done
everything they said but i can't figure what goes wrong.
I have a machine with a plain 56k pstn modem.
My setup is the following.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Hi,
I have a problem with arp :
The problem is :
Adding arp lines manually to a Red hat 6.x/7.x machine -
I have a Mac address and want to add it manually to the linux arp table.
Thanks in advance, REALLY SORRY FOR THE BOTHER,
Dov.
Hi, first of all thank you for your time
Missatge citat per: Antony Stone [EMAIL PROTECTED]:
On Monday 20 May 2002 1:03 pm, Eduardo GARCIA wrote:
For example my network is 1.2.3.0 and I want that a host with an IP
address
10.9.8.7 can navigate. First of all, the host will send arp
Hello all,
Im having trouble allowing internal computers to
access remote FTP sites on the net. The
new version of CUTE FTP can seem to connect ok.
But Internet Explorer gives an error Invalid PORT command. And Bullet Proof FTP says it cant open
the socket.
Also, one other
Hello,
I've been using ipt 1.2.6a for 2 month's. There's seem to be a problem in
/proc/net/ip_conntrack.
I have chains here, that can't be cleared out. Example:
tcp 6 321156 ESTABLISHED src=63.218.135.142 dst=62.xx.x.44 sport=63920 dport=80
[UNREPLIED] src=192.168.101.2
Although I didn't take a closer look at it, I guess that
http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
(posted on the list a few days ago) is interesting for you...
Cheers, Uli
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von Adam
On Tue, 21 May 2002, Antony Stone wrote:
On Tuesday 21 May 2002 10:47 am, Eduardo GARCIA wrote:
For example my network is 1.2.3.0 and I want that a host with an IP from
any unknown network (i. e. 10.9.8.7) can navigate.
No way. You can't create a network which will allow a host with
hi 2 all
introduction:
my box (RedHat 7.0 with patches etc) was actively fllooded by big ICMP
packets
wthout last fragments.
ok, well, i had tryed to log them by using iptables -f -j LOG rule
but no logs were generated! nevertheless, tcpdump was duly reporting
fragmented icmp traffic.
problem:
Is dscp match work in the recent iptables?
# uname -a
Linux router 2.4.17 #10 Tue Mar 26 01:26:47 EET 2002 i686 unknown
# iptables --version
iptables v1.2.7-20020520
# iptables -A INPUT -m dscp --dscp 0x20 -j ACCEPT
iptables: No chain/target/match by that name
The same happens with iptables
I have received private email's regarding similar occurrences. Perhaps there
is some weirdness about since I am not alone on this?
Additionally if this is a problem with the module should I move this
conversation to the netfilter-devel list ? opinions ?
--
Re: PPTP/GRE + Newnat Issues
Date:
On Wednesday 15 May 2002 4:04 pm, Nir Cohen wrote:
Hello All
I configure Iptables with 3 cards external,lan and dmz.
I have 2 http servers in the dmz .Packets that coming in to port 80 I am
doing DNAT to a
web server in the DMZ.I try to do apache redirect from
this web server (in the
Hi Alan,
Now behind the firewall are 2 separate servers, each running a web
service and each running on port 80.
1) The question is, with only 1 real world address available to you,
what suggestions do you guy's have as to the configuration required to
make both web servers available
hello all,
this is my first time posting to this board. i am having trouble
with my iptables rules. my configuration consists of a linux
router as the main network gateway and firewall providing NAT and
ipsec. i have compiled kernel 2.4.17 with freeS/WAN version
1.91. i have a source nat
Thank you all for your time, I'll have to squeeze hard my brain to solve it.
Just one more question: I've heard that there is a Cisco system (just one
machine that solves the whole problem?) that allows all that thing. Anybody
knows it?
Thanks again.
Edu
Hi,
I have the following setup:
external_net_1 \
firewall internal_net
external_net_2 /
the machine on the internal_net only has one IP address (in this case
193.72.186.6, could be e.g. 192.168.x.x), but must be reachable from the
outside as:
hi,
i'm trying to do some DNATing and i'm having some trouble. The
particular problem exists only for a udp port. The port is 3283. It's
for apple's remote desktop. i've got allow DNATs setup for appletalk
and other protocals over tcp. They work fine. But when i try to
connect to
Hi,
I am trying to autoload via kmod some modules from iptables,
specifically ip_conntrack_h323.o. I can load it manually, but to do it
automatically I need to have the correct info. in my /etc/modules.rc file.
If anyone else uses this method of module loading and can help me with my
options I
iptables-1.2.6a-cvs020520:
cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DNETFILTER_VERSIO
N=\1.2.7\ -fPIC -o extensions/libipt_REJECT_sh.o -c
extensions/libipt_REJECT.c
extensions/libipt_REJECT.c: In function `init':
extensions/libipt_REJECT.c:92: structure has no member named
Hi
I made a complex firewall script that had very strange problems. I
took plenty of time trying to find out what was wrong until I found that
even this simple script (that is said to be working in NAT-HOWTO on
netfilter website) had the same problems :
# Begin script
iptables -t nat
I am using
iptables-1.2 ,kernel 2.4 and Squid-2.3.STABLE4 on
Redhat 7.1 . A static ip a.b.c.d and aztech dsl router
having an ip private ip 192.168.1.1 and a gateway
192.168.1.7 and squid running on the eth0 192.168.1.7
and external ip eth1 a.b.c.d.
I want to set nat iptables ,squid for
hi,
i'm still having trouble trying to dnat for udp. Below is a tcpdump
while trying to connect. i wanted to present this to the list and see
if anyone knows why my server machine machine would be trying to
communicate directly with the masq'd machine. To me, that is a problem
since
Hi there!
oom-loop fixes error handling after a netlink failure - it does not do a
cleanup and it makes every next call to ip_fw_check to detect a
loop and drop the packet.
nlma fixes a call to netlink_broadcast with GFP_KERNEL ( passed to
skb_clone ) while we are in_interrupt() (
you have to block port 1214 on the FORWARD chain for KaZaa
and my guess would be to block the audio galaxy servers IPs on the
FORWARD chain since audio galaxy just use standard http port 80 and ftp
port 2120 for transfers and frontend
Carlos Horacio Silva Elizondo wrote:
Hello , Any body
On Sat, May 25, 2002 at 04:39:18PM +0200, Valentin LAB wrote:
Well, I've found the solution. It's in the forgotten PPPoe manual in
kernel mode of 2.4.x (i've found it in google's cache, it had
disappeared from the referenced link.)
Fortunately, it is documented in the (recent) iptables
I enabled local natting of connections in the kernel so that I can
do transparent proxy from the local host itself running squid, and
I only use these two rules in the new table called OUTPUT for nat.
# transparent proxy for localhost
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner
Harald Welte wrote:
On Fri, May 17, 2002 at 08:39:39AM +1000, John Holman wrote:
My question:
Is there ANY reason to suppose that the ACCOUNTING total is not an
accurate count of all IP traffic into and out of eth0?
yes, since you only count locally-generated and locally-targeted
I am having trouble applying the H323 patch to the 2.4.18 kernel
source. Is the H323 built into any development kernels at
www.kernel.org? I used the following process:
[starting with working 2.4.18 kernel]
/usr/src
freeswan-snap2002may7d - /usr/local/src/freeswan-snap2002may7d/
linux -
I'm getting ready to put together a distro on a floppy (or cdrom)...
After poking around on the net I think this is the best place to start
http://leaf.sourceforge.net/devel/jnilo/
Anybody have comments or recommendations?
// George
--
GEORGE GEORGALIS, System Admin/Architectcell:
Hey, this is a general question about getting a bunch of windows boxes behind
a masqueraded connection to play starcraft on battle net.
Battle net uses a few tcp connections along with udp port 6112 for each
machine. For some reason I am getting incredible lag behind my nat/firewall
I'm getting ready to put together a distro on a floppy (or cdrom)...
After poking around on the net I think this is the best place to start
http://leaf.sourceforge.net/devel/jnilo/
Anybody have comments or recommendations?
// George
--
GEORGE GEORGALIS, System Admin/Architectcell:
Hi there,
I did setup a classical linux firewall box with two private ip segment, one
for the intranet(192.168.1.0/24), the other one for dmz (10.0.0.0/8).
Please find my firewall scripts (i ve deleted ip addresses for security
purpose but it's not very important to understand, isn't it ? Sorry
Hi,
(removed netfilter-devel from the headers, this is not a development Q)
Netfilter supports arbitrary netmasks for IP addresses which is more
powerful than just those IP/x (0 = x = 32) expressions.
For example one could use IP/255.0.255.255 (IP/23.13.42.0 would also work ;-).
Are masks
Derrik Pates touched on this earlier in the thread, but I'll try and
clarify a bit.
The DNCP server of the ISC (Internet Software Consortium,
http://www.isc.org) uses a different type of network access in Linux,
so to speak. Normally, when programs need network access, they open
up an Internet
On Tuesday 28 May 2002 15:18, Thomas Heinz wrote:
Netfilter supports arbitrary netmasks for IP addresses which is
more powerful than just those IP/x (0 = x = 32) expressions.
For example one could use IP/255.0.255.255 (IP/23.13.42.0 would
also work ;-).
Yes, this is the fastest method when
Roar Bjørgum Rotvik [EMAIL PROTECTED] writes:
In this scenario, the policy DROP exists before DHCP client starts up, but
still the DHCP client manages to assign a new IP-address.
ifconfig shows shows that eth0 has been assigned new IP-address. ping or
any network traffic after that does
Hi there,
I did setup a classical linux firewall box with two private ip segment, one
for the intranet(192.168.1.0/24), the other one for dmz (10.0.0.0/8).
Please find my firewall scripts (i ve deleted ip addresses for security
purpose but it's not very important to understand, isn't it ? Sorry
I've always wondered about the concept of useing wierd netmasks on private
internal networks, just to thourouly confuse anyone who actually breaks
into them (obsurity isn't security by itself, but any little bit you can
add on and anything you can do that will break standard tools)
never
Hi all
I am trying to use iptables as firewall. Now I want to filter
the
packets which are Masqueraded. In one of the tutorial, there is written
that filtering is not done in POSTROUTING chain since certain packets will
bypass the chain. Then where to filter the
I noticed this message and a couple of others from this list when clearing
out my spam folder. If you are writing in latin script, why in the name
of are you setting ks_c_5601-1987 as your charset?!?
If you use a Korean charset no-one will see your messages. If you are a
Korean (this guy
On Saturday 18 May 2002 6:11 am, John T. Guthrie wrote:
Hello all,
Please pardon me if this is answered elsewhere. I have tried looking
through all of the documentation, but I am still left wondering what are
the advantages/disadvantages of the DROP, REJECT, and MIRROR targets? I
know
On Tuesday 21 May 2002 8:33 am, Wojciech Sobola wrote:
Hello,
I've been using ipt 1.2.6a for 2 month's. There's seem to be a problem in
/proc/net/ip_conntrack. I have chains here, that can't be cleared out.
Example:
tcp 6 321156 ESTABLISHED src=63.218.135.142 dst=62.xx.x.44
Yes, finally published at:
http://www.gnusec.com/resource/security-stuff/Guides%20and%20Documents/HAFir
ewallLinux-VRRP.pdf
You can download it in spanish...
Un saludo,
Sancho Lerena [EMAIL PROTECTED]
GNU Security Networking
http://www.gnusec.com
Hello,
I'm newbie in netfilter hacking and I have to filter my packet
with an external application. I think that I have to look around
ip_queue.
I just have checkouted the cvs netfilter/usernamespace
and netfilter/testsuite
but I have an error building
Dear all
I have recently built a firewall for my home office. All
seems well, its fairly secure. One problem though, every time my Windows
client sends a packet destined for my Linux box that is not destined for the
Internet (say for example when I use PUTTY over SSH) PPPD dials up. I am
Hi all
TCP connection flow by this scenario
Can someone explain me where pass borders of state ESTABLISHED, NEW.
1- SYN
2- SYN ACK
3- ACK
connected
4- ACK
5- ACK
6- FIN
7- ACK
8- FIN
9- ACK
closed
I think so:
1,2,3 NEW
2,3,4,5,6,7,8,9 ESTABLISHED
2,3,4,5,6,7,8,9 RELATED
i`m wrong?
On Thursday 30 May 2002 2:46 pm, [EMAIL PROTECTED] wrote:
Antony, ever heard of TCP MTU Discovery?
Er, yes, it's a mechanism whereby machines communicating by TCP find out the
maximum size of packets which can be transmitted between them, across
whatever underlying protocol connects them.
Hello Everyone. I
hope you all can help me, I'm sure you can (it seems like a pretty simple
problem).
I am setting up a
Squid proxy server to run in transparent mode. To do this, I need to forward all
port 80 and 443 traffic to squids' port, 3128. Additionally, I would like all
other
1 - 100 of 169 matches
Mail list logo