Mark,
Don't know if you want to hear this but.
If you were using iptables instead of ipchains,
iptables -t nat -A PREROUTING -p tcp -i eth0 -s 0.0.0.0/0 \
--dport 25 -j DNAT --to $INTERNAL_EMAIL_SERVER
HTH
Pete
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info:
Hi Jon,
Yes I have checked, and they are definitely saved and ready to go.
Adam.
At 11:50 AM 15/06/2002 +1000, you wrote:
Eliminate the obvious ... have you checked what's in you
/etc/ipchains.rules ... I had a similar problem, assuming the chains would
be saved when the service stopped, but
Negative. It is logging to disk OK, as well as to the other machine, as well as
to console. I have plenty of disk space and inodes.
Quoting Jill Rowling [EMAIL PROTECTED]:
Disk full?
--
Jill Rowling, Snr Des. Eng. Unix System Administrator
Eng. Systems Dept, Aristocrat Technologies
No, suslogd is running OK because it is still logging to disk as well as to the
other machine, and now also to console.
Quoting dopey [EMAIL PROTECTED]:
On Fri, 14 Sep 2001, Howard Lowndes [EMAIL PROTECTED] wrote...
: ipchains on my gateway has suddenly taken to logging to the console.
:
Disk full?
--
Jill Rowling, Snr Des. Eng. Unix System Administrator
Eng. Systems Dept, Aristocrat Technologies Australia
3rd Floor, 77 Dunning Ave Rosebery NSW 2018
Phone: (02) 9697-4484 Fax: (02) 9663-1412 Email: [EMAIL PROTECTED]
-Original Message-
From: Howard Lowndes
On Fri, 14 Sep 2001, Howard Lowndes [EMAIL PROTECTED] wrote...
: ipchains on my gateway has suddenly taken to logging to the console.
:
: The syslog.conf file has the standard settings, but these are also mirrored to
: log to another machine as well.
:
: The standard logging is happening, as
quote who=Andy Haigh
We have an ipchains firewall that has multiple IP addresses set up on the
external NIC. We are going to change to a different ISP and will require to
change the external IP addresses. I just want to check that this is as
simple as just changing the IP addresses in linux
It may be that simple. It depends how ipchains is configured on your
machine.
I had an ipchains script that would get the external ip address and stor it
in $EXTIP when ever I ran the script so if I did happen to change my
external ip I wouldn't have to change the files assosiated with the
Runs fine with just
ipchains -P forward DENY
/sbin/ipchains -A forward -s 172.29.0.0/16 -d 0.0.0.0/0 -j MASQ
even for multiple machines, i wouldnt recommend just those rules
unless you have a tight ship.
if you want to server you should only need to port map and you
should be ok. You wont be
Peter McCarthy was once rumoured to have said:
Howdy all
I have a problem now that I have placed my Win box behind my IP Masq-ing Linx
box, that being I can no longer play Team Fortress Classic !!
Now I expect it is just a matter of enabling some ports for IP Masq to
support it ? Is this
[If you'd like to see my ruleset, email me off list and I'll forward it to you]
if it ain't too big, send it to the list...
if it is a bit large, send me a copy and i'll have a look...
later
marty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info:
On Sat, Mar 10, 2001 at 08:10:53AM +1100, Scott Ragen uttered:
I have a small problem with ipchains, i can create a simple rule, apply
it, but it does not save.
how do I achieve this? I have tried ipchains-save, after a reboot (which
my g/f does a lot because she compares it to windows).
If you have set up ipchains from the RH7.0 RPM you should be able to use the
command scripts in:
/etc/rc.d/init.d
So you can use:
/etc/rc.d/init.d/ipchains save
after you applied your manually entered chains. This will save the currently
active IPCHAINS and apply them on startup of your
Danny Yee was once rumoured to have said:
When I try to turn firewalling on, I'm having long DNS delays, and reports
like this in my logfile
Then something is wrong.
Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17
129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00
On Wed, Feb 21, 2001 at 05:49:31PM +1100, Danny Yee wrote:
When I try to turn firewalling on, I'm having long DNS delays, and reports
like this in my logfile
Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17
129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00 I=19120
Message-
From: George Vieira [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 22 November 2000 3:01 PM
To: 'Des Wass'
Subject: RE: [SLUG] IPChains and DNS
I think the path you should take is proxy auth.
configure squid to authenicate the surfers.
That way it is based on the user
: George Vieira [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 22 November 2000 3:01 PM
To: 'Des Wass'
Subject: RE: [SLUG] IPChains and DNS
[snip]
The client always makes the request to the DNS server even if
you visited
the web page and then closed the browser and browsed again in
5 minutes
PROTECTED]'
Subject: RE: [SLUG] IPChains and DNS
Really poor wording on my part - sorry.
I have host named machine.domain.com.au (winnt). It gets an IP at logon
through DHCP (e.g. 192.168.1.100) and then is entered into Win2k's DNS as an
A record.
I need to stop machine.domain.com.au from surfing
It will only deny that if the machine running ipchains is going to sit
between the internet and the machine.domain.com.au. If both machines see the
router(PC) which goes out to the internet then theres no stopping it unless
the linux box is in the way(firewall).
i think the question relates
: Wednesday, November 22, 2000 3:57 PM
To: George Vieira
Cc: 'Des Wass'; '[EMAIL PROTECTED]'
Subject: RE: [SLUG] IPChains and DNS
It will only deny that if the machine running ipchains is going to sit
between the internet and the machine.domain.com.au. If both machines see
the
router(PC) which goes
I would think it would store ip's, as performing a dns lookup everytime
a packet arrives is going to be a _minor_ performance hit! I also doubt
ipchains contains a caching nameserver, which would in someway alleviate
that problem.
-Colin
Marty wrote:
It will only deny that if the machine
I would think it would store ip's, as performing a dns lookup everytime
a packet arrives is going to be a _minor_ performance hit! I also doubt
ipchains contains a caching nameserver, which would in someway alleviate
that problem.
It would be IP addresses because domain names are a userland
I have the distinct feeling that accounting in IP Chains follows the same
rules as all other IP chains, which basically means, first match wins
so... if you have a rule that matches all hosts, it'll match, and no other
rules will get processed... which means your individual hosts don't get
Are you sure that the rule is actually being passed thru by the
packets. You might have a -j RETURN or -j ACCEPT earlier in the sequence
that if passing back out of the chain to the higher level and hence your
more detailed rule is not even being reached. Without looking at your
rule set it's
Hi Ian and Thanks for the reply.
Sorry, my fault.. I meant to say that the IP accounting box is part of a
4 port hub which has the Router and an uplink cable to the switch
connected to it as well. The packets ARE seen (just by running
tcpdump.. since I have the ethernet card set on Promisc
Not strictly true. It is the case if you have a -j clause, otherwise it
will continue down the chain.
--
Howard.
__
LANNet Computing Associates http://www.lannet.com.au
On Mon, 6 Nov 2000, Crossfire wrote:
I have the distinct feeling that
On Fri, Sep 22, 2000 at 10:39:58AM +1100, Bernhard L?der wrote:
I would also not use REJECT, but rather DENY. The difference is, that with
DENY the request packets from the source are dropped without response.
REJECT sends back an ICMP packet to the source saying "You're not allowed
here".
hard Lüder
ICQ 26070583
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
John Ferlito
Sent: Friday, September 22, 2000 11:06 AM
To: Bernhard L?der
Cc: 'George Vieira'; 'Sydney Linux Users Group in Sydney (E-mail)'
Subject: Re: [SLUG] IPCHAI
My problem is that I don't want to trust the users to configure their
browsers, so I want to do transparent proxying with any requests from the
private network to external port 80 at least, being redirected to the
squid proxy.
If your stuck, becasue i've been told getting squid to behave as
Wrote George Vieira on Tue, Aug 29, 2000 at 05:16:10PM +1000:
Any somebody point me in the right direction. I remember seeing it somewhere
and can't find how it was set up.
I have an internal network to access an internal machine with an external
address, I remember seeing it was required
On Tue, Aug 29, 2000 at 06:14:45PM +1100, Chuck Dale wrote:
ipmasqadm + portfw
There is rather a mess of different packages to do this but the above
worked for me. You need to get ipmasqadm from somewhere. Search on
Google.
As luck would have it, I was looking for info on these two today.
, 2000 5:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [SLUG] Ipchains internal forwarding module... what's it
called.. can't f ind it..
On Tue, Aug 29, 2000 at 06:14:45PM +1100, Chuck Dale wrote:
ipmasqadm + portfw
There is rather a mess of different packages to do this but the above
worked
On Tue, Aug 29, 2000 at 12:41:38PM +1100, [EMAIL PROTECTED] wrote:
What have I missed??
Most DNS traffic is udp, you only allow tcp through your firewall (you
need both).
The log message tells you what's been blocked:
Aug 29 12:10:22 eric kernel: Packet log: output DENY ppp0 PROTO=17
You need an input rule accepting udp packets from the nameservers on port 53.
ACCEPT udp -- oznet.ozemail.com.au anywhere domain
- any
ACCEPT udp -- oznet02.ozemail.com.au anywhere domain
- any
At 11:42 AM 8/29/00, [EMAIL PROTECTED] wrote:
hi
34 matches
Mail list logo