Error in Select and install programs
Hi I am trying to install Debian buster but when I choose a desktop environment and wait, an error occurs, so what could I do?
Re: IPtables localhost redirect
>From the netfilter mailing list: http://marc.info/?l=netfilter&m=127377479932181&w=2 http://marc.info/?l=netfilter&m=126950781622980&w=2 http://www.frozentux.net/iptables-tutorial/images/tables_traverse.jpg http://xkr47.outerspace.dyndns.org/netfilter/packet_flow/packet_flow10.png Nothing new, just some further details. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktilc4qwuxecxi_yywqeue20ytghonhxwtm051...@mail.gmail.com
Re: IPtables localhost redirect
On Sat, Jul 10, 2010 at 19:00, Mart Frauenlob wrote:
> This picture shows the netfilter traffic flow:
> http://jengelh.medozas.de/images/nf-packet-flow.png
>
> Source address selection is done before the OUTPUT path.
> Locally generated packets NEVER hit the PREROUTING chain in mangle or nat
> table.
> There is a routing decision after the mangle table OUTPUT chain.
> But you cannot do address translation there (like in nat OUTPUT).
> What you can do, is MARK packets in the mangle table, and refer to this mark
> with iproute2 (ip rule add fwmark 0x1 lookup table custom_table) - this is
> called "policy based routing".
>
>
> So from looking at the picture and from the theory I know, theoretically
> something like this could work:
>
> echo "101 custom_table" >> /etc/iproute2/rt_tables
>
> fill the table with appropriate routes:
> ip route add table custom_table ...
> ...
>
> mark in mangle table:
> iptables -t mangle -A OUTPUT -d 127.0.0.1 -p tcp --dport 5432 -j MARK
> --set-mark 0x1
>
> dnat in nat table:
> iptables -t nat -A OUTPUT -m mark --mark 0x1 -j DNAT --to-destination
> 192.168.1.113
>
> snat in nat table:
> iptables -t nat -A POSTROUTING -m mark --mark 0x1 -j SNAT --to-source
> 192.168.1.1?
>
> add iproute rule:
> ip rule add fwmark 0x1 lookup custom_table
>
>
> I've done all this for testing and I did not succeed.
> I also did:
> echo 0 >/proc/sys/net/ipv4/conf/all/rp_filter
> not sure if that interacts.
> I then put a trace rule:
> iptables -t raw -A OUTPUT -d 127.0.0.1 -p tcp --dport 5432 -j TRACE
>
> The resulting log always ended in the nat table's OUTPUT chain.
> I don't know why acutally, from the picture (which is from a developer) it
> should hit nat POSTROUTING.
> I'm telling you this, so you could eventually try and maybe you have more
> luck than me, or maybe the information is otherwise useful.
> However maybe it's not possible, I can't tell for sure.
> I would have done some ssh tunneling myself in the first place.
> But I know there are people at the netfilter mailing list, who do know for
> sure. It's in general the best place to ask netfilter related questions.
>
> Best regards
>
> Mart
Thanks Mart,
your experiment will not be lost.
At the moment I have not a lot of time to spend extending your work,
but it is a good starting point for further enhancement.
As you are suggesting, I'll integrate it with the infos coming from the
netfilter mailing list and #Netfilter irc channel.
At the moment, the good news is that, together with the ssh,
netcat, and socat animals, we have a new friend:
xinetd
service postgresql
{
socket_type = stream
wait= no
user= root
redirect= 192.168.1.113 5432
bind= 127.0.0.1
}
Thanks again for the time spent answering me.
Daniele
p.s.:
The xinetd tip comes from SuperJediWombat! of linuxquestions.org.
http://www.linuxquestions.org/questions/linux-networking-3/iptables-redirect-127-0-0-1-to-192-168-1-113-a-818817/
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/aanlktila28gqhmpb75bm18kci-h7ufng0er53lg9j...@mail.gmail.com
Re: IPtables localhost redirect
On Sat, Jul 10, 2010 at 13:06, Javier Barroso wrote:
> Hi, If you have ssh access to 192.168.1.113, you can try ssh port
> forwarding, with -L 5432:192.168.1.113:5432 option
>
> Regards,
Hi Javier,
thanks for the tip.
Your solution is one of the possible workarounds we came.
Another one (I'm using it) can be done with "socat":
socat TCP4-LISTEN:${local_port},fork,reuseaddr
TCP4:${remote_host}:${remote_port}
Credits to the guys of #Netfilter and #debian channels.
Thanks Javier.
References:
http://lists.debian.org/debian-italian/2010/07/msg00148.html
http://lists.debian.org/debian-italian/2010/07/msg00170.html
http://www.linuxquestions.org/questions/showthread.php?p=4027927
freenode.#Netfilter
#debian
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/aanlktinskr6fw_md8o3v8meaqtbty-_ffkwlp43rd...@mail.gmail.com
Re: IPtables localhost redirect
On Fri, Jul 9, 2010 at 19:09, Toan Pham wrote: > Here's the trick, > > # Trick the kernel to route localhost ip (127.0.0.1) in prerouting > rule, and continue routing out through the valid network interface > (not the loopback interface). > ifconfig eth0:0 127.0.0.1 > > # Setup NAT Table to redirect traffic > iptables -t nat -A PREROUTING -p tcp --dport 5432 -j DNAT --to > 192.168.1.113:5432 > > > I haven't tried it yet, let me know if it works. Thanks, but it doesn't work. Someone said me on a forum: """ You cannot redirect loopback traffic with iptables. """ I'm investigating this statement. reference: http://www.linuxquestions.org/questions/showthread.php?p=4027927 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikt33y5uoxl_vymxzpodkle1in_iwdodosal...@mail.gmail.com
Re: IPtables localhost redirect
On Fri, Jul 9, 2010 at 08:34, Boyd Stephen Smith Jr. wrote: > What have you tried? It seems like you'd need to change this in a PREROUTING > chain, probably in the mangle table. > > Also, depending on the application it my be using the "unix socket" instead of > TCP/IP to connect to PostgreSQL. In that case, iptables would not be > involved. I have tried any configuration of PREROUTING, POSTROUTING, OUTPUT over nat table. I have not tried the mangle table, but I know it is used to change the packet headers, and I think that is not our case. I have done many attempt with other protocols and tools (netcat is one of this), and the problem is note the unix socket because in every case I forced the use of the 127.0.0.1 host (especially with the the postgres client). The problem seams to reside in how netfilter process packets on the lo device and the localhost ip family. This is a related post in italian: http://lists.debian.org/debian-italian/2010/07/msg00148.html And this is the workaround we came: http://lists.debian.org/debian-italian/2010/07/msg00170.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimo4i13ethivknxdlj9ihggg3eyirnoioijs...@mail.gmail.com
IPtables localhost redirect
Hello guys, on my Debian 5 I'm trying to redirect the TCP traffic generated by my machine towards 127.0.0.1:5432 (PostgreSQL) to the new destination 192.168.1.113:5432. I have tried with iptables many rules, but no one seams good for the task. Any idea? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktilputvpvdqizjuoukcpcxcirfxny4oyak7on...@mail.gmail.com
Re: minimal installation questions
Thank you for the suggestions, I will give it a try again this evening. I may still need some help fighting the dependancy issues. When I tired to remove some of the base packages (exim, etc) I ran into the same sort of problems that Michael did when trying to remove gcc-3.3-base. My goal is to get just enough installed to run Mozilla (without AA fonts, actually, not enough horsepower for that) and blackbox. I'm hoping that I can get it to fit into 128 MB. 64 would be a fun challenge, though. Later on I will try to battle a minimal perl install so I can run some of my favorite scripts and Perl/Tk apps. I have a felling it will be probably a still bigger challenge! :) Thanks! _ Express yourself instantly with MSN Messenger! Download today - it's FREE! hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
minimal installation questions
Hi, I'm new to Debian, I'm coming from the bloated world of RedHat. Basiclly, I'm interested in using debian to run a very basic web surfing machine. I would like to use a fanless VIA EPIA motherboard and keep a very minimal install of Debian on a CompactFlash card interfaced via an IDE-to-CF adapter. I would like to know if it's even possible to make a very minimal Debian + XFree86 + Mozilla install. If it is, then how do I go about removing certain unneeded packages that are installed by default? Right now my test machine is running a base install of Sarge (I quit out of the package chooser after the installer installed just the basics) plus enough packages to make XFree86 and Mozilla work (I am using the generic VESA driver for 1024x768, it seems to be fast enough). Even doing just this seems to take up about 235 MB according to df -h. I'm guessing there's far more installed than I really need. Thanks in advance for any help with this matter. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
