Re: Duda en iptables

> El 07/02/17 a las 19:24, l...@ida.cu escribió: >> Buenas tardes a todos. >> >> Es 1ra vez que uso iptables. >> >> Tengo varias PC con estas IP y necesito darles acceso full hacia >> internet >> >> # A estas ip le permitimos todo >>

Re: Duda en iptables

El 07/02/17 a las 19:24, l...@ida.cu escribió: Buenas tardes a todos. Es 1ra vez que uso iptables. Tengo varias PC con estas IP y necesito darles acceso full hacia internet # A estas ip le permitimos todo iptables -A INPUT -s 192.168.101.12 -j ACCEPT iptables -A INPUT -s 192.168.101.13 -j

Duda en iptables

Buenas tardes a todos. Es 1ra vez que uso iptables. Tengo varias PC con estas IP y necesito darles acceso full hacia internet # A estas ip le permitimos todo iptables -A INPUT -s 192.168.101.12 -j ACCEPT iptables -A INPUT -s 192.168.101.13 -j ACCEPT iptables -A INPUT -s 192.168.101.14 -j

Re: PROGRESS [Re: New to iptables]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jan 05, 2017 at 01:25:10PM -0600, Richard Owlett wrote: > On 1/4/2017 10:54 AM, Richard Owlett wrote: > [snipping my original ;] > One doesn't understand things without understood background. > This thread triggered some understanding of

PROGRESS [Re: New to iptables]

On 1/4/2017 10:54 AM, Richard Owlett wrote: [snipping my original ;] One doesn't understand things without understood background. This thread triggered some understanding of things I'd been told in past. I'm using http://www.netfilter.org/documentation/ as a reading guide. A shorewall or

Re: New to iptables

Le 04/01/2017 à 21:30, Joe a écrit : iptables operates at the level of IP addresses and protocols (and ports, in the case of tcp and udp, other protocols don't use them). Where it appears to work with URLs, as you have discovered, it resolves the URL Not URLs. Hostnames.

Re: New to iptables

On Wed, 4 Jan 2017 10:54:53 -0600 Richard Owlett <rowl...@cloud85.net> wrote: > I'm searching for an introduction to iptables that leads me to > answers to the questions *I* have. I've got a flock of links I'm > working thru. How are we going to know what resource answers the

Re: New to iptables

requests get through and blocks all incoming probes. Shorewall can easily do this for you so you won't have to mess with the workings of iptables. Your open install should also use privoxy with a more open setup that will help you stay away from malware and add sites. Shorewall firewall can be set

Re: New to iptables

a DNS name in a rule, but they don't mention that it will be resolved precisely once, at the time that the rule is entered, and will be replaced by the single IP address that comes back. Good point. What happens if you use a DNS name that doesn't resolve? Iptables fails to create the rule. What happens i

Re: New to iptables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jan 04, 2017 at 10:54:53AM -0600, Richard Owlett wrote: > I'm searching for an introduction to iptables that leads me to > answers to the questions *I* have. I've got a flock of links I'm > working thru. Take your time... > In th

Re: New to iptables

On Wed, Jan 04, 2017 at 10:54:53AM -0600, Richard Owlett wrote: > I'm searching for an introduction to iptables that leads me to answers to > the questions *I* have. I've got a flock of links I'm working thru. > > > In the meantime I have a few questions. > > One of the l

New to iptables

I'm searching for an introduction to iptables that leads me to answers to the questions *I* have. I've got a flock of links I'm working thru. In the meantime I have a few questions. One of the links led to _Securing Debian Manual_ and in particular "Appendix F - Security update prot

Re: iptables question

Le 14/11/2016 à 00:48, deloptes a écrit : Pascal Hambourg wrote: Well then, all I can suggest is to run a packet capture and try to see what's going on. I guess you mean on the firewall? Yes.

Re: iptables question

Henning Follmann wrote: > Last time I chime in here. > I understand growth and chaos, believe me. However sometimes we need a > nudge or a kick in the but to clean up. Maybe this is your call.. It is kicking me and calling me since some time but I can not do this before next summer. I have to

Re: iptables question

t is historically that way. Some years ago the firewall > was connected to the public network directly. The new provider gave me the > modem and it uses automatically 10.0.0.0, which I can not influence. I just > did the DMZ - this was the time I tried to rewrite the firewall rules, but >

Re: iptables question

deloptes wrote: > Igor Cicimov wrote: > >> Run tcpdump and check whats happening > > That is strange - I will look into this direction - let me know if you > have any ideas > > regards > > > tcpdump -vvv dst 10.0.0.7 > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size >

Re: iptables question

Igor Cicimov wrote: > Run tcpdump and check whats happening That is strange - I will look into this direction - let me know if you have any ideas regards tcpdump -vvv dst 10.0.0.7 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 08:07:11.591763 ARP, Ethernet

Re: iptables question

On 13 Nov 2016 11:20 am, "deloptes" <delop...@gmail.com> wrote: > > Joe wrote: > > > On Sat, 12 Nov 2016 22:15:45 +0100 > > deloptes <delop...@gmail.com> wrote: > > > >> Hi, > >> I need some help and I'll apprec

Re: iptables question

TCP or UDP connection) by many NAT systems is broken. > > >> it still doesn't need any additional NAT rules in iptables, the single >> SNAT rule handles it, as well as tcp, udp etc. Other rules are needed >> for correct *operation*, but not for NAT. > > > Proper

Re: iptables question

Pascal Hambourg wrote: > Well then, all I can suggest is to run a packet capture and try to see > what's going on. I guess you mean on the firewall? I am not even sure I can install tcpdump there, but I will try and ask again for help here for sure thanks

Re: iptables question

ider gave me the modem and it uses automatically 10.0.0.0, which I can not influence. I just did the DMZ - this was the time I tried to rewrite the firewall rules, but I found out I need to read again a lot about iptables and more important it would mean I would need to experiment and jeopardize

Re: iptables question

> On Nov 13, 2016, at 5:19 PM, Pascal Hambourg wrote: > >> Le 13/11/2016 à 22:27, Henning a écrit : >> I followed this thread and i wonder if there is a sane reason why you do nat >> inside your network. Why don't you just route between different subnets i.e. >>

Re: iptables question

Le 13/11/2016 à 21:43, deloptes a écrit : Pascal Hambourg wrote: replace 10.0.0.1/32 with 10.0.0.0/24 it does not work You should double check that. I checked replaced 10.0.0.1/32 with 10.0.0.0/24. Just insert this rule and check whether it changes anything : iptables -I FORWARD -j

Re: iptables question

Le 13/11/2016 à 22:27, Henning a écrit : I followed this thread and i wonder if there is a sane reason why you do nat inside your network. Why don't you just route between different subnets i.e. 10.0.1.0/24 and 10.0.2.0/24 Probably because the modem and hosts in 10.0.0.0/24 don't know about

Re: iptables question

I followed this thread and i wonder if there is a sane reason why you do nat inside your network. Why don't you just route between different subnets i.e. 10.0.1.0/24 and 10.0.2.0/24 you still can have a firewall between those subnets -H

Re: iptables question

the same, I'll put it on the TODO. I even tried once >> with fw builder - it couldn't even import properly, because import and >> export produced not working firewall. > > Just insert this rule and check whether it changes anything : > > iptables -I FORWARD -j ACCEPT > &g

Re: iptables question

the same, I'll put it on the TODO. I even tried once with fw builder - it couldn't even import properly, because import and export produced not working firewall. Just insert this rule and check whether it changes anything : iptables -I FORWARD -j ACCEPT If SSH works then the ruleset is faulty

Re: iptables question

Pascal Hambourg wrote: > Le 13/11/2016 à 16:05, deloptes a écrit : >> >> These are the rules - a friend created this like 10y ago. I added few >> rules to forward ports from outside to the intranet and to be able to >> handle VPN. >> You can ignore 192.168.60.1 on eth2 - not used. > > IMO, this

Re: iptables question

Le 13/11/2016 à 16:05, deloptes a écrit : These are the rules - a friend created this like 10y ago. I added few rules to forward ports from outside to the intranet and to be able to handle VPN. You can ignore 192.168.60.1 on eth2 - not used. IMO, this ruleset is totally insane. However,

Re: iptables question

nts as well. thank you in advance regards # Generated by iptables-save v1.4.14 on Sun Nov 13 15:57:01 2016 *nat :PREROUTING ACCEPT [26000:2533530] :POSTROUTING ACCEPT [87:4966] :OUTPUT ACCEPT [28:2038] -A PREROUTING -s 127.0.0.0/8 -j ACCEPT -A PREROUTING -d 10.0.0.1/32 -i eth0 -p tcp -m tcp --dport 80

Re: iptables question

icky, I am not surprised at all that the handling of "non standard" protocols (read : other than a single TCP or UDP connection) by many NAT systems is broken. it still doesn't need any additional NAT rules in iptables, the single SNAT rule handles it, as well as tcp, udp etc. Ot

Re: iptables question

> > > > I used to have a fair bit to do with PPTP through three or four > > NATs, > > PPTP rather falls into the "complex protocols" described below. Exactly so. You wouldn't believe how many routers of ten years ago or so didn't handle it properly, at least with their ini

Re: iptables question

On 11/12/2016 06:19 PM, deloptes wrote: Joe wrote: On Sat, 12 Nov 2016 22:15:45 +0100 deloptes <delop...@gmail.com> wrote: Hi, I need some help and I'll appreciate it. I have a firewall with iptables behind the modem. on this firewall I have eth0 with ip 10..1 to the modem

Re: iptables question

Le 13/11/2016 à 11:09, Joe a écrit : Pascal Hambourg wrote: Le 12/11/2016 à 23:32, Joe a écrit : The SNAT should not be an issue, it can handle all protocols transparently No it cannot. NAT is not possible with some IP protocols. Plain IPSec (without NAT-T

Re: iptables question

On Sun, 13 Nov 2016 10:35:29 +0100 Pascal Hambourg wrote: > Le 12/11/2016 à 23:32, Joe a écrit : > > > > The SNAT should not be an issue, it can handle all protocols > > transparently > > No it cannot. NAT is not possible with some IP protocols. Plain IPSec > (without

Re: iptables question

Le 13/11/2016 à 01:19, deloptes a écrit : Yes, it is not working How is it not working ? What do you do and what happens ? From one computer ip 10..6 I can ssh to 10..7 and vv. That does not concern the firewall between the modem and the LAN. I also see that iptables forwards

Re: iptables question

Le 12/11/2016 à 23:32, Joe a écrit : The SNAT should not be an issue, it can handle all protocols transparently No it cannot. NAT is not possible with some IP protocols. Plain IPSec (without NAT-T encapsulation) is the first one that comes in mind. Also many complex protocols such as FTP

Re: iptables question

Joe wrote: > On Sat, 12 Nov 2016 22:15:45 +0100 > deloptes <delop...@gmail.com> wrote: > >> Hi, >> I need some help and I'll appreciate it. >> >> I have a firewall with iptables behind the modem. >> on this firewall I have >> eth0 wi

Re: iptables question

On Sat, 12 Nov 2016 22:15:45 +0100 deloptes <delop...@gmail.com> wrote: > Hi, > I need some help and I'll appreciate it. > > I have a firewall with iptables behind the modem. > on this firewall I have > eth0 with ip 10..1 to the modem ip: 10..12 >

iptables question

Hi, I need some help and I'll appreciate it. I have a firewall with iptables behind the modem. on this firewall I have eth0 with ip 10..1 to the modem ip: 10..12 eth1 with ip 192..1 to the intranet iptables is doing SNAT from 192..1 to 10..1 I wonder how I can ssh from 192..NN

Re: Dúvida para limpar algumas regras de iptables

_ >>> Participe do Grupo Aprendendo Linux >>> https://groups.google.com/forum/#!forum/portal-aprendendo-linux >>> >>> Ou envie um e-mail para: >>> portal-aprendendo-linux+subscr...@google

Re: Dúvida para limpar algumas regras de iptables

> > Participe do Grupo Aprendendo Linux > > https://groups.google.com/forum/#!forum/portal-aprendendo-linux > > > > Ou envie um e-mail para: > > portal-aprendendo-linux+subscr...@googlegroups.com > > > > > > > > Em 03/11/2016 08:58, Gabriel

Re: Dúvida para limpar algumas regras de iptables

-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number Atenciosamente, *Gabriel Ricardo* Fone: +55 41 88817828 Skype: gabriel.nerdworkti Em 1 de novembro de 2016 14:43, Linux - Junior Polegato <li...@juniorpolegato.com.br <mailto:li...@juniorpolegato.com.br>> escreveu: E

Re: Dúvida para limpar algumas regras de iptables

riel Ricardo escreveu: >> Bom dia! >> >> Você pode listar as regras por numero de linha, segue um guia: >> >> https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number >> >> >> >

Re: Dúvida para limpar algumas regras de iptables

Em 03/11/2016 08:58, Gabriel Ricardo escreveu: Bom dia! Você pode listar as regras por numero de linha, segue um guia: https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number Atenciosamente, *Gabriel Ricardo* Fone: +55

Re: Dúvida para limpar algumas regras de iptables

Bom dia! Você pode listar as regras por numero de linha, segue um guia: https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number Atenciosamente, *Gabriel Ricardo* Fone: +55 41 88817828 Skype: gabriel.nerdworkti Em 1 de

Re: Dúvida para limpar algumas regras de iptables

, TIPO, assim: iptables -t mangle -A PREROUTING -s 192.168.0.3 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -s 192.168.0.4 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -s 192.168.0.6 -j MARK --set-mark 1 iptables

Re: Dúvida para limpar algumas regras de iptables

> regras de marcação de pacotes, TIPO, assim: > > iptables -t mangle -A PREROUTING -s 192.168.0.3 -j MARK --set-mark 1 > iptables -t mangle -A PREROUTING -s 192.168.0.4 -j MARK --set-mark 1 > iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 1 > iptables -t mangle

Re: Dúvida para limpar algumas regras de iptables

> regras de marcação de pacotes, TIPO, assim: > > iptables -t mangle -A PREROUTING -s 192.168.0.3 -j MARK --set-mark 1 > iptables -t mangle -A PREROUTING -s 192.168.0.4 -j MARK --set-mark 1 > iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 1 > iptables -t mangle

Re: Dúvida para limpar algumas regras de iptables

E porque não pensar de forma diferente Porque não trocar no script failover para as marcações 2 irem por outra tabela de roteamento? Creio que com -D resolva... iptables -t mangle -D PREROUTING -s 192.168.0.7 -j MARK --set-mark 2 *--* Att Marcos Carraro <http://br.linkedin.com/in/mcarr

Dúvida para limpar algumas regras de iptables

Prezados Colegas, Primeiramente saudações pinguianas para todos. Estou com uma dificuldade em relação a remoção de algumas regras via script. No meu cenário, eu tenho três links e algumas (na verdade muitas) regras de marcação de pacotes, TIPO, assim: iptables -t mangle -A PREROUTING -s

Re: iptables advice

Le 27/10/2016 à 13:36, Pol Hallen a écrit : I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules: Please be more precise. Iptables rules are created on nodes (hosts and routers), not networks. iptables -A FORWARD -s 192.168.1/24 -d 0/0 -j ACCEPT iptables -A FORWARD -m state --state

Re: duda iptables

El 10/28/2016 04:18 PM, Romero, Fernando escribió: Hola como están, consulto por una reglas de iptables Tengo una regla en la cual denego las conexiones entrantes a todas las ip's menos 2 ip's especificas iptables -P INPUT -j REJECT iptables -P FORWARD -j REJECT iptables -A INPUT -s x.x.x.x

duda iptables

Hola como están, consulto por una reglas de iptables Tengo una regla en la cual denego las conexiones entrantes a todas las ip's menos 2 ip's especificas iptables -P INPUT -j REJECT iptables -P FORWARD -j REJECT iptables -A INPUT -s x.x.x.x -j ACCEPT iptables -A INPUT -s x.x.x.x -j ACCEPT Las

Re: iptables advice

On Thu, Oct 27, 2016 at 01:36:23PM +0200, Pol Hallen wrote: > Hello all :-) > > I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules: > > iptables -A FORWARD -s 192.168.1/24 -d 0/0 -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d 192.16

Re: Duda sobre iptables

gt;> Hablas de un fichero: /etc/init.d/firewall >> He buscado con apt-file search a ver que paquete instala ese fichero y >> no lo encuentro. >> >> Salvo que se cree dinámicamente, que no creo, no se de donde sale. >> A ver si puedes aclararme esta duda. >> >

Re: Duda sobre iptables

El 2016-10-27 07:48, fernando sainz escribió: 2016-10-26 18:34 GMT+02:00 Frank A Sanches Calzada : systemctl status firewall.service este es el resultado pero la linia 223 esta en blanco no tiene contenido ● firewall.service - LSB: Firewall configuration

Re: Duda sobre iptables

as han cambiado respecto a las versiones anteriores, mi recomendación para el firewall y mas si tienes un script personalizado de iptables es que pongas las reglas y que ejecute desde rc.local, al final de todo cuando inicia el sistema, asi ya no habrá problemas, yo lo hago siempre asi para

Re: Duda sobre iptables

ls. > > > > Saludos > > > > Las cosas han cambiado respecto a las versiones anteriores, mi > recomendación para el firewall y mas si tienes un script personalizado > de iptables es que pongas las reglas y que ejecute desde rc.local, al > final de todo cuando inicia

Re: iptables advice

iptables -A FORWARD -s 192.168.2/24 -d 192.168.1/24 -m conntrack \ --ctstate NEW -m comment --comment 'lan2 cannot see lan1' -j DROP [...] cheers! :-p Pol

Re: Duda sobre iptables

reó un archivo en /etc/init.d a la medida para la configuración de iptables. Eso era perfectamente normal en la época de init, pero desde que systemd entró en escena, las cosas se complicaron. Por esos, se recomienda que el script de configuración de iptables se cargue sobre rc.local, que com

Re: Duda sobre iptables

2016-10-26 18:34 GMT+02:00 Frank A Sanches Calzada : > systemctl status firewall.service > este es el resultado pero la linia 223 esta en blanco no tiene contenido > > ● firewall.service - LSB: Firewall configuration >Loaded: loaded (/etc/init.d/firewall) >

Re: Duda sobre iptables

Jabber: fr...@jabber.asertec.azcuba.cu Telf: (024)426446 Buen día. Hace unos días tuve algunos problemas con iptables. Siempre, y aún hoy, prefiero las cosas a la antigua, y uso /etc/rc.local para definir las reglas. Pero como las cosas cambian, echale una mirada a esto: https

Re: Duda sobre iptables

a el firewall y mas si tienes un script personalizado de iptables es que pongas las reglas y que ejecute desde rc.local, al final de todo cuando inicia el sistema, asi ya no habrá problemas, yo lo hago siempre asi para reglas iptables, en /etc/rc.local ahi llama a tu script. > > -- > Frank

Re: iptables advice

Hi. In-Reply-To: <ddc9a058-84e5-d442-9be3-cb9aa638e...@fuckaround.org> On Thu, Oct 27, 2016 at 01:36:23PM +0200, Pol Hallen wrote: > Hello all :-) > > I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules: > > iptables -A FORWARD -s 192.168.1/24 -d 0/0

iptables advice

Hello all :-) I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules: iptables -A FORWARD -s 192.168.1/24 -d 0/0 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d 192.168.1/24 -j ACCEPT and same rules for 192.168.2/24: this allow each lan see other lan. Can I deny

Re: Duda sobre iptables

Claramente te falta leer con atención: "Warning: Unit file of firewall.service changed on disk,* 'systemctl daemon-reload' recommended*. Job for firewall.service failed. See 'systemctl status firewall.service' and 'journalctl -xn' for details.." 2016-10-26 13:34 GMT-03:00 Frank A Sanches Calzada

Duda sobre iptables

systemctl status firewall.service este es el resultado pero la linia 223 esta en blanco no tiene contenido ● firewall.service - LSB: Firewall configuration Loaded: loaded (/etc/init.d/firewall) Active: failed (Result: exit-code) since mié 2016-10-26 08:36:52 CDT; 16s ago Process: 1701

Re: Duda sobre iptables

Y que sucedió luego que hiciste lo que te recomienda ese mensaje? 2016-10-26 12:46 GMT-03:00 Frank A Sanches Calzada < frank...@asertec.azcuba.cu>: > Hola lista recientemente upgradie mis serviodores a debian 8 pero tengo un > problema, el scrip de iptable que tengo me dejo de funcionar me pone

Duda sobre iptables

Hola lista recientemente upgradie mis serviodores a debian 8 pero tengo un problema, el scrip de iptable que tengo me dejo de funcionar me pone lo siguiente: Warning: Unit file of firewall.service changed on disk, 'systemctl daemon-reload' recommended. Job for firewall.service failed. See

Re: systemd e iptables [SOLUCIONADO]

El 21/10/16 a las 12:30, JAP escribió: El 21/10/16 a las 12:05, Jose Julian Buda escribió: iptables -t nat -L Quizas muestre algo. Saludos Julian Muestra mucho :( # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT

Re: systemd e iptables

El 21/10/16 a las 12:16, JAP escribió: > El 21/10/16 a las 11:32, fernando sainz escribió: >> Mira esto también: >> >> http://unix.stackexchange.com/questions/209393/debian-8-update-iptables-on-boot >> > > No, el problema no es ese. > rc.local funciona bien

Re: systemd e iptables

El 21/10/16 a las 12:05, Jose Julian Buda escribió: iptables -t nat -L Quizas muestre algo. Saludos Julian Muestra mucho :( # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source

Re: systemd e iptables

El 21/10/16 a las 12:05, Jose Julian Buda escribió: iptables -t nat -L Quizas muestre algo. Saludos Julian Muestra mucho :( # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source

Re: systemd e iptables

El día 21 de octubre de 2016, 10:33, JAP <javier.debian.bb...@gmail.com> escribió: > Buenos días. > > systemd y la madre que lo programó. > > Sigo sufriendo problemas en mi migración de equipo. > Ahora no sé por qué diablos a iptables se le da por no arrancar. >

Re: systemd e iptables

On Fri, Oct 21, 2016 at 11:42:53AM -0300, JAP wrote: > [...] > El script era una línea en /etc/rc.local. > > Pero sacando eso, el teme es que iptables NO ESTÁ CORRIENDO. > > Si cargo la regla a mano, y luego listo las reglas activas, me aparece que > iptables está vacío,

Re: systemd e iptables

El 21/10/16 a las 11:32, fernando sainz escribió: Mira esto también: http://unix.stackexchange.com/questions/209393/debian-8-update-iptables-on-boot No, el problema no es ese. rc.local funciona bien, se ejecuta la inicio sin problemas. El tema es que iptables no toma las reglas ni aunque se

Re: systemd e iptables

On 21/10/16 11:42, JAP wrote: El 21/10/16 a las 11:18, del tonos escribió: Asi es como te dice Fernando: Tenias un script ademas llamado iptables al cual llamabas desde el sysinit? Quizás tengas que convertirlo entonces: https://fedoramagazine.org/systemd-converting-sysvinit-scripts/ <-

Re: systemd e iptables

El 21/10/16 a las 11:18, del tonos escribió: Asi es como te dice Fernando: Tenias un script ademas llamado iptables al cual llamabas desde el sysinit? Quizás tengas que convertirlo entonces: https://fedoramagazine.org/systemd-converting-sysvinit-scripts/ <--Va, no se enojen :), solo

Re: systemd e iptables

go sufriendo problemas en mi migración de equipo. >> Ahora no sé por qué diablos a iptables se le da por no arrancar. >> No hay forma de iniciar el contrafuegos. >> No encuentro ninguna solución en la red, razón por la que si alguien tiene >> una idea, es bienvenida. >> >

Re: systemd e iptables

El 21/10/16 a las 10:58, fernando sainz escribió: El día 21 de octubre de 2016, 15:33, JAP <javier.debian.bb...@gmail.com> escribió: Buenos días. systemd y la madre que lo programó. Sigo sufriendo problemas en mi migración de equipo. Ahora no sé por qué diablos a iptables se le

Re: systemd e iptables

Asi es como te dice Fernando: Tenias un script ademas llamado iptables al cual llamabas desde el sysinit? Quizás tengas que convertirlo entonces: https://fedoramagazine.org/systemd-converting-sysvinit-scripts/ <--Va, no se enojen :), solo es ejemplo! http://0pointer.de/blog/projects/syst

Re: systemd e iptables

El día 21 de octubre de 2016, 15:33, JAP <javier.debian.bb...@gmail.com> escribió: > Buenos días. > > systemd y la madre que lo programó. > > Sigo sufriendo problemas en mi migración de equipo. > Ahora no sé por qué diablos a iptables se le da por no arrancar. >

systemd e iptables

Buenos días. systemd y la madre que lo programó. Sigo sufriendo problemas en mi migración de equipo. Ahora no sé por qué diablos a iptables se le da por no arrancar. No hay forma de iniciar el contrafuegos. No encuentro ninguna solución en la red, razón por la que si alguien tiene una idea, es

Re: Consulta iptables

On Thu, Oct 20, 2016 at 08:04:36PM +, Romero, Fernando wrote: > > En el cliente no me carga el modulo pero tampoco me da error > > [root@localhost ~]# lsmod | grep nfs > [root@localhost ~]# modprobe nfs > [root@localhost ~]# Hmmm... ¿Tienes instalado el paquete nfs-common en el cliente? Si

RE: Consulta iptables

-Mensaje original- De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com] Enviado el: jueves, 20 de octubre de 2016 4:45 p. m. Para: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables On Thu, Oct 20, 2016 at 07:38:10PM +, Romero, Fernando wrote: > > El modulo Tie

Re: Consulta iptables

On Thu, Oct 20, 2016 at 07:38:10PM +, Romero, Fernando wrote: > > El modulo Tiene que estar cargado solo en el servidor no? > No del lado del cliente El módulo nfs tiene que estar cargado en el cliente. En el servidor, seguramente verás los módulos nfs y nfsd. Saludos. -- Pablo Jiménez

RE: Consulta iptables

-Mensaje original- De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com] Enviado el: jueves, 20 de octubre de 2016 4:34 p. m. Para: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables On Thu, Oct 20, 2016 at 07:15:02PM +, Romero, Fernando wrote: > > Lo del modulo

Re: Consulta iptables

On Thu, Oct 20, 2016 at 07:15:02PM +, Romero, Fernando wrote: > > Lo del modulo de nfs ya lo había visto y esta cargado > No entiendo a que te réferis con "bastionado" Me refiero a aplicar las medidas de seguridad que estimes convenientes (cortafuegos y otras) para proteger tu servidor.

RE: Consulta iptables

-Mensaje original- De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com] Enviado el: jueves, 20 de octubre de 2016 4:10 p. m. Para: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables On Thu, Oct 20, 2016 at 06:53:30PM +, Romero, Fernando wrote: > > Segui los pas

Re: Consulta iptables

On Thu, Oct 20, 2016 at 06:53:30PM +, Romero, Fernando wrote: > > Segui los pasos que me decis y ya me devuelve el showmount en el > cliente los directorios compartidos en el servidor nfs pero sigue > dando error para mapearlo > > Saque lo de tcpwrappers y deje solo ip

RE: Consulta iptables

-Mensaje original- De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com] Enviado el: jueves, 20 de octubre de 2016 3:27 p. m. Para: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables On Thu, Oct 20, 2016 at 05:47:01PM +, Romero, Fernando wrote: > > En el clie

RE: Consulta iptables

: Consulta iptables On Thu, Oct 20, 2016 at 05:47:01PM +, Romero, Fernando wrote: > > En el cliente el showmount -e me da este error > > rpc mount export: RPC: Authentication error; why = Failed (unspecified > error) > > Y en el /etc/exports tengo esto > > /backup

Re: Consulta iptables

quash) > > Y el comando exportfs me da: > > /backup x.x.x.x > > Saludos Ok. Asumo, entonces, sigues con IPTables activo. Si ese es el caso: 1. No tiene sentido que uses tcpwrappers si ya tienes IPTables. Mejor dejas /etc/hosts.allow y /etc/hosts.deny tal como estab

RE: Consulta iptables

-Mensaje original- De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com] Enviado el: jueves, 20 de octubre de 2016 2:34 p. m. Para: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables On Thu, Oct 20, 2016 at 05:09:35PM +, Romero, Fernando wrote: > Estuve mirando lo que

Re: Consulta iptables

On Thu, Oct 20, 2016 at 05:09:35PM +, Romero, Fernando wrote: > Estuve mirando lo que me decis y estoy tratando de habilitar el nfs solo para > una ip. > Configure el /etc/hosts.deny > > portmap: ALL > lockd: ALL > mountd: ALL > rquotad: ALL > statd: ALL > > Y el /etc/hosts.deny > >

RE: Consulta iptables

de 2016 12:29 p. m. Para: Romero, Fernando <fernando.rom...@lineamitre.gob.ar> CC: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables Perdon, se me fue al privado Esta estrategia para NFS es incorrecta, NFS depende del portmap para establecer conexiones y el filtrado

RE: Consulta iptables

-Mensaje original- De: Aaron D. [mailto:aarond...@gmx.com] Enviado el: jueves, 20 de octubre de 2016 11:59 a. m. Para: debian-user-spanish@lists.debian.org Asunto: Re: Consulta iptables On Thu, 20 Oct 2016 13:45:12 + "Romero, Fernando" <fernando.rom...@lineamitre.

Re: Consulta iptables

rom...@lineamitre.gob.ar> escribió: > Hola como están, tengo un tema con iptables. > Necesito que una ip especifica este habilitada para conectarse a un nfs, > estoy tratando de filtrar por iptables. > La regla que cree es la siguiente: > > iptables -A INPUT -s x.x.x.x -m state --state

Re: Consulta iptables

bian-user-spanish@lists.debian.org > Asunto: Re: Consulta iptables > > El 20/10/16 a las 10:31, Javier Marcon escribió: > > El 20/10/16 a las 10:24, Romero, Fernando escribió: > >> Hola como están, tengo un tema con iptables. > >> Necesito que una ip especifica este habil

<    1   2   3   4   5   6   7   8   9   10   >