> El 07/02/17 a las 19:24, l...@ida.cu escribió:
>> Buenas tardes a todos.
>>
>> Es 1ra vez que uso iptables.
>>
>> Tengo varias PC con estas IP y necesito darles acceso full hacia
>> internet
>>
>> # A estas ip le permitimos todo
>>
El 07/02/17 a las 19:24, l...@ida.cu escribió:
Buenas tardes a todos.
Es 1ra vez que uso iptables.
Tengo varias PC con estas IP y necesito darles acceso full hacia internet
# A estas ip le permitimos todo
iptables -A INPUT -s 192.168.101.12 -j ACCEPT
iptables -A INPUT -s 192.168.101.13 -j
Buenas tardes a todos.
Es 1ra vez que uso iptables.
Tengo varias PC con estas IP y necesito darles acceso full hacia internet
# A estas ip le permitimos todo
iptables -A INPUT -s 192.168.101.12 -j ACCEPT
iptables -A INPUT -s 192.168.101.13 -j ACCEPT
iptables -A INPUT -s 192.168.101.14 -j
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Jan 05, 2017 at 01:25:10PM -0600, Richard Owlett wrote:
> On 1/4/2017 10:54 AM, Richard Owlett wrote:
> [snipping my original ;]
> One doesn't understand things without understood background.
> This thread triggered some understanding of
On 1/4/2017 10:54 AM, Richard Owlett wrote:
[snipping my original ;]
One doesn't understand things without understood background.
This thread triggered some understanding of things I'd been told
in past.
I'm using http://www.netfilter.org/documentation/ as a reading guide.
A shorewall or
Le 04/01/2017 à 21:30, Joe a écrit :
iptables operates at the level of IP addresses and protocols (and ports,
in the case of tcp and udp, other protocols don't use them). Where it
appears to work with URLs, as you have discovered, it resolves the URL
Not URLs. Hostnames.
On Wed, 4 Jan 2017 10:54:53 -0600
Richard Owlett <rowl...@cloud85.net> wrote:
> I'm searching for an introduction to iptables that leads me to
> answers to the questions *I* have. I've got a flock of links I'm
> working thru.
How are we going to know what resource answers the
requests get
through and blocks all incoming probes. Shorewall can easily do this for you so
you won't have to mess with the workings of iptables.
Your open install should also use privoxy with a more open setup that will help
you stay away from malware and add sites. Shorewall firewall can be set
a DNS name in a rule, but they
don't mention that it will be resolved precisely once, at the
time that the rule is entered, and will be replaced by the
single IP address that comes back.
Good point.
What happens if you use a DNS name that doesn't resolve?
Iptables fails to create the rule.
What happens i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Jan 04, 2017 at 10:54:53AM -0600, Richard Owlett wrote:
> I'm searching for an introduction to iptables that leads me to
> answers to the questions *I* have. I've got a flock of links I'm
> working thru.
Take your time...
> In th
On Wed, Jan 04, 2017 at 10:54:53AM -0600, Richard Owlett wrote:
> I'm searching for an introduction to iptables that leads me to answers to
> the questions *I* have. I've got a flock of links I'm working thru.
>
>
> In the meantime I have a few questions.
>
> One of the l
I'm searching for an introduction to iptables that leads me to
answers to the questions *I* have. I've got a flock of links I'm
working thru.
In the meantime I have a few questions.
One of the links led to _Securing Debian Manual_ and in particular
"Appendix F - Security update prot
Le 14/11/2016 à 00:48, deloptes a écrit :
Pascal Hambourg wrote:
Well then, all I can suggest is to run a packet capture and try to see
what's going on.
I guess you mean on the firewall?
Yes.
Henning Follmann wrote:
> Last time I chime in here.
> I understand growth and chaos, believe me. However sometimes we need a
> nudge or a kick in the but to clean up. Maybe this is your call..
It is kicking me and calling me since some time but I can not do this before
next summer. I have to
t is historically that way. Some years ago the firewall
> was connected to the public network directly. The new provider gave me the
> modem and it uses automatically 10.0.0.0, which I can not influence. I just
> did the DMZ - this was the time I tried to rewrite the firewall rules, but
>
deloptes wrote:
> Igor Cicimov wrote:
>
>> Run tcpdump and check whats happening
>
> That is strange - I will look into this direction - let me know if you
> have any ideas
>
> regards
>
>
> tcpdump -vvv dst 10.0.0.7
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
>
Igor Cicimov wrote:
> Run tcpdump and check whats happening
That is strange - I will look into this direction - let me know if you have
any ideas
regards
tcpdump -vvv dst 10.0.0.7
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
08:07:11.591763 ARP, Ethernet
On 13 Nov 2016 11:20 am, "deloptes" <delop...@gmail.com> wrote:
>
> Joe wrote:
>
> > On Sat, 12 Nov 2016 22:15:45 +0100
> > deloptes <delop...@gmail.com> wrote:
> >
> >> Hi,
> >> I need some help and I'll apprec
TCP or UDP connection) by many NAT systems is broken.
>
>
>> it still doesn't need any additional NAT rules in iptables, the single
>> SNAT rule handles it, as well as tcp, udp etc. Other rules are needed
>> for correct *operation*, but not for NAT.
>
>
> Proper
Pascal Hambourg wrote:
> Well then, all I can suggest is to run a packet capture and try to see
> what's going on.
I guess you mean on the firewall? I am not even sure I can install tcpdump
there, but I will try and ask again for help here for sure
thanks
ider gave me the
modem and it uses automatically 10.0.0.0, which I can not influence. I just
did the DMZ - this was the time I tried to rewrite the firewall rules, but
I found out I need to read again a lot about iptables and more important it
would mean I would need to experiment and jeopardize
> On Nov 13, 2016, at 5:19 PM, Pascal Hambourg wrote:
>
>> Le 13/11/2016 à 22:27, Henning a écrit :
>> I followed this thread and i wonder if there is a sane reason why you do nat
>> inside your network. Why don't you just route between different subnets i.e.
>>
Le 13/11/2016 à 21:43, deloptes a écrit :
Pascal Hambourg wrote:
replace 10.0.0.1/32 with 10.0.0.0/24 it does not work
You should double check that.
I checked replaced 10.0.0.1/32 with 10.0.0.0/24.
Just insert this rule and check whether it changes anything :
iptables -I FORWARD -j
Le 13/11/2016 à 22:27, Henning a écrit :
I followed this thread and i wonder if there is a sane reason why you do nat
inside your network. Why don't you just route between different subnets i.e.
10.0.1.0/24 and 10.0.2.0/24
Probably because the modem and hosts in 10.0.0.0/24 don't know about
I followed this thread and i wonder if there is a sane reason why you do nat
inside your network. Why don't you just route between different subnets i.e.
10.0.1.0/24 and 10.0.2.0/24
you still can have a firewall between those subnets
-H
the same, I'll put it on the TODO. I even tried once
>> with fw builder - it couldn't even import properly, because import and
>> export produced not working firewall.
>
> Just insert this rule and check whether it changes anything :
>
> iptables -I FORWARD -j ACCEPT
>
&g
the same, I'll put it on the TODO. I even tried once with
fw builder - it couldn't even import properly, because import and export
produced not working firewall.
Just insert this rule and check whether it changes anything :
iptables -I FORWARD -j ACCEPT
If SSH works then the ruleset is faulty
Pascal Hambourg wrote:
> Le 13/11/2016 à 16:05, deloptes a écrit :
>>
>> These are the rules - a friend created this like 10y ago. I added few
>> rules to forward ports from outside to the intranet and to be able to
>> handle VPN.
>> You can ignore 192.168.60.1 on eth2 - not used.
>
> IMO, this
Le 13/11/2016 à 16:05, deloptes a écrit :
These are the rules - a friend created this like 10y ago. I added few rules
to forward ports from outside to the intranet and to be able to handle VPN.
You can ignore 192.168.60.1 on eth2 - not used.
IMO, this ruleset is totally insane.
However,
nts as well.
thank you in advance
regards
# Generated by iptables-save v1.4.14 on Sun Nov 13 15:57:01 2016
*nat
:PREROUTING ACCEPT [26000:2533530]
:POSTROUTING ACCEPT [87:4966]
:OUTPUT ACCEPT [28:2038]
-A PREROUTING -s 127.0.0.0/8 -j ACCEPT
-A PREROUTING -d 10.0.0.1/32 -i eth0 -p tcp -m tcp --dport 80
icky, I am not surprised at all
that the handling of "non standard" protocols (read : other than a
single TCP or UDP connection) by many NAT systems is broken.
it still doesn't need any additional NAT rules in iptables, the single
SNAT rule handles it, as well as tcp, udp etc. Ot
> >
> > I used to have a fair bit to do with PPTP through three or four
> > NATs,
>
> PPTP rather falls into the "complex protocols" described below.
Exactly so. You wouldn't believe how many routers of ten years ago or
so didn't handle it properly, at least with their ini
On 11/12/2016 06:19 PM, deloptes wrote:
Joe wrote:
On Sat, 12 Nov 2016 22:15:45 +0100
deloptes <delop...@gmail.com> wrote:
Hi,
I need some help and I'll appreciate it.
I have a firewall with iptables behind the modem.
on this firewall I have
eth0 with ip 10..1 to the modem
Le 13/11/2016 à 11:09, Joe a écrit :
Pascal Hambourg wrote:
Le 12/11/2016 à 23:32, Joe a écrit :
The SNAT should not be an issue, it can handle all protocols
transparently
No it cannot. NAT is not possible with some IP protocols. Plain IPSec
(without NAT-T
On Sun, 13 Nov 2016 10:35:29 +0100
Pascal Hambourg wrote:
> Le 12/11/2016 à 23:32, Joe a écrit :
> >
> > The SNAT should not be an issue, it can handle all protocols
> > transparently
>
> No it cannot. NAT is not possible with some IP protocols. Plain IPSec
> (without
Le 13/11/2016 à 01:19, deloptes a écrit :
Yes, it is not working
How is it not working ? What do you do and what happens ?
From one computer ip 10..6 I can ssh to 10..7 and vv.
That does not concern the firewall between the modem and the LAN.
I also see that iptables forwards
Le 12/11/2016 à 23:32, Joe a écrit :
The SNAT should not be an issue, it can handle all protocols
transparently
No it cannot. NAT is not possible with some IP protocols. Plain IPSec
(without NAT-T encapsulation) is the first one that comes in mind.
Also many complex protocols such as FTP
Joe wrote:
> On Sat, 12 Nov 2016 22:15:45 +0100
> deloptes <delop...@gmail.com> wrote:
>
>> Hi,
>> I need some help and I'll appreciate it.
>>
>> I have a firewall with iptables behind the modem.
>> on this firewall I have
>> eth0 wi
On Sat, 12 Nov 2016 22:15:45 +0100
deloptes <delop...@gmail.com> wrote:
> Hi,
> I need some help and I'll appreciate it.
>
> I have a firewall with iptables behind the modem.
> on this firewall I have
> eth0 with ip 10..1 to the modem ip: 10..12
>
Hi,
I need some help and I'll appreciate it.
I have a firewall with iptables behind the modem.
on this firewall I have
eth0 with ip 10..1 to the modem ip: 10..12
eth1 with ip 192..1 to the intranet
iptables is doing SNAT from 192..1 to 10..1
I wonder how I can ssh from 192..NN
_
>>> Participe do Grupo Aprendendo Linux
>>> https://groups.google.com/forum/#!forum/portal-aprendendo-linux
>>>
>>> Ou envie um e-mail para:
>>> portal-aprendendo-linux+subscr...@google
> > Participe do Grupo Aprendendo Linux
> > https://groups.google.com/forum/#!forum/portal-aprendendo-linux
> >
> > Ou envie um e-mail para:
> > portal-aprendendo-linux+subscr...@googlegroups.com
> >
> >
> >
> > Em 03/11/2016 08:58, Gabriel
-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number
Atenciosamente,
*Gabriel Ricardo*
Fone: +55 41 88817828
Skype: gabriel.nerdworkti
Em 1 de novembro de 2016 14:43, Linux - Junior Polegato
<li...@juniorpolegato.com.br <mailto:li...@juniorpolegato.com.br>>
escreveu:
E
riel Ricardo escreveu:
>> Bom dia!
>>
>> Você pode listar as regras por numero de linha, segue um guia:
>>
>> https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number
>>
>>
>>
>
Em 03/11/2016 08:58, Gabriel Ricardo escreveu:
Bom dia!
Você pode listar as regras por numero de linha, segue um guia:
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number
Atenciosamente,
*Gabriel Ricardo*
Fone: +55
Bom dia!
Você pode listar as regras por numero de linha, segue um guia:
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules#delete-rule-by-chain-and-number
Atenciosamente,
*Gabriel Ricardo*
Fone: +55 41 88817828
Skype: gabriel.nerdworkti
Em 1 de
, TIPO, assim:
iptables -t mangle -A PREROUTING -s 192.168.0.3 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -s 192.168.0.4 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -s 192.168.0.6 -j MARK --set-mark 1
iptables
> regras de marcação de pacotes, TIPO, assim:
>
> iptables -t mangle -A PREROUTING -s 192.168.0.3 -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -s 192.168.0.4 -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 1
> iptables -t mangle
> regras de marcação de pacotes, TIPO, assim:
>
> iptables -t mangle -A PREROUTING -s 192.168.0.3 -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -s 192.168.0.4 -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 1
> iptables -t mangle
E porque não pensar de forma diferente
Porque não trocar no script failover para as marcações 2 irem por outra
tabela de roteamento?
Creio que com -D resolva...
iptables -t mangle -D PREROUTING -s 192.168.0.7 -j MARK --set-mark 2
*--*
Att
Marcos Carraro <http://br.linkedin.com/in/mcarr
Prezados Colegas,
Primeiramente saudações pinguianas para todos.
Estou com uma dificuldade em relação a remoção de algumas regras via script.
No meu cenário, eu tenho três links e algumas (na verdade muitas) regras
de marcação de pacotes, TIPO, assim:
iptables -t mangle -A PREROUTING -s
Le 27/10/2016 à 13:36, Pol Hallen a écrit :
I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules:
Please be more precise. Iptables rules are created on nodes (hosts and
routers), not networks.
iptables -A FORWARD -s 192.168.1/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state --state
El 10/28/2016 04:18 PM, Romero, Fernando escribió:
Hola como están, consulto por una reglas de iptables
Tengo una regla en la cual denego las conexiones entrantes a todas las ip's
menos 2 ip's especificas
iptables -P INPUT -j REJECT
iptables -P FORWARD -j REJECT
iptables -A INPUT -s x.x.x.x
Hola como están, consulto por una reglas de iptables
Tengo una regla en la cual denego las conexiones entrantes a todas las ip's
menos 2 ip's especificas
iptables -P INPUT -j REJECT
iptables -P FORWARD -j REJECT
iptables -A INPUT -s x.x.x.x -j ACCEPT
iptables -A INPUT -s x.x.x.x -j ACCEPT
Las
On Thu, Oct 27, 2016 at 01:36:23PM +0200, Pol Hallen wrote:
> Hello all :-)
>
> I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules:
>
> iptables -A FORWARD -s 192.168.1/24 -d 0/0 -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d 192.16
gt;> Hablas de un fichero: /etc/init.d/firewall
>> He buscado con apt-file search a ver que paquete instala ese fichero y
>> no lo encuentro.
>>
>> Salvo que se cree dinámicamente, que no creo, no se de donde sale.
>> A ver si puedes aclararme esta duda.
>>
>
El 2016-10-27 07:48, fernando sainz escribió:
2016-10-26 18:34 GMT+02:00 Frank A Sanches Calzada
:
systemctl status firewall.service
este es el resultado pero la linia 223 esta en blanco no tiene
contenido
● firewall.service - LSB: Firewall configuration
as han cambiado respecto a las versiones anteriores, mi
recomendación para el firewall y mas si tienes un script personalizado
de iptables es que pongas las reglas y que ejecute desde rc.local, al
final de todo cuando inicia el sistema, asi ya no habrá problemas, yo
lo hago siempre asi para
ls.
> >
> > Saludos
> >
>
> Las cosas han cambiado respecto a las versiones anteriores, mi
> recomendación para el firewall y mas si tienes un script personalizado
> de iptables es que pongas las reglas y que ejecute desde rc.local, al
> final de todo cuando inicia
iptables -A FORWARD -s 192.168.2/24 -d 192.168.1/24 -m conntrack \
--ctstate NEW -m comment --comment 'lan2 cannot see lan1' -j DROP
[...]
cheers! :-p
Pol
reó un archivo en /etc/init.d a la medida para la
configuración de iptables.
Eso era perfectamente normal en la época de init, pero desde que systemd
entró en escena, las cosas se complicaron.
Por esos, se recomienda que el script de configuración de iptables se
cargue sobre rc.local, que com
2016-10-26 18:34 GMT+02:00 Frank A Sanches Calzada :
> systemctl status firewall.service
> este es el resultado pero la linia 223 esta en blanco no tiene contenido
>
> ● firewall.service - LSB: Firewall configuration
>Loaded: loaded (/etc/init.d/firewall)
>
Jabber: fr...@jabber.asertec.azcuba.cu
Telf: (024)426446
Buen día.
Hace unos días tuve algunos problemas con iptables.
Siempre, y aún hoy, prefiero las cosas a la antigua, y uso /etc/rc.local
para definir las reglas.
Pero como las cosas cambian, echale una mirada a esto:
https
a el firewall y mas si tienes un script personalizado
de iptables es que pongas las reglas y que ejecute desde rc.local, al
final de todo cuando inicia el sistema, asi ya no habrá problemas, yo
lo hago siempre asi para reglas iptables, en /etc/rc.local ahi llama a
tu script.
>
> --
> Frank
Hi.
In-Reply-To: <ddc9a058-84e5-d442-9be3-cb9aa638e...@fuckaround.org>
On Thu, Oct 27, 2016 at 01:36:23PM +0200, Pol Hallen wrote:
> Hello all :-)
>
> I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules:
>
> iptables -A FORWARD -s 192.168.1/24 -d 0/0
Hello all :-)
I've 2LAN (192.168.1/24 and 192.168.2/24) with these rules:
iptables -A FORWARD -s 192.168.1/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d 192.168.1/24
-j ACCEPT
and same rules for 192.168.2/24: this allow each lan see other lan.
Can I deny
Claramente te falta leer con atención:
"Warning: Unit file of firewall.service changed on disk,* 'systemctl
daemon-reload' recommended*.
Job for firewall.service failed. See 'systemctl status firewall.service'
and 'journalctl -xn' for details.."
2016-10-26 13:34 GMT-03:00 Frank A Sanches Calzada
systemctl status firewall.service
este es el resultado pero la linia 223 esta en blanco no tiene contenido
● firewall.service - LSB: Firewall configuration
Loaded: loaded (/etc/init.d/firewall)
Active: failed (Result: exit-code) since mié 2016-10-26 08:36:52 CDT;
16s ago
Process: 1701
Y que sucedió luego que hiciste lo que te recomienda ese mensaje?
2016-10-26 12:46 GMT-03:00 Frank A Sanches Calzada <
frank...@asertec.azcuba.cu>:
> Hola lista recientemente upgradie mis serviodores a debian 8 pero tengo un
> problema, el scrip de iptable que tengo me dejo de funcionar me pone
Hola lista recientemente upgradie mis serviodores a debian 8 pero tengo
un problema, el scrip de iptable que tengo me dejo de funcionar me pone
lo siguiente:
Warning: Unit file of firewall.service changed on disk, 'systemctl
daemon-reload' recommended.
Job for firewall.service failed. See
El 21/10/16 a las 12:30, JAP escribió:
El 21/10/16 a las 12:05, Jose Julian Buda escribió:
iptables -t nat -L
Quizas muestre algo.
Saludos
Julian
Muestra mucho :(
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT
El 21/10/16 a las 12:16, JAP escribió:
> El 21/10/16 a las 11:32, fernando sainz escribió:
>> Mira esto también:
>>
>> http://unix.stackexchange.com/questions/209393/debian-8-update-iptables-on-boot
>>
>
> No, el problema no es ese.
> rc.local funciona bien
El 21/10/16 a las 12:05, Jose Julian Buda escribió:
iptables -t nat -L
Quizas muestre algo.
Saludos
Julian
Muestra mucho :(
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source
El 21/10/16 a las 12:05, Jose Julian Buda escribió:
iptables -t nat -L
Quizas muestre algo.
Saludos
Julian
Muestra mucho :(
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source
El día 21 de octubre de 2016, 10:33, JAP
<javier.debian.bb...@gmail.com> escribió:
> Buenos días.
>
> systemd y la madre que lo programó.
>
> Sigo sufriendo problemas en mi migración de equipo.
> Ahora no sé por qué diablos a iptables se le da por no arrancar.
>
On Fri, Oct 21, 2016 at 11:42:53AM -0300, JAP wrote:
>
[...]
> El script era una línea en /etc/rc.local.
>
> Pero sacando eso, el teme es que iptables NO ESTÁ CORRIENDO.
>
> Si cargo la regla a mano, y luego listo las reglas activas, me aparece que
> iptables está vacío,
El 21/10/16 a las 11:32, fernando sainz escribió:
Mira esto también:
http://unix.stackexchange.com/questions/209393/debian-8-update-iptables-on-boot
No, el problema no es ese.
rc.local funciona bien, se ejecuta la inicio sin problemas.
El tema es que iptables no toma las reglas ni aunque se
On 21/10/16 11:42, JAP wrote:
El 21/10/16 a las 11:18, del tonos escribió:
Asi es como te dice Fernando:
Tenias un script ademas llamado iptables al cual llamabas desde el
sysinit?
Quizás tengas que convertirlo entonces:
https://fedoramagazine.org/systemd-converting-sysvinit-scripts/ <-
El 21/10/16 a las 11:18, del tonos escribió:
Asi es como te dice Fernando:
Tenias un script ademas llamado iptables al cual llamabas desde el sysinit?
Quizás tengas que convertirlo entonces:
https://fedoramagazine.org/systemd-converting-sysvinit-scripts/ <--Va,
no se enojen :), solo
go sufriendo problemas en mi migración de equipo.
>> Ahora no sé por qué diablos a iptables se le da por no arrancar.
>> No hay forma de iniciar el contrafuegos.
>> No encuentro ninguna solución en la red, razón por la que si alguien tiene
>> una idea, es bienvenida.
>>
>
El 21/10/16 a las 10:58, fernando sainz escribió:
El día 21 de octubre de 2016, 15:33, JAP
<javier.debian.bb...@gmail.com> escribió:
Buenos días.
systemd y la madre que lo programó.
Sigo sufriendo problemas en mi migración de equipo.
Ahora no sé por qué diablos a iptables se le
Asi es como te dice Fernando:
Tenias un script ademas llamado iptables al cual llamabas desde el sysinit?
Quizás tengas que convertirlo entonces:
https://fedoramagazine.org/systemd-converting-sysvinit-scripts/ <--Va, no
se enojen :), solo es ejemplo!
http://0pointer.de/blog/projects/syst
El día 21 de octubre de 2016, 15:33, JAP
<javier.debian.bb...@gmail.com> escribió:
> Buenos días.
>
> systemd y la madre que lo programó.
>
> Sigo sufriendo problemas en mi migración de equipo.
> Ahora no sé por qué diablos a iptables se le da por no arrancar.
>
Buenos días.
systemd y la madre que lo programó.
Sigo sufriendo problemas en mi migración de equipo.
Ahora no sé por qué diablos a iptables se le da por no arrancar.
No hay forma de iniciar el contrafuegos.
No encuentro ninguna solución en la red, razón por la que si alguien
tiene una idea, es
On Thu, Oct 20, 2016 at 08:04:36PM +, Romero, Fernando wrote:
>
> En el cliente no me carga el modulo pero tampoco me da error
>
> [root@localhost ~]# lsmod | grep nfs
> [root@localhost ~]# modprobe nfs
> [root@localhost ~]#
Hmmm... ¿Tienes instalado el paquete nfs-common en el cliente?
Si
-Mensaje original-
De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com]
Enviado el: jueves, 20 de octubre de 2016 4:45 p. m.
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
On Thu, Oct 20, 2016 at 07:38:10PM +, Romero, Fernando wrote:
>
> El modulo Tie
On Thu, Oct 20, 2016 at 07:38:10PM +, Romero, Fernando wrote:
>
> El modulo Tiene que estar cargado solo en el servidor no?
> No del lado del cliente
El módulo nfs tiene que estar cargado en el cliente. En el servidor,
seguramente verás los módulos nfs y nfsd.
Saludos.
--
Pablo Jiménez
-Mensaje original-
De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com]
Enviado el: jueves, 20 de octubre de 2016 4:34 p. m.
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
On Thu, Oct 20, 2016 at 07:15:02PM +, Romero, Fernando wrote:
>
> Lo del modulo
On Thu, Oct 20, 2016 at 07:15:02PM +, Romero, Fernando wrote:
>
> Lo del modulo de nfs ya lo había visto y esta cargado
> No entiendo a que te réferis con "bastionado"
Me refiero a aplicar las medidas de seguridad que estimes convenientes
(cortafuegos y otras) para proteger tu servidor.
-Mensaje original-
De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com]
Enviado el: jueves, 20 de octubre de 2016 4:10 p. m.
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
On Thu, Oct 20, 2016 at 06:53:30PM +, Romero, Fernando wrote:
>
> Segui los pas
On Thu, Oct 20, 2016 at 06:53:30PM +, Romero, Fernando wrote:
>
> Segui los pasos que me decis y ya me devuelve el showmount en el
> cliente los directorios compartidos en el servidor nfs pero sigue
> dando error para mapearlo
>
> Saque lo de tcpwrappers y deje solo ip
-Mensaje original-
De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com]
Enviado el: jueves, 20 de octubre de 2016 3:27 p. m.
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
On Thu, Oct 20, 2016 at 05:47:01PM +, Romero, Fernando wrote:
>
> En el clie
: Consulta iptables
On Thu, Oct 20, 2016 at 05:47:01PM +, Romero, Fernando wrote:
>
> En el cliente el showmount -e me da este error
>
> rpc mount export: RPC: Authentication error; why = Failed (unspecified
> error)
>
> Y en el /etc/exports tengo esto
>
> /backup
quash)
>
> Y el comando exportfs me da:
>
> /backup x.x.x.x
>
> Saludos
Ok. Asumo, entonces, sigues con IPTables activo. Si ese es el caso:
1. No tiene sentido que uses tcpwrappers si ya tienes IPTables. Mejor
dejas /etc/hosts.allow y /etc/hosts.deny tal como estab
-Mensaje original-
De: Pablo JIMÉNEZ [mailto:pjimenez...@gmail.com]
Enviado el: jueves, 20 de octubre de 2016 2:34 p. m.
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
On Thu, Oct 20, 2016 at 05:09:35PM +, Romero, Fernando wrote:
> Estuve mirando lo que
On Thu, Oct 20, 2016 at 05:09:35PM +, Romero, Fernando wrote:
> Estuve mirando lo que me decis y estoy tratando de habilitar el nfs solo para
> una ip.
> Configure el /etc/hosts.deny
>
> portmap: ALL
> lockd: ALL
> mountd: ALL
> rquotad: ALL
> statd: ALL
>
> Y el /etc/hosts.deny
>
>
de 2016 12:29 p. m.
Para: Romero, Fernando <fernando.rom...@lineamitre.gob.ar>
CC: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
Perdon, se me fue al privado
Esta estrategia para NFS es incorrecta, NFS depende del portmap para establecer
conexiones y el filtrado
-Mensaje original-
De: Aaron D. [mailto:aarond...@gmx.com]
Enviado el: jueves, 20 de octubre de 2016 11:59 a. m.
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Consulta iptables
On Thu, 20 Oct 2016 13:45:12 +
"Romero, Fernando" <fernando.rom...@lineamitre.
rom...@lineamitre.gob.ar> escribió:
> Hola como están, tengo un tema con iptables.
> Necesito que una ip especifica este habilitada para conectarse a un nfs,
> estoy tratando de filtrar por iptables.
> La regla que cree es la siguiente:
>
> iptables -A INPUT -s x.x.x.x -m state --state
bian-user-spanish@lists.debian.org
> Asunto: Re: Consulta iptables
>
> El 20/10/16 a las 10:31, Javier Marcon escribió:
> > El 20/10/16 a las 10:24, Romero, Fernando escribió:
> >> Hola como están, tengo un tema con iptables.
> >> Necesito que una ip especifica este habil
401 - 500 of 8543 matches
Mail list logo