Hi I had this problem and you need to open udp ports 1100 1182.
However these ports need to be open on the machine on the machine man is
using msn VOIP.
So for for each user DNAT those ports to their machine.
If you use shorewall
in rules
DNATnet loc:address of machine on lanudp
I'm currently running a server who shares a adsl connection (masquerade nat)
without any problems.
But users inside the network are complaining that they can't use msn
messenger's voice chat feature.
I've googled and found out some ports to be open. I opened them but voice
still doesn't seems to
Don't know what port should be open, but
you could find out by using some -j LOG
rules and checking out what port is it that
the other side tries to reach...
El dom, 09-11-2003 a las 23:57, Leonardo Sá escribió:
I'm currently running a server who shares a adsl connection (masquerade nat)
Bill grabbed a keyboard and wrote:
On Star Date Saturday 30 August 2003 11:17 am, David Guntner sent this
sub-space message.
I am trying to use -j REJECT because I want to reject the packet. I
also want to log it. However, I see that my problem was that I was
trying to do a -j REJECT LOG
On Fri, 2003-08-29 at 13:51, David Guntner wrote:
Hi all,
I'm setting up some iptables rules to block certain kinds of packets on my
ML 9.1 machine. The man page talks about logging options to have it log to
the syslog, but I can't seem to figure out the exact syntax to make it
work.
You can look on the web for iptables log which is where I found what I use.
-A INPUT -i eth0 -p udp -m limit --limit 10/hour -j LOG --log-prefix
IPTABLES UDP-IN:
-A INPUT -i eth0 -p icmp -m limit --limit 10/hour -j LOG --log-prefix
IPTABLES ICMP-IN:
-A INPUT -i eth0 -p tcp -m limit --limit
Jack Coates grabbed a keyboard and wrote:
On Fri, 2003-08-29 at 13:51, David Guntner wrote:
I'm setting up some iptables rules to block certain kinds of packets on
my ML 9.1 machine. The man page talks about logging options to have it
David Guntner wrote:
Jack Coates grabbed a keyboard and wrote:
On Fri, 2003-08-29 at 13:51, David Guntner wrote:
I'm setting up some iptables rules to block certain kinds of packets on
my ML 9.1 machine. The man page talks about logging options to have it
Bill grabbed a keyboard and wrote:
You can look on the web for iptables log which is where I found what I
use.
-A INPUT -i eth0 -p udp -m limit --limit 10/hour -j LOG --log-prefix
IPTABLES UDP-IN:
Ah, ok. Now I see what I was doing wrong.
I am trying to use -j REJECT because I want to
Good question. Im still trying to see when I get a droped packet form an ip
that I have set to have its packets droped when it trys to connect. Its an
email server that has been sending out those .pif virus files. I get logs
for everything but havnt seen any that say droped. Maybe someone here
Hi all,
I'm setting up some iptables rules to block certain kinds of packets on my
ML 9.1 machine. The man page talks about logging options to have it log to
the syslog, but I can't seem to figure out the exact syntax to make it
work. No matter how I try, I keep getting a bad option message
Is there a file that holds the rules for ipitables that I can edit to add
lines manually? I tried to google for it but with no luck.
I need to set iptables to log matching ip addys to syslog so I can monitor
how often I get a certain ip that trys to connect but is droped due to a rule
I set.
The file you seek: /etc/sysconfig/iptables
It's format is that of iptables-save redirected to a file. You
can either manually edit that file and do:
service iptables restart
or modify iptables in memory and do:
iptables-save /etc/sysconfig/iptables
Enjoy,
Woody
Bill said:
Here's the output of 'iptables -L -n -v':
Chain INPUT (policy ACCEPT 1613 packets, 96669 bytes)
Even though you are specifically allowing port 135 without the syn the
default rules will accept packets that do not match any REJECT or DROP
rules. I bet you are running ethereal from the FW
El mié, 13-08-2003 a las 05:07, Thomas Gamble escribió:
I have been trying to get iptables set up on my gateway machine, but it isn't
working like I think it should. I have the following entry in the
rc.firewall script to block incoming SYN packets:
EXT_IF=ppp0
IPTABLES=//sbin/iptables
If you want a firewall, urpmi shorewall or look at gshield or something
else to do this stuff for you.
If you want to learn netfilter iptables, I can highly recommend
Policy Routing Using Linux by Matthew Marsh, see Amazon or similar.
You probably have something else matching above those rules
I have been trying to get iptables set up on my gateway machine, but it isn't
working like I think it should. I have the following entry in the
rc.firewall script to block incoming SYN packets:
EXT_IF=ppp0
IPTABLES=//sbin/iptables
$IPTABLES -A INPUT -i $EXT_IF -p tcp ! --syn -j ACCEPT
yet
Jack Coates schrieb:
If you want a firewall, urpmi shorewall or look at gshield or something
else to do this stuff for you.
If you want to learn netfilter iptables, I can highly recommend
Policy Routing Using Linux by Matthew Marsh, see Amazon or similar.
You probably have something else
I am a pretty fair newbie in internet security issues, use of iptables
and so forth. But I already have been attacked by some variant of a
worm that attacked certain ports on my system, slowing my internet
connection etc. I noticed before certain udp checksom problems when
that happened, and at
On Sat, 8 Mar 2003 19:57:57 -0800 (PST) [EMAIL PROTECTED] (David
E. Fox) wrote:
I am a pretty fair newbie in internet security issues, use of iptables
and so forth. But I already have been attacked by some variant of a
worm that attacked certain ports on my system, slowing my internet
On Mon, 3 Mar 2003 21:55:55 -0800 Todd Lyons [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pierre Fortin wrote on Mon, Mar 03, 2003 at 08:54:40PM -0500 :
So I would use /16 for a Class C network?
Not quite:
/8 is Class A
/16 is Class B
/24 is
On Tue, 04 Mar 2003 07:28:40 -0500 Mark Weaver
[EMAIL PROTECTED] wrote:
Pierre Fortin wrote:
On Sun, 02 Mar 2003 17:45:12 -0500 Mark Weaver
[EMAIL PROTECTED] wrote:
Scott St. John wrote:
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail
At 03:57 PM 3/3/2003 -0800, you wrote:
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
I logged out and then tried to ssh back in and I was in just fine! Tried
to reach the web site
and again, no trouble. I then switched to this:
Most likely, something before it is allowing it. I suggest that
At 09:48 PM 3/2/2003 -0500, you wrote:
iptables -A INPUT -s 209.8.161.0/24 -j DROP
Ok, perhaps I am doing something wrong, I decided to test blocking my home
connection
to the server just to see if it would work. Doing this:
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
I logged out and then
On Mon, 03 Mar 2003 08:38:28 -0500 Scott St. John [EMAIL PROTECTED]
wrote:
At 09:48 PM 3/2/2003 -0500, you wrote:
iptables -A INPUT -s 209.8.161.0/24 -j DROP
Ok, perhaps I am doing something wrong, I decided to test blocking my
home connection
to the server just to see if it would work.
Heh, call me the idiot! It works *WHEN* I stop Bastille :) I am guessing that
some rule in Bastille is over riding my iptables commands to allow the traffic!
So, now I have to figure out the rules that Bastille is putting in place
and write
my own iptables script.
Thank you to everyone!
At 03:57 PM 3/3/2003 -0500, you wrote:
If you want to block access to a specific service then just modify the
rule to appear this way. Something I forgot to ask is how many nics are you
using? you may also have to specify the interface they're coming in on as
well.
Ex: iptables -A INPUT -p tcp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott St. John wrote on Sun, Mar 02, 2003 at 09:19:04AM -0500 :
So I would use /16 for a Class C network?
Not quite:
/8 is Class A
/16 is Class B
/24 is Class C
Blue skies... Todd
- --
Never take no as an answer from someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott St. John wrote on Mon, Mar 03, 2003 at 08:38:28AM -0500 :
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
I logged out and then tried to ssh back in and I was in just fine! Tried
to reach the web site
and again, no trouble. I then switched
On Mon, 3 Mar 2003 15:55:37 -0800 Todd Lyons [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott St. John wrote on Sun, Mar 02, 2003 at 09:19:04AM -0500 :
So I would use /16 for a Class C network?
Not quite:
/8 is Class A
/16 is Class B
/24 is Class C
Not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pierre Fortin wrote on Mon, Mar 03, 2003 at 08:54:40PM -0500 :
So I would use /16 for a Class C network?
Not quite:
/8 is Class A
/16 is Class B
/24 is Class C
Not quite:)
0... is Class A
10..
Scott St. John wrote:
Heh, call me the idiot! It works *WHEN* I stop Bastille :) I am
guessing that
some rule in Bastille is over riding my iptables commands to allow the
traffic!
So, now I have to figure out the rules that Bastille is putting in place
and write
my own iptables script.
On Sat, 1 Mar 2003, tarvid wrote:
I do this at the border gateway for bulk mailers that present a heavy load to
my postfix mail server.
The owner of the company is against blocking at the router so I am trying
to do it on the mail server.
I use spamcop and a local RBL to catch some more.
On Sat, 1 Mar 2003, Dave Laird wrote:
iptables -A INPUT -s 209.82.110.17/16 -j DROP will work to drop *everything*
from 209.82.110.x, regardless of the the fourth digits in the network
address. Unless I've gotten it backwards again (it's past my bedtime) 24 only
drops the 0 of your address,
On Sun, 2 Mar 2003, . wrote:
209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get
209.8.0.0 - 209.8.255.255
That is what I put in, yet this spammer still got through to Sendmail.
Is iptables running on your firewall, with the mail server behind it, or
on your mail server? If
Ok, I have a spam place this morning trying multiple servers to get into my
mail server:
216.95.201.18, 216.95.201.31, etc. Let's say I want to block him totally
at the mail server
using iptables before he gets to Sendmail.
I would do:
iptables -A FORWARD 216.95.201.0/24 -p tcp --dport 25 -j
On Sat, 1 Mar 2003 22:09:04 -0500 (EST) Scott St. John
[EMAIL PROTECTED] wrote:
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail to block certain repeat spammers. I am
wondering if I could just use iptables to block them and take the load
off
On Sun, 02 Mar 2003 17:45:12 -0500 Mark Weaver
[EMAIL PROTECTED] wrote:
Scott St. John wrote:
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail to block certain repeat spammers. I am
wondering if I could just use iptables to block them and take
Scott St. John wrote:
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail to block certain repeat spammers. I am wondering
if I could just use iptables to block them and take the load off Sendmail?
My question would be 1)Is that practical 2)Is the
On Saturday 01 March 2003 10:09 pm, Scott St. John wrote:
Until I can migrate my clients over to Postfix I have been using the
access lists in Sendmail to block certain repeat spammers. I am wondering
if I could just use iptables to block them and take the load off Sendmail?
My question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good evening,
On Saturday 01 March 2003 07:09 pm, Scott St. John wrote:
My question would be 1)Is that practical 2)Is the proper way to block an
entire network this:
iptables -A INPUT -s 209.8.161.0/24 -j DROP
I added this, however traffic
209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get
209.8.0.0 - 209.8.255.255
Is iptables running on your firewall, with the mail server behind it, or
on your mail server? If the former, you might need to add this on the
FORWARD chain, not INPUT.
Keep in mind that you're
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good evening...
On Saturday 01 March 2003 10:48 pm, . wrote:
209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get
209.8.0.0 - 209.8.255.255
Is iptables running on your firewall, with the mail server behind it, or
on your mail
Hi experts, i know that this question maybe sounds for a newbia list but i
loose nothing asking it.
Do you know any tutotial, but EASY tutorial about setting the iptables as a
firewall that only allows ssh/sftp connections?? I've been looking on the net
but i get lost on the -A,-D,-s,-p,etc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gonzalo Avaria wrote:
| Hi experts, i know that this question maybe sounds for a newbia list
but i
| loose nothing asking it.
| Do you know any tutotial, but EASY tutorial about setting the iptables
as a
| firewall that only allows ssh/sftp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 24 November 2002 12:06 am, Woody Green wrote:
On the sharing machine, run iptables-save and post the output here.
Hello,
After some fiddling I managed to get things working again, though I only
barely understand what I did. Below is
I am having problems with a internet connection share. Oddly, I had it
working for a while last evening but then, suddenly, it died and I was unable
to communication computer to computer via wlan (sharing a modem connection on
one of them).
Running Mandrake 8.2, I have a usb wlan device on my
On the sharing machine, run iptables-save and post the output here.
Woody
Praedor Atrebates said:
I am having problems with a internet connection share. Oddly, I had it
working for a while last evening but then, suddenly, it died and I was
unable to communication computer to computer
Hi all,
well I solved my problem. Thanks to all that read this. Since there is a
guy which can't run his Mon Mothma firewall (funky name ain't it?) and
another with problems with a webserver, let me tell you what I did. And
in the end someone may tell me *why* it did work. I must confess I
Todd Lyons wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeferson Lopes Zacco wrote on Wed, Nov 13, 2002 at 07:59:19PM -0200 :
yep it is. SainTiss told me that in the newbie list (thanks!). As I
said, I can ping/resolve hosts fromthe client, but it does not transfer
(large chunks
Wooky,
just a hunch here. But about 2 years ago we had this problem with a
FreeBSD box. pinging sites worked fine but when we tried to ftp or http
we got broken and hung sites. Turns out that the proxy set up on it set
the Fragmentation config to 1500 don't fragment 1500 fragment... now
if
Hi all,
I've been spending some time trying to migrate from MDK 8.1 to 9.0. I
faced numerous problems, but now there is one left which I can't figure out.
I have a script for IPTABLES which act as a firewall and doubles as a
NAT/MASQ for the other machine in my tiny network. The script functions
Check if ip_forward is set to 1 in /etc/sysctl.conf
-Sridhar
Jeferson Lopes Zacco wrote:
Hi all,
I've been spending some time trying to migrate from MDK 8.1 to 9.0. I
faced numerous problems, but now there is one left which I can't figure
out.
I have a script for IPTABLES which act as a
yep it is. SainTiss told me that in the newbie list (thanks!). As I
said, I can ping/resolve hosts fromthe client, but it does not transfer
(large chunks of?) data. Weird. Perhaps it has smthing to do with msec?
Sridhar wrote:
Check if ip_forward is set to 1 in /etc/sysctl.conf
-Sridhar
Hi Hans -
What you're trying to do is actually a pretty common setup, which is
good, cus there are lots of examples. To save yourself some time, there
is a program that ships with mandrake called 'draknet' and could be
really helpfull for you. Its a nice utility that will walk you through
hi Dan,
first at all - have a lot of thanks to say for helps in every case.
the example I have posted, I had found in an example of a doc-file,
where iptables would be explained --:))) but as in the most cases it
will happen, that some things are not running in that way, it should.
And then the
-
From: [EMAIL PROTECTED]
[mailto:expert-owner;linux-mandrake.com]On Behalf Of Ron Stodden
Sent: Friday, 18 October 2002 8:45 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] iptables in mdk 8.2
Ron Stodden wrote:
A very simple way to get set up is to download to /etc/iptables the
rc.iptables
hi Ron,
first - thanks for your answer.
but have a lot of open questions anyway.
the script you mentioned, I have downloaded. but for example, I don't
have a setted up DNS yet.
Reading the docs about DHCP shows a big disadvantage, if using a
DHCP-server :
the connected clients does NOT have some
On 18 Oct 2002, hans privat wrote:
Reading the docs about DHCP shows a big disadvantage, if using a
DHCP-server :
the connected clients does NOT have some knowledge of the neighbourhouds
of clients.
to circumvent this problem, the docs talks about setting up a real DNS
within the local
hans privat wrote:
hi Ron,
first - thanks for your answer.
but have a lot of open questions anyway.
the script you mentioned, I have downloaded. but for example, I don't
have a setted up DNS yet.
Now - I have 3 workstations and 1 (designated) firewall. and maybe, the
workstations would be grow
Hi Hans -
Try: insmod ip_tables
instead of iptables, that should work for ya.
Dan
http://five2one.org/
hans privat wrote:
hi,
in a sysadmin-book I've read, that with kernel 2.4 the iptables
should be used.
now I have done a lookup with lsmod and have seen, that there was NO
iptables but an
hi,
in a sysadmin-book I've read, that with kernel 2.4 the iptables
should be used.
now I have done a lookup with lsmod and have seen, that there was NO
iptables but an ipchains.
then I have done a rmmod ipchains and was trying at first a modprobe
iptables. the answer was there is no
hans privat wrote:
hi,
in a sysadmin-book I've read, that with kernel 2.4 the iptables
should be used.
now I have done a lookup with lsmod and have seen, that there was NO
iptables but an ipchains.
You have the iptables RPM installed. Good! But you must now delete the
ipchains ROPM - use
hi Daniel,
thanks a lot, your hint does the trick - am happy now for the first
time. Can do now my first bloody steps.
in the meantime I have downloaded some docs based on www.linuxguruz.org.
Seems to be a really good docaddress for getting an understanding of
this big theme security.
thanks and
Ron Stodden wrote:
A very simple way to get set up is to download to /etc/iptables the
rc.iptables-2.3.8pre7 script from:
Should be:
rc.firewall-2.3.8pre7 script from:
http://monmotha.mplug.org/firewall/index.php
cd to /etc/iptables, and customise it with an editor as explained in the
On Mon, 2002-08-12 at 14:23, Ronald J. Hall wrote:
I'm posting this here, because I figured it was a bit above the newbie level.
If wrong, I apologise...
I ran BastilleChooser, I added a rule to iptables, and I'm not able to get
Quake 3, v1.31 to find my other 2 Linux comps. (or them find
On Tuesday 13 August 2002 04:02 am, you wrote:
Ron,
I responded to you private on this, but I just thought of something else
also that you can try.
First the original suggestion for everyone elses benefit, as root:
/etc/rc.d/init.d/iptables stop
Then
/etc/rc.d/init.d/iptables start
I'm posting this here, because I figured it was a bit above the newbie level.
If wrong, I apologise...
I ran BastilleChooser, I added a rule to iptables, and I'm not able to get
Quake 3, v1.31 to find my other 2 Linux comps. (or them find me). I've got
Mandrake v8.2.
Networking is up:
eth0
On Monday 12 August 2002 02:23 pm, you wrote:
I'm posting this here, because I figured it was a bit above the newbie
level. If wrong, I apologise...
Sorry, forgot to post Quake3's error output:
--- Common Initialization Complete ---
Opening IP socket: localhost:27960
Hostname: darkforce.com
hi,
firstly, go easy on me, i'm still new to the list and linux
i'm running LM 81 with kernel 2416-6mdk
browsing thru the logs, i came across this in /var/log/messages
Mar 4 00:20:52 infiniti bastille-firewall: iptables v124:
Mar 4 00:20:52 infiniti
Following the content of the very good article in GNU/Linux magazine France
in Linux Journal I configured the netfilter with the script here below
end up being able to ping any host (inside or outside my private network). I
cannot however do any TCP connexions what so ever I did a MDK
Not sure I understand.
He can send mail out, but he's getting a rejected -relay not allowed or
something back from the destination?
Yes, he can check mail via pop.provider.net but can't send it via
smtp.provider.net. He's getting a rejected -relay not allowed.
From where does it come ?
-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [expert] iptables : SMTP reject relay
Not sure I understand.
He can send mail out, but he's getting a rejected -relay not allowed or
something back from the destination?
Yes, he can check mail via pop.provider.net but can't send it via
FL wrote:
Not sure I understand.
He can send mail out, but he's getting a rejected -relay not allowed or
something back from the destination?
Yes, he can check mail via pop.provider.net but can't send it via
smtp.provider.net. He's getting a rejected -relay not allowed.
From where does
Hi!
A friend of mine is trying to setup a MDK 8.0 as a ADSL gateway for his
local network. Everything is working well with the internet sharing
connection wizard but his SMTP doesn't accept his connection.
I have read in IPCHAINS How-To that I must use REJECT and not DENY in the
rules. I have
Not sure I understand.
He can send mail out, but he's getting a rejected -relay not allowed or
something back from the destination?
If so, check the postfix configuration.
--- FL [EMAIL PROTECTED] wrote:
Hi!
A friend of mine is trying to setup a MDK 8.0 as a ADSL gateway for his
local
Just a quick easy question (if you know the answer) ?
What is PUB_IN when you do a:
iptables -v -L INPUT
I am worried by the line:
PUB_IN all -- ppp+ any anywhere anywhere
What does this line mean, open ppp+ to anyone!!! from anywhere?
TIA
Dave
Want
: [expert] iptables and ipip tunnels
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
I have been asking for help on both lists for 2 weeks , it seems that
unless your face fits , its a very private club
bg Richard
system now hacked as I cant put a firewall up without destroying
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
I have been asking for help on both lists for 2 weeks , it seems that
unless your face fits , its a very private club
bg Richard
system now hacked as I cant put a firewall up without destroying the ip
tunnel,.
Strange that after
richard [EMAIL PROTECTED]
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
It looks good to me, although I wouldn't include the interface part. You
may have to add this to your OUTPUT chain as well. If the firewall were to
live on a different box, you would want this rule in
Thanks Mat I'll try it on input and output.
On Sun, 2002-01-06 at 11:04, [EMAIL PROTECTED] wrote:
richard [EMAIL PROTECTED]
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
It looks good to me, although I wouldn't include the interface part. You
may have to add this
]
der.co.uk cc:
Sent by: Subject: [expert] IPTABLES AND
TUNNELS
expert-owner@linux-ma
richard wrote:
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
I have been asking for help on both lists for 2 weeks , it seems that
unless your face fits , its a very private club
bg Richard
system now hacked as I cant put a firewall up without destroying the ip
tunnel,.
On Sun, 2002-01-06 at 16:52, nds wrote:
richard wrote:
Hi
will this work
/sbin/iptables -A INPUT -p 93 -i eth1 -j ACCEPT
Hindsight:
reverse the numbers of your ip for what you are trying to do or
substitute them for values/variables like localip, remoteip,
localnet, and so on.
HI ALL.
RE: IPTABLES AND TUNNELING
ANY CHANCE , REMOTE , SMALL ETC
/sbin/bastille-netfilter
what do I need to add to the script to allow Protocol 93 (IPIP)
to pass unheeded in both directions thru the public interface, ie. the
ethernet port connected to the cable modem. I can get some thru but
Hi all, after the original posting to this list and to the bastille
list,
and just 1 reply which was to forward the last archieve from the
bastille list, at least a reply but the contents were my original mail
and another very unrelated.. so althogh the intent was there, no a lot
of help.
Now
Kevin wrote:
As a side note, the man page for iptables is pretty clear that --dport is
only effective when -p tcp,udp is given. Try a look at the man page next
time you get stuck. :)
indeed...i had been through there a few times but for what ever reason
missed that part. not a good part
On Mon, 10 Dec 2001 14:24:14 +1100
Tarragon Allen [EMAIL PROTECTED] wrote:
On Mon, 10 Dec 2001 14:27, Mark Weaver wrote:
Hi List
It was my understanding that with the latest version of Iptables --dport
which is an alias for --destination-port is a legal argument. However,
when i
On Monday 10 December 2001 03:06 am, Mark Weaver wrote:
On Mon, 10 Dec 2001 14:24:14 +1100
Tarragon Allen [EMAIL PROTECTED] wrote:
On Mon, 10 Dec 2001 14:27, Mark Weaver wrote:
Hi List
It was my understanding that with the latest version of Iptables
--dport which is an alias
On Tue, 11 Dec 2001 00:06, Mark Weaver wrote:
t,
adding the -p (protocol) was the missing link. why in the world didn't
iptables just say that's what it was missing instead of the generic error
message it was giving me?
I think the technical reason it gave the option unknown response is
On Tue, 11 Dec 2001 13:12:13 +1100
Tarragon Allen [EMAIL PROTECTED] wrote:
I think the technical reason it gave the option unknown response is because
those options (--dport, --sport) only become available to iptables when the
specific protocol module (tcp, udp) gets loaded. If you don't
Hi List
It was my understanding that with the latest version of Iptables --dport which is an
alias for --destination-port is a legal argument. However, when i attempt to add the
below into the ruleset of iptables,
iptables -A INPUT -s 199.224.86.15 --dport 53 -j ACCEPT
...this is
On Mon, 10 Dec 2001 14:27, Mark Weaver wrote:
Hi List
It was my understanding that with the latest version of Iptables --dport
which is an alias for --destination-port is a legal argument. However,
when i attempt to add the below into the ruleset of iptables,
iptables -A INPUT -s
Hi all,,
has the version requirement for ip tables changed from 2.4.13-2mdk and
later
I'm having probs getting NAT working on 2.4.13-7mdk, after a kernel
build.
./bastille-firewall status
gives
iptables v1.2.2: can't initialise iptables table 'filter':module is
wrong version
perhaps iptables or
: Monday, November 26, 2001 3:23 PM
Subject: [expert] iptables for 2.4.13 and later
Hi all,,
has the version requirement for ip tables changed from 2.4.13-2mdk and
later
I'm having probs getting NAT working on 2.4.13-7mdk, after a kernel
build.
./bastille-firewall status
gives
iptables v1.2.2
a
cooker kernel
Bye
Andy
- Original Message -
From: richard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 26, 2001 3:23 PM
Subject: [expert] iptables for 2.4.13 and later
Hi all,,
has the version requirement for ip tables changed from 2.4.13-2mdk and
later
Hello expert,
Can somebody tell me what does this mean :
-s, --source [!] address[/mask]
Source specification. Address can be either a hostname, a network name, or a plain IP
address.
The mask can be either a network mask or a plain number, specifying the number of 1's
at the left side of
Leif Madsen wrote:
I just upgraded my iptables today (I should really stop running stuff through
the Mandrake Updates program...) and now I'm getting an error on bootup.
It's basically telling me that iptables v.1.2.2 is failing and either it or
my kernel needs to be upgraded. I'm running
1. NAT doesn't work. I can access internet from Linux machine but not
from other intranet machines.
2. If I use nmap to see what ports are open on the linux firewall
machine it still reports that ports other than 22,80,443 25 (which I
wanted open) are still open, eg like port 631 which is
Machine details:
Mandrake 8.0
Linux Version 2.4.3-20mdk
434MHz Intel Celeron (Mendocino) Processor, 256M RAM
Network interface to Internet: eth0
Network interface to Intranet: eth1
Hi I am facing problem getting my iptables based firewall working.
If I use only the
1 - 100 of 114 matches
Mail list logo
