Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6)

On 4/21/07, Dan Johansson <[EMAIL PROTECTED]> wrote: On Saturday 21 April 2007 15:53, Uwe Thiem wrote: > On 21 April 2007, Dan Johansson wrote: > > After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my > > firewall won't start (shorewall). > > > > The here's the error: > > iptables

Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6)

On Saturday 21 April 2007 15:53, Uwe Thiem wrote: > On 21 April 2007, Dan Johansson wrote: > > After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my > > firewall won't start (shorewall). > > > > The here's the error: > > iptables: Invalid argument > >ERROR: Command "/sbin/iptables

Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6)

On 21 April 2007, Dan Johansson wrote: > After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my > firewall won't start (shorewall). > > The here's the error: > iptables: Invalid argument >ERROR: Command "/sbin/iptables -A FORWARD -m state --state > ESTABLISHED,RELATED -j ACCEPT" Fa

[gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6)

After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my firewall won't start (shorewall). The here's the error: iptables: Invalid argument ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed I'm getting the same errormessage when it tr

Re: [gentoo-user] IPtables question

Dnia piątek, 2 lutego 2007, Hans-Werner Hilse napisał: > Nope, just the target Adress is rewritten (by routing). DNAT is > Destination NAT! I.e. the target IP of the packet is rewritten. Since > the Linksys is the default gateway, packets can keep their source IP > address. Of course, the source MA

Re: [gentoo-user] IPtables question

Hi, On Fri, 2 Feb 2007 09:45:53 +0100 Pawel Kraszewski <[EMAIL PROTECTED]> wrote: > Dnia środa, 31 stycznia 2007, James Colby napisał: > > > I have a small home server that I have connected to the internet > > through a linksys router and cable modem. The linksys router is > > currently forward

Re: [gentoo-user] IPtables question

Dnia środa, 31 stycznia 2007, James Colby napisał: > I have a small home server that I have connected to the internet > through a linksys router and cable modem. The linksys router is > currently forwarding all ssh traffic to my gentoo box. What I would ^ Take note, that fo

Re: [gentoo-user] IPtables question

James Colby wrote: > currently forwarding all ssh traffic to my gentoo box. What I would > like to do is set up iptables to only allow ssh logins from a small > number of internet hosts, iptables -A INPUT -s ip-address-of-know-host --dport 22 -j ACCEPT > and to reject and log all other ssh >

Re: [gentoo-user] IPtables question

On Wednesday 31 January 2007 20:56, Albert Hopkins wrote: > On Wed, 2007-01-31 at 15:36 -0500, James Colby wrote: > > List members - > > > > I have a small home server that I have connected to the internet > > through a linksys router and cable modem. The linksys router is > > currently forwarding

Re: [gentoo-user] IPtables question

On Wed, 2007-01-31 at 15:36 -0500, James Colby wrote: > List members - > > I have a small home server that I have connected to the internet > through a linksys router and cable modem. The linksys router is > currently forwarding all ssh traffic to my gentoo box. What I would > like to do is set

[gentoo-user] IPtables question

List members - I have a small home server that I have connected to the internet through a linksys router and cable modem. The linksys router is currently forwarding all ssh traffic to my gentoo box. What I would like to do is set up iptables to only allow ssh logins from a small number of inter

Re: [gentoo-user] Iptables

People, The response is in Nelson's mail. Thanks Nelson and thanks to all. On 1/19/07, Pete Pardoe <[EMAIL PROTECTED]> wrote: Alan IPTables support must be compiled into the kernel. I am not in front of my gentoo system so cannot help you find the location in "make menuconfig" but if you po

Re: [gentoo-user] Iptables

Alan IPTables support must be compiled into the kernel. I am not in front of my gentoo system so cannot help you find the location in "make menuconfig" but if you poke around you should be able to locate it. Pete On 1/19/07, Alan McKinnon <[EMAIL PROTECTED]> wrote: On Thursday 18 January 20

Re: [gentoo-user] Iptables

On Thursday 18 January 2007 17:58, Fabrício L. Ribeiro wrote: > How can I install and run iptables (with conntrack and all other > modules) in a Gentoo 2006.1 box with kernel generated by genkernel? > > I tried "emerge iptables", but when I type "iptables -F" I get > something like this: > > FATAL:

RE: [gentoo-user] Iptables

>-Original Message- >From: Fabrício L. Ribeiro [mailto:[EMAIL PROTECTED] >Sent: 18 January 2007 15:59 >To: gentoo-user@lists.gentoo.org >Subject: [gentoo-user] Iptables > > >How can I install and run iptables (with conntrack and all other >modules) in a Ge

Re: [gentoo-user] Iptables

How can I install and run iptables (with conntrack and all other modules) in a Gentoo 2006.1 box with kernel generated by genkernel? I tried "emerge iptables", but when I type "iptables -F" I get something like this: FATAL: Module ip_tables not found. iptables v1.3.5: can't initialize iptables t

[gentoo-user] Iptables

How can I install and run iptables (with conntrack and all other modules) in a Gentoo 2006.1 box with kernel generated by genkernel? I tried "emerge iptables", but when I type "iptables -F" I get something like this: FATAL: Module ip_tables not found. iptables v1.3.5: can't initialize iptables t

Re: [gentoo-user] iptables error

On Thu, 9 Nov 2006 08:40:12 -0800 Tim Garton wrote: > xt_multiport Oh! I've not looked for the solution yet :-( Thanks a lot! that solved my problem! -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas

Re: [gentoo-user] iptables error

perhaps the multiport module?  (xt_multiport)On 11/9/06, Arnau Bria <[EMAIL PROTECTED]> wrote: On Wed, 8 Nov 2006 10:19:10 -0700Richard Fish wrote:> On 11/8/06, Arnau Bria <[EMAIL PROTECTED]> wrote:> I'd suggest you make a copy of this file and try to identify which > rule from this file is causing

Re: [gentoo-user] iptables error

On Wed, 8 Nov 2006 10:19:10 -0700 Richard Fish wrote: > On 11/8/06, Arnau Bria <[EMAIL PROTECTED]> wrote: > I'd suggest you make a copy of this file and try to identify which > rule from this file is causing the error. It is a plain text file, so > you can comment out (with '#' characters) vario

Re: [gentoo-user] iptables error

Hi, On Wed, 8 Nov 2006 17:50:13 +0100 Arnau Bria <[EMAIL PROTECTED]> wrote: > On Wed, 8 Nov 2006 17:33:31 +0100 > Arnau Bria wrote: > > > > As iptables is very depending on the kernel's API, did you > > > - change kernel configuration? > > nop. just make oldconfig with default values for new op

Re: [gentoo-user] iptables error

On 11/8/06, Arnau Bria <[EMAIL PROTECTED]> wrote: Hi, I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop working. I get this error: # iptables-restore < /etc/iptables.noviembre getsockopt failed strangely: No such file or directory I'd suggest you make a copy of this file

Re: [gentoo-user] iptables error

On Wednesday 08 November 2006 15:29, Arnau Bria wrote: > I get this error: > > # iptables-restore < /etc/iptables.noviembre > getsockopt failed strangely: No such file or directory Whenever I get errors like these my first step is to run the command under strace, then follow the reams of output b

Re: [gentoo-user] iptables error

On Wed, 8 Nov 2006 08:20:48 -0800 Tim Garton wrote: > Perhaps try these modules as well? > > gentoo sbin # lsmod > Module Size Used by > xt_tcpudp 7936 1 > iptable_nat10756 1 > ip_nat 21292 1 iptable_nat > ip_conntrack 51332

Re: [gentoo-user] iptables error

On Wed, 8 Nov 2006 17:33:31 +0100 Arnau Bria wrote: > > As iptables is very depending on the kernel's API, did you > > - change kernel configuration? > nop. just make oldconfig with default values for new options. > > - try re-emerging iptables? I've recompiled iptables and I still have same pro

Re: [gentoo-user] iptables error

On Wed, 8 Nov 2006 17:16:20 +0100 Hans-Werner Hilse wrote: > Hi, > > On Wed, 8 Nov 2006 16:29:45 +0100 Arnau Bria <[EMAIL PROTECTED]> > wrote: > > > I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables > > stop working. > > As iptables is very depending on the kernel's API, did you

Re: [gentoo-user] iptables error

Perhaps try these modules as well?gentoo sbin # lsmodModule  Size  Used byxt_tcpudp   7936  1 iptable_nat    10756  1 ip_nat 21292  1 iptable_nat ip_conntrack   51332  2 iptable_nat,ip_natiptable_filter  7296  0 ip_tables  

Re: [gentoo-user] iptables error

Hi, On Wed, 8 Nov 2006 16:29:45 +0100 Arnau Bria <[EMAIL PROTECTED]> wrote: > I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop > working. As iptables is very depending on the kernel's API, did you - change kernel configuration? - try re-emerging iptables? -hwh -- gentoo-us

[gentoo-user] iptables error

Hi, I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop working. I get this error: # iptables-restore < /etc/iptables.noviembre getsockopt failed strangely: No such file or directory I have those modules loaded: # lsmod Module Size Used by iptable_filter

Re: [gentoo-user] iptables wiki

james wrote: > Hello, > > I'm attempting to follow this wiki to build a test firewall running iptables: > http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart > > Kernel is 'hardened' with netfilter et al activated. > > It looks reasonable and is suppose to be up to date. > > My nics ar

[gentoo-user] iptables wiki

Hello, I'm attempting to follow this wiki to build a test firewall running iptables: http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart Kernel is 'hardened' with netfilter et al activated. It looks reasonable and is suppose to be up to date. My nics are set up in /etc/conf.d/net ifac

Re: [gentoo-user] iptables question

On Tue, 28 Mar 2006 19:08:38 +0530 "Hiren Dave" <[EMAIL PROTECTED]> wrote: > Hi, > > I want to configure firewall such that network 192.168.1.0/24 can > only access http server from server1(192.168.0.2/24) and > network 192.168.0.0/24 can not access http server. So I tried this: > > #service ipt

Re: [gentoo-user] iptables question

On 28 March 2006 15:38, Hiren Dave wrote: > Hi, > > I want to configure firewall such that network 192.168.1.0/24 can > only access http server from server1(192.168.0.2/24) and > network 192.168.0.0/24 can not access http server. So I tried this: > > #service iptables stop > #iptables -P INPUT DROP

Re: [gentoo-user] iptables question

On Tuesday 28 March 2006 07:38, "Hiren Dave" <[EMAIL PROTECTED]> wrote about '[gentoo-user] iptables question': > #service iptables stop > #iptables -P INPUT DROP > #iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80 -j ACCEPT > > But this comma

[gentoo-user] iptables question

Hi, I want to configure firewall such that network 192.168.1.0/24 canonly access http server from server1(192.168.0.2/24) andnetwork 192.168.0.0/24 can not access http server. So I tried this: #service iptables stop#iptables -P INPUT DROP#iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80 -j

Re: [gentoo-user] Iptables Tarpit

ahh haven't really played that much with tarpit, thansk for clearing that up :-)On 3/8/06, Dave Jones <[EMAIL PROTECTED] > wrote:Hi Andrew,Andrew Frink wrote on 03/08/06 14:57:> You could also just add the "extensions" USE flag to iptables and that > should give you tarpit support> On 3/7/06, *Dave

Re: [gentoo-user] Iptables Tarpit

Hi Andrew, Andrew Frink wrote on 03/08/06 14:57: > You could also just add the "extensions" USE flag to iptables and that > should give you tarpit support > On 3/7/06, *Dave Jones* < [EMAIL PROTECTED] > > wrote: > Erik Westenbroek wrote on 03/07/06 04:18: > > I

Re: [gentoo-user] Iptables Tarpit

You could also just add the "extensions" USE flag to iptables and that should give you tarpit supportOn 3/7/06, Dave Jones < [EMAIL PROTECTED]> wrote:Erik Westenbroek wrote on 03/07/06 04:18:> I am attempting create a tarpit to protect against SSH Brute force > attempts.  I tried this: --snip--> ip

Re: [gentoo-user] Iptables Tarpit

Erik Westenbroek wrote on 03/07/06 04:18: > I am attempting create a tarpit to protect against SSH Brute force > attempts. I tried this: --snip-- > iptables -A SSH_Brute_Force -p tcp -j TARPIT > After I type the last command typed I got this error message: > iptables: No chain/target/match by tha

Re: [gentoo-user] Iptables Tarpit

I guess TARPIT is not in the default installation of iptables, Ill just use labrea. On 3/6/06, Ryan Tandy <[EMAIL PROTECTED]> wrote: > Erik Westenbroek wrote: > > iptables: No chain/target/match by that name > I don't see a chain or other target named TARPIT - it's not defined > anywhere on the pa

Re: [gentoo-user] Iptables Tarpit

Erik Westenbroek wrote: iptables: No chain/target/match by that name I don't see a chain or other target named TARPIT - it's not defined anywhere on the page you referenced as far as I see, so you may have to dig it up elsewhere. -- gentoo-user@gentoo.org mailing list

[gentoo-user] Iptables Tarpit

hello I am attempting create a tarpit to protect against SSH Brute force attempts. I tried this: iptables -N SSH_Brute_Force iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_Brute_Force iptables -A SSH_Brute_Force -s 192.168.1.254 -j RETURN iptables -A SSH_Brute_Force -m recent --n

[gentoo-user] iptables script tips for ppp0

Hi All, Thanks to Daniel Robbins and his articles I've got the following basic script working on one of my boxes: #(connection to the Internet) UPLINK="eth0" #if you're a router (and thus should forward IP packets between interfaces), #you want ROUTER="yes"; otherwise, R

[gentoo-user] iptables: --state/--syn

Hi, I'm trying to configure some basic iptables rules, and came across to "state" module. Could someone please explain me, what is the main difference between using "--state ESTABLISHED" and "!--syn" options in iptables? I thought I will define rules for incomming ssh-connections as: iptables -

Re: [gentoo-user] iptables question

On Friday 20 January 2006 13:49, Trenton Adams wrote: > Under the *nat rule, > > -A PREROUTING -i eth0 -p tcp -m tcp --dport 58443 -j DNAT --to > 192.168.7.1:443 > > Under the *filter rules. > > -A ADAMS-FW-INPUT -i eth0 -m state --state NEW -m tcp -p tcp > --dport 443 -j ACCEPT I tried similar co

Re: [gentoo-user] iptables question

Under the *nat rule, -A PREROUTING -i eth0 -p tcp -m tcp --dport 58443 -j DNAT --to 192.168.7.1:443 Under the *filter rules. -A ADAMS-FW-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT On 1/20/06, Dmitry S. Makovey <[EMAIL PROTECTED]> wrote: > > somewhat offtopic, but si

[gentoo-user] iptables question

somewhat offtopic, but since I need any help I can get: how do I redirect trafic from outward facing interface (192.168.1.114:80) to loopback device (127.0.0.1:80) ? my most obvious trick: iptables -t nat -A PREROUTING -p tcp -d 192.168.1.114 --dport 80 \ -j DNAT --to 127.0.0.1:80 and

Re: [gentoo-user] iptables / ipp2p

Try this : emerge -s ipp2p emerge show you your ipp2p module. in fact iptables is just command line utility to set rules, modules are not part of iptables itself, modules for iptables are extra module or kernel inside module. On Fri, Dec 16, 2005 at 12:09:58PM +0200, Uwe Thiem wrote: > Hi fo

[gentoo-user] iptables / ipp2p

Hi folks, uwix ~ # iptables -m ipp2p -help iptables v1.3.4: Couldn't load match `ipp2p':/lib/iptables/libipt_ipp2p.so: cannot open shared object file: No such file or directory uwix ~ # emerge --pretend --verbose iptables These are the packages that I would merge, in order: Calculating depend

[gentoo-user] iptables and kernel help

hi, I'm failing to get iptables working. was trying built into kernel, no success then tried built as modules and ip_tables module loads but still get errors like: iptables -F iptables v1.3.4: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptabl

[gentoo-user] iptables init script

Hi gentoo list !!! I am using iptables 1.2.11-r3 and iptables init.d script doesn´t do it´s work; had run '/etc/init.d/iptables save' and 'rc-update add iptables default' but, when the system boots it does not restore the iptables rules some one could help me with that !!! thanks, Allan --

Re: [gentoo-user] [Iptables related] How to make one machine only talk on loc lan

On Sat, 12 Nov 2005, Harry Putnam wrote: > Machines 3-5 are heavy hitters for graphics work and are heavily > loaded with such things as Photoshop, vegas, canopus Edius, Adobe > Illustrator and the like. > > I don't want to have to worry about spyware,adware,virus prevention > firewall stuff compe

Re: [gentoo-user] [Iptables related] How to make one machine only talk on loc lan

The netgear will do it. you can give it ip addresses to block. look at the schedule setups. set them up only to be able to access the internet for, say a second on sunday at 3 am, and not for the rest of the time On Saturday 12 November 2005 17:35, Harry Putnam wrote: > Hopefully somehere

[gentoo-user] [Iptables related] How to make one machine only talk on loc lan

Hopefully somehere can direct me to where this should be posted or answer it directly. I'm looking to my Gentoo box to solve the problem described below: First: My home lan looks like: INTERNET | DSLMODEM | -

Re: [gentoo-user] iptables on gentoo

On Thu, 27 Oct 2005, James wrote: > Question 1: > I'm planning on using nmap and nessus to test from the outside(internet) > inward). On the inside I plan on using snort, an monitoring the various > log files. Any further suggestions on testing? Plain ole telnet works for testing protocols too ;

[gentoo-user] iptables on gentoo

Hello, Well, after much reading and studying of iptables, I have written different rules for different workstations and firewalls. It's time to begin testing. Question 1: I'm planning on using nmap and nessus to test from the outside(internet) inward). On the inside I plan on using snort, an mon

Re: [gentoo-user] iptables example on Gentoo

Hi Dave, * Dave Nebinger <[EMAIL PROTECTED]>, Friday, September 9, 2005, 4:23:07 PM: >>> Dude, trying to use iptables directly was your first mistake. >> no, it wasn't. >> >> I have written some "small" example script >> http://forums.gentoo.org/viewtopic.php?p=377447 >> that (IMO) is quite modu

Re: [gentoo-user] iptables example on Gentoo

Dude, trying to use iptables directly was your first mistake. no, it wasn't. I have written some "small" example script http://forums.gentoo.org/viewtopic.php?p=377447 that (IMO) is quite modular... Yes, Timo, it is quite modular and quite thorough. It represents a great job at developing a

Re: [gentoo-user] iptables example on Gentoo

Hi Dave, * Dave Nebinger <[EMAIL PROTECTED]>, Tuesday, September 6, 2005, 7:39:53 PM: >> I've been trying to build a simple firewall with a DMZ for a >> web server. > Dude, trying to use iptables directly was your first mistake. no, it wasn't. I have written some "small" example script http://

Re: [gentoo-user] iptables advice for stand alone box under different usage scenarios

Okay, Mike, here goes... For the gentoo box to act as the router/gateway/hub, you need more than one ethernet card in the box. Typically eth0 will be the outward facing card (towards the net), and eth{1,2,...} will be inward facing cards. Just having the cards installed in the box is not en

[gentoo-user] iptables advice for stand alone box under different usage scenarios

Hi All, I know that this has been talked to death, but can I please ask for your patience as I don't yet feel confident enough to push on without some more specific advice. I am contemplating two different set ups as shown is the two diagrams below: ==DIAGRAM A

RE: [gentoo-user] iptables example on Gentoo

Wow, that is news to me... I've always just banged out iptables rules and then saved them... On Tue, 6 Sep 2005, Dave Nebinger wrote: I've been trying to build a simple firewall with a DMZ for a web server. Dude, trying to use iptables directly was your first mistake. Take a spin out and lo

Re: [gentoo-user] iptables example on Gentoo

Dave Nebinger schreef: >> I've been trying to build a simple firewall with a DMZ for a web >> server. > > > Dude, trying to use iptables directly was your first mistake. > > Take a spin out and look at shorewall (I'm sure others have different > recommendations). > > Shorewall will get you up

RE: [gentoo-user] iptables example on Gentoo

> I've been trying to build a simple firewall with a DMZ for a > web server. Dude, trying to use iptables directly was your first mistake. Take a spin out and look at shorewall (I'm sure others have different recommendations). Shorewall will get you up and running in no time and will easily hand

[gentoo-user] iptables example on Gentoo

Hello, I've been trying to build a simple firewall with a DMZ for a web server. x.x.x.x is the local single static IP y.y.y.y is the gateway IP. z.z.z.z is the broadcast. Outward access is working (ip and dns) Currently the dns servers I use are the cable modem company's, and they work just fine,

RE: [gentoo-user] iptables

age- From: Neil Bothwick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 30, 2005 5:56 AM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] iptables On Tue, 30 Aug 2005 11:43:26 +0200, Holly Bostick wrote: > > "We recommend you enable _everything_ except ipchains support a

Re: [gentoo-user] iptables

On Tue, 30 Aug 2005 11:43:26 +0200, Holly Bostick wrote: > > "We recommend you enable _everything_ except ipchains support and > > ipfwadm support as modules under this menu" > > I never read this as meaning that everything should be selected, but > rather that everything that you select under th

Re: [gentoo-user] iptables

John Dangler schreef: > Holly~ The Firestarter kernel requirements doc says - > > *Device drivers *Networking support [y] *Networking support > *Networking options *Network packet filtering [y] *Network packet > filtering IP: Netfilter Configuration (*) > > "We recommend you enable _everything_

Re: [gentoo-user] iptables

Hi, On Tue, 30 Aug 2005 00:54:47 -0400 "John Dangler" <[EMAIL PROTECTED]> wrote: > yep. it's a bug. As soon as I remove iptables from the kernel config, > ipw2100,ieee80211_crypt_tkip, ieee80211_crypt_ccmp, ieee80211_crypt_wep, > ieee80211 all show up fine in lsmod. no dmesg errors, and eth1 (w

RE: [gentoo-user] iptables

ssage- From: John Dangler [mailto:[EMAIL PROTECTED] Sent: Monday, August 29, 2005 11:36 PM To: gentoo-user@lists.gentoo.org Subject: RE: [gentoo-user] iptables ok. I got a clean kernel and removed iptables and firestarter. I then went into the kernel config and _only_ turned on iptable support

RE: [gentoo-user] iptables

PROTECTED] Sent: Monday, August 29, 2005 10:36 PM To: gentoo-user@lists.gentoo.org Subject: RE: [gentoo-user] iptables Holly~ The Firestarter kernel requirements doc says - *Device drivers *Networking support [y] *Networking support *Networki

RE: [gentoo-user] iptables

2 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] iptables John Dangler schreef: > I emerged firestarter (during which I got iptables), and forgot that I > didn't have iptables emerged prior. I went into the kernel and selected (as > the doc I found suggests) Oh, Joh

Re: [gentoo-user] iptables

iptables has an "extensions" use flag which you may or may not need depending on what the firestarter scripts do. After installing modules, you need to run modules-update to get the modules database sorted out. This may fix the symbol error. In some cases, you need to reboot into the new kernel

Re: [gentoo-user] iptables

John Dangler schreef: > I emerged firestarter (during which I got iptables), and forgot that I > didn't have iptables emerged prior. I went into the kernel and selected (as > the doc I found suggests) Oh, John, to hell with "the doc you found" (which look to be from the Wiki). No offense to the

[gentoo-user] iptables

I emerged firestarter (during which I got iptables), and forgot that I didn't have iptables emerged prior. I went into the kernel and selected (as the doc I found suggests) all of the options as modules under iptables. (The doc also says that if they are compiled as modules, I didn't need to reboo

[gentoo-user] iptables rules managed from php & mysql

Hi, I would like to know if anybody used mysql to store and load the rules for iptables and if there is any script for this allready available or any sugestions. ( Personally I woul like to try a combination of mysql + php + iptables to be able to remotely control the firewall, and I do no

Re: [gentoo-user] iptables

On 8/26/05, John Dangler <[EMAIL PROTECTED]> wrote: I'm reading through the wiki doc on setting up iptables.  There is a sectionthere that sets up a file called firewall.shi've emerged iptables, but I don't have a file by that name on the system,and it seems that running "/etc/init.d/iptables save"

Re: [gentoo-user] iptables

On Thu, 25 Aug 2005, John Dangler wrote: > I'm reading through the wiki doc on setting up iptables. There is a section > there that sets up a file called firewall.sh > i've emerged iptables, but I don't have a file by that name on the system, Probably a script the wiki author created perhaps...

Re: [gentoo-user] iptables

Once you run the rules once and run save, they will then be reloaded from that location (/var/lib/iptables/rules-save) by /etc/init.d/iptables start. The init.d script uses iptables-restore and iptables-save underneath. Eric C On Thu, 2005-08-25 at 23:17 -0400, John Dangler wrote: > I'm reading t

[gentoo-user] iptables

I'm reading through the wiki doc on setting up iptables. There is a section there that sets up a file called firewall.sh i've emerged iptables, but I don't have a file by that name on the system, and it seems that running "/etc/init.d/iptables save" writes this file as /var/lib/iptables/rules-save

Re: [gentoo-user] IPtables statefull connection capable

> Hi, > > On Tue, 5 Jul 2005 15:52:20 +0200 (CEST) > "Patrick Marquetecken" <[EMAIL PROTECTED]> wrote: > >> If I’m correct then iptables is statefull connection capable, this means >> I >> should not use rules like: >> If state of connection is ESTABLISHED ... >> If state of connection is RELATED

Re: [gentoo-user] IPtables statefull connection capable

Hi, On Tue, 5 Jul 2005 15:52:20 +0200 (CEST) "Patrick Marquetecken" <[EMAIL PROTECTED]> wrote: > If I’m correct then iptables is statefull connection capable, this means I > should not use rules like: > If state of connection is ESTABLISHED ... > If state of connection is RELATED ... > > and i m

RE: [gentoo-user] IPtables statefull connection capable

> If I'm correct then iptables is statefull connection capable, this means I > should not use rules like: > If state of connection is ESTABLISHED ... > If state of connection is RELATED ... Stateful connection means that you can have a simple rule up front to allow for established and related conn

[gentoo-user] IPtables statefull connection capable

Hi, If I’m correct then iptables is statefull connection capable, this means I should not use rules like: If state of connection is ESTABLISHED ... If state of connection is RELATED ... and i my use only: If protocol is TCP and source is bla bla and destination port is bla bla and state of connec

Re: [gentoo-user] iptables blocks ssh

Antonio Coralles wrote: > gentoo-user@lists.gentoo.org wrote: > > >>On Wed, 8 Jun 2005, Antonio Coralles wrote: >> >> >>>I've recently turned my workstation into a router for my laptop, using >>>the great gentoo home router guide. Everthing is ok so far, with one >>>exception: I can't connect to

Re: [gentoo-user] iptables and servername

On Thu, 9 Jun 2005, Patrick wrote: > I'm having trouble with iptables and http. > Before i have activated iptables i could access my server with a name in my > local /etc/hosts, after activating iptables i can only connect with the > ipaddress or his FQDN. > This local name is different or does

Re: [gentoo-user] iptables blocks ssh

gentoo-user@lists.gentoo.org wrote: > On Wed, 8 Jun 2005, Antonio Coralles wrote: > >> I've recently turned my workstation into a router for my laptop, using >> the great gentoo home router guide. Everthing is ok so far, with one >> exception: I can't connect to my ssh server anymore from outside

[gentoo-user] iptables and servername

Hi, I'm having trouble with iptables and http. Before i have activated iptables i could access my server with a name in my local /etc/hosts, after activating iptables i can only connect with the ipaddress or his FQDN. This local name is different or does not exists in the host file on the server

Re: [gentoo-user] iptables blocks ssh

On Wed, 8 Jun 2005, Antonio Coralles wrote: > I've recently turned my workstation into a router for my laptop, using > the great gentoo home router guide. Everthing is ok so far, with one > exception: I can't connect to my ssh server anymore from outside the > LAN, becuase iptables seems to preven

Re: [gentoo-user] iptables blocks ssh

gentoo-user@lists.gentoo.org wrote: > I've recently turned my workstation into a router for my laptop, using > the great gentoo home router guide. Everthing is ok so far, with one > exception: I can't connect to my ssh server anymore from outside the > LAN, becuase iptables seems to prevent this,

Re: [gentoo-user] iptables blocks ssh

--- Antonio Coralles <[EMAIL PROTECTED]> wrote: > I've recently turned my workstation into a router > for my laptop, using > the great gentoo home router guide. Everthing is ok > so far, with one > exception: I can't connect to my ssh server anymore > from outside the > LAN, becuase iptables see

[gentoo-user] iptables blocks ssh

I've recently turned my workstation into a router for my laptop, using the great gentoo home router guide. Everthing is ok so far, with one exception: I can't connect to my ssh server anymore from outside the LAN, becuase iptables seems to prevent this, allthough i # iptables -A INPUT -p TCP --dpor

Re: [gentoo-user] iptables

Sure I'd like to try your iptables executable, how can I get it? rgds gaco --- rob3 <[EMAIL PROTECTED]> escribió: > pepe antartico wrote: > > >thank's, I know it is rare, but I forgot to write > that > >it's not the first time I recompile the kernel, I > >should've do it at least 8 or 9 times, a

Re: [gentoo-user] iptables

pepe antartico wrote: >thank's, I know it is rare, but I forgot to write that >it's not the first time I recompile the kernel, I >should've do it at least 8 or 9 times, and it only >failed when iptables where added. >After the crash I booted from the old kernel and >compile it again whitout iptabl

Re: [gentoo-user] iptables

by the way, the "console framebuffer support" was not enabled. rgds --- pepe antartico <[EMAIL PROTECTED]> escribió: > thank's, I know it is rare, but I forgot to write > that > it's not the first time I recompile the kernel, I > should've do it at least 8 or 9 times, and it only > failed when ipta

Re: [gentoo-user] iptables

thank's, I know it is rare, but I forgot to write that it's not the first time I recompile the kernel, I should've do it at least 8 or 9 times, and it only failed when iptables where added. After the crash I booted from the old kernel and compile it again whitout iptables,boot from the new bzImage,

Re: [gentoo-user] iptables

On Wed, 11 May 2005, pepe antartico wrote: > I have a very strange and annoying problem, please > need help. > I added iptables support and recompiled my kernel (is > 2.6.11.7), then when rebooting, the startup sequence > stops after 10 or 15 seconds and freezes in a blank > screen. I tried recomp

[gentoo-user] iptables

I have a very strange and annoying problem, please need help. I added iptables support and recompiled my kernel (is 2.6.11.7), then when rebooting, the startup sequence stops after 10 or 15 seconds and freezes in a blank screen. I tried recompiling the kernel with iptables as modules and got the s

Re: [gentoo-user] Iptables under IPV6 and USE questions.

Walter Dnes wrote: 1) First I'll have to rebuild my kernel with IPV6 support and reboot? Yes. You'll also need to enable the appropriate IPv6 netfilter options in your kernel. 2) I don't see the ip6tables binary anywhere on my system. Do I simply set +ipv6 in USE in /etc/make.conf and then run

[gentoo-user] Iptables under IPV6 and USE questions.

My ISP appears to have at least some support for IPV6, which I can access even going through a NAT'ing ADSL-modem-cum-router. I know this because I got bitten by the Gentoo mirrorselect booby-trap when I installed. Now for the questions... 1) First I'll have to rebuild my kernel with IPV6 su

<    1   2   3   >