Displaying 20 results from an estimated 20000 matches similar to: "iptables logging - HELP"
2007 Mar 06
0
iptables logging
I am having below 3 rules for Logging with iptables . They are INPUT,FORWARD
and OUTPUT chains.
#Log INPUT chain
iptables -A INPUT -j LOG --log-level 7 --log-prefix "INPUT: "
#Log FORWARD chain
iptables -A FORWARD -j LOG --log-level 7 --log-prefix "FORWARD: "
#Log OUTPUT chain
iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "OUTPUT: "
In addition to that, I
2008 Dec 04
4
iptables questionson CentOS
Hi,
I know these are a few iptbales questions. NOT CentOS, anyway, I am
running a firewall on centos 5.x.
If you can response, it would be fine.
I want to add a SNAT rule for one user in LAN to access one particular
destination on the internet.
Let's say www.centos.org
I added the below rule. But . it does NOT work
Pls assume 1.2.3.4 is the real ip of the firewall.
ip address
2007 Sep 25
1
DNAT PREROUTING issue with iptables
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address -
1.2.3.4/29) to the internet ip
2007 Mar 07
4
PREROUTING - DNAT with iptables for an ASTERISK BOX
Hi,
I am running a ASTERISK BOX behind a firewall. It is at DMZ .
Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT.
How can I do it?
Pls assume that ip address that connects to Internet on firewall is
1.2.3.4and is attached to eth0.
And ASTERISK BOX is 192.168.101.23
Then, What is the rule (PREROUTING) for it? What is the port to DNAT?
I think udp 5060. So I have
2007 Sep 25
7
DNAT PREROUTING issue with IPTABLES
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address -
1.2.3.4/29) to the internet ip
2007 Aug 10
0
Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)
Hi Paolo Malfatti,
Thanks for your script. It works fine.
I get what I expect.
THANK you all the way until it comes to an end.
FOR the benifit for evryone in the LIST.
HERE IS the SCRIPT AGAIN.
INTERFAZ_LAN=eth0
FULLBANDWIDTH=256
BANDWIDTH4LAN=64
tc qdisc del root dev $INTERFAZ_LAN
tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4
tc class add dev $INTERFAZ_LAN parent 1: classid 1:2
2007 Feb 17
2
HOW to enable traceroute with IPTABLES
Hi,
I am setting up a firewall on CENTOS 4.4.
I have done default block
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
I have enabled ICMP to www.google.com
iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT
iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT
Ping works fine as below
[root at firebox rc.d]# ping 64.233.189.104
PING 64.233.189.104 (
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
-------- Original Message --------
Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP)
Date: Fri, 05 Oct 2007 12:17:42 +0530
From: Mohan Sundaram <smohan@vsnl.com>
Reply-To: smohan@vsnl.com
To: Indunil Jayasooriya <indunil75@gmail.com>
References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com>
Indunil Jayasooriya wrote:
> Hi all,
>
> I want to run
2007 Jan 08
0
TC on multiple nics
Happy New Year.
Finally got my fw and tc rules down pat for the bridge, now interested
in introducing a third nic to have nat on the box as well. Does anyone
have a idea of a good place to start reading up on the subject, mainly
interested in how to setup the flow direction to start with as to get a
overall understanding of the flow, found that help best.
Internet --- eth0 --- eth1 ---
2006 Nov 09
8
How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi,
I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as
my local network users always go there.
How Can I do it?
I am not runnig iptables as a script nor have I put anything in my rc.local.
But instaed, I input the commands and save it by using the below cmmand
/etc/init.d/iptables save
and I restart it
/etc/init.d/iptables restart
My box runs on Cent OS 4.4.
Help
2005 Dec 27
3
Ingress policing (matching netfilter marks)
Hi,
I''m having issues with policing my incoming traffic by matching packet marks
made by iptables. I''ve checked as many sites and guides as I can find, and I
seem to be doing the exact same thing as they all are, but there''s still no
success. As such, I was wondering if anyone can have a quick look to see if
I''ve done anything obviously stupid?
Essentially, I
2007 Jun 25
0
Re: CentOS Digest, Vol 29, Issue 25
On Mon, June 25, 2007 08:00, centos-request at centos.org wrote:
> Send CentOS mailing list submissions to
> centos at centos.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.centos.org/mailman/listinfo/centos
> or, via email, send a message with subject or body 'help' to
> centos-request at centos.org
>
> You can reach the
2007 Jun 12
1
How to setup both Transpaent Proxy and firewall on the same Machine.
Hi ALL,
I want to setup Transpaent Proxy on the box running iptables Firewall.
With iptables, I have given below rules.
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle
#Enabling ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
#enable syn cookies (prevent against the common 'syn flood attack')
echo "1"
2007 Feb 20
0
Fwd: Fwd: HOW to enable traceroute with IPTABLES(SLOVED)
Hi all,
That issue is over now. I found why my ESTABLISHED,RELATED rule at the top
of INPUT chain did not work for udp and icmp.
The reason was I have included the protocol as tcp as below
iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j
ACCEPT
I removed -p tcp from above rule. Now it works for all protocols.
Thanks for your support.
---------- Forwarded message
2019 Oct 09
2
[Bug 1370] New: iptables-restore-translate
https://bugzilla.netfilter.org/show_bug.cgi?id=1370
Bug ID: 1370
Summary: iptables-restore-translate
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter:
2004 Jan 14
0
Precedence of iptables chain, local routing table and newly created routing table
Hi,
I been trying on ip rule fwmark and iptables MARK.
I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others?
Network Diagram
------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client
Steps (performed on LINUX ROUTER)
(1) Delete route to 192.168.8.0 from
2007 Dec 12
1
Re: LARTC Digest, Vol 34, Issue 12
Hey Marek,
I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well
formed my kernel. My others TC rules for source IP address (not for MAC
address) does work fine...!!!, the problem is whith the MAC because is a not
"IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it,
and if i make an analogy from my others INGRESS rules applied to Src
2007 Aug 08
0
Allocating 64 kbits/s out of 256 kbits/s for one LAN behind firewall
Hi,
I have a CENTOS BOX as a firewall . both iptabes and iproute 2 are running
on it.
pls see bleow for installed RPMs.
[root at firebox ~]# rpm -qa |grep iptables
iptables-1.2.11-3.1.RHEL4
[root at firebox ~]# rpm -qa |grep iproute
iproute-2.6.9-3.EL4.7
It has 3 ethernet cards.
pls see below.
eth0 - internet ip (pls asume. 1.2.3.4/29 ). it connects to ISP router.
eth1 - 192.168.100.254
2007 Sep 12
4
ASTERISK BOX behind a filewall
Hi All,
I want to put a ASTERISK BOX bend a Firewall. So I have given below rules.
iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports
3478,4569,5060 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state
--state NEW -j ACCEPT
iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport
--dports 3478,4569,5060 -j DNAT
2005 Jul 07
1
HELP PLEASE BITTORRENT SHAPING (HTB)
Ok, earlier I post a message explaining my problem with HTB and layer7 (or
ipp2p), about not being able to shape the traffic. Well, actually this is
what''s happening, I''m marking the packets (right now, I''m using ipp2p as
Klaus adviced me to) with iptables, and my queue rules are made using tcng,
I''m using the HTB qdisc, and traffic is going to the HTB class