similar to: iptables logging - HELP

I am having below 3 rules for Logging with iptables . They are INPUT,FORWARD and OUTPUT chains. #Log INPUT chain iptables -A INPUT -j LOG --log-level 7 --log-prefix "INPUT: " #Log FORWARD chain iptables -A FORWARD -j LOG --log-level 7 --log-prefix "FORWARD: " #Log OUTPUT chain iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "OUTPUT: " In addition to that, I

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi Paolo Malfatti, Thanks for your script. It works fine. I get what I expect. THANK you all the way until it comes to an end. FOR the benifit for evryone in the LIST. HERE IS the SCRIPT AGAIN. INTERFAZ_LAN=eth0 FULLBANDWIDTH=256 BANDWIDTH4LAN=64 tc qdisc del root dev $INTERFAZ_LAN tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4 tc class add dev $INTERFAZ_LAN parent 1: classid 1:2

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hi, I am setting up a firewall on CENTOS 4.4. I have done default block iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP I have enabled ICMP to www.google.com iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT Ping works fine as below [root at firebox rc.d]# ping 64.233.189.104 PING 64.233.189.104 (

Happy New Year. Finally got my fw and tc rules down pat for the bridge, now interested in introducing a third nic to have nat on the box as well. Does anyone have a idea of a good place to start reading up on the subject, mainly interested in how to setup the flow direction to start with as to get a overall understanding of the flow, found that help best. Internet --- eth0 --- eth1 ---

Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

On Mon, June 25, 2007 08:00, centos-request at centos.org wrote: > Send CentOS mailing list submissions to > centos at centos.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.centos.org/mailman/listinfo/centos > or, via email, send a message with subject or body 'help' to > centos-request at centos.org > > You can reach the

Hi ALL, I want to setup Transpaent Proxy on the box running iptables Firewall. With iptables, I have given below rules. iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -F -t nat iptables -F -t mangle #Enabling ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward #enable syn cookies (prevent against the common 'syn flood attack') echo "1"

Hi all, That issue is over now. I found why my ESTABLISHED,RELATED rule at the top of INPUT chain did not work for udp and icmp. The reason was I have included the protocol as tcp as below iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT I removed -p tcp from above rule. Now it works for all protocols. Thanks for your support. ---------- Forwarded message

https://bugzilla.netfilter.org/show_bug.cgi?id=1370 Bug ID: 1370 Summary: iptables-restore-translate Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

Hi, I been trying on ip rule fwmark and iptables MARK. I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others? Network Diagram ------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client Steps (performed on LINUX ROUTER) (1) Delete route to 192.168.8.0 from

Hey Marek, I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well formed my kernel. My others TC rules for source IP address (not for MAC address) does work fine...!!!, the problem is whith the MAC because is a not "IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it, and if i make an analogy from my others INGRESS rules applied to Src

Hi, I have a CENTOS BOX as a firewall . both iptabes and iproute 2 are running on it. pls see bleow for installed RPMs. [root at firebox ~]# rpm -qa |grep iptables iptables-1.2.11-3.1.RHEL4 [root at firebox ~]# rpm -qa |grep iproute iproute-2.6.9-3.EL4.7 It has 3 ethernet cards. pls see below. eth0 - internet ip (pls asume. 1.2.3.4/29 ). it connects to ISP router. eth1 - 192.168.100.254

Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT

Ok, earlier I post a message explaining my problem with HTB and layer7 (or ipp2p), about not being able to shape the traffic. Well, actually this is what''s happening, I''m marking the packets (right now, I''m using ipp2p as Klaus adviced me to) with iptables, and my queue rules are made using tcng, I''m using the HTB qdisc, and traffic is going to the HTB class