similar to: iptables logging - HELP

Displaying 20 results from an estimated 20000 matches similar to: "iptables logging - HELP"

2007 Mar 06
0
iptables logging
I am having below 3 rules for Logging with iptables . They are INPUT,FORWARD and OUTPUT chains. #Log INPUT chain iptables -A INPUT -j LOG --log-level 7 --log-prefix "INPUT: " #Log FORWARD chain iptables -A FORWARD -j LOG --log-level 7 --log-prefix "FORWARD: " #Log OUTPUT chain iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "OUTPUT: " In addition to that, I
2008 Dec 04
4
iptables questionson CentOS
Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address
2007 Sep 25
1
DNAT PREROUTING issue with iptables
Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address - 1.2.3.4/29) to the internet ip
2007 Mar 07
4
PREROUTING - DNAT with iptables for an ASTERISK BOX
Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have
2007 Sep 25
7
DNAT PREROUTING issue with IPTABLES
Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip
2007 Aug 10
0
Re: Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall (SOLVED)
Hi Paolo Malfatti, Thanks for your script. It works fine. I get what I expect. THANK you all the way until it comes to an end. FOR the benifit for evryone in the LIST. HERE IS the SCRIPT AGAIN. INTERFAZ_LAN=eth0 FULLBANDWIDTH=256 BANDWIDTH4LAN=64 tc qdisc del root dev $INTERFAZ_LAN tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4 tc class add dev $INTERFAZ_LAN parent 1: classid 1:2
2007 Feb 17
2
HOW to enable traceroute with IPTABLES
Hi, I am setting up a firewall on CENTOS 4.4. I have done default block iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP I have enabled ICMP to www.google.com iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT Ping works fine as below [root at firebox rc.d]# ping 64.233.189.104 PING 64.233.189.104 (
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run
2007 Jan 08
0
TC on multiple nics
Happy New Year. Finally got my fw and tc rules down pat for the bridge, now interested in introducing a third nic to have nat on the box as well. Does anyone have a idea of a good place to start reading up on the subject, mainly interested in how to setup the flow direction to start with as to get a overall understanding of the flow, found that help best. Internet --- eth0 --- eth1 ---
2006 Nov 09
8
How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help
2005 Dec 27
3
Ingress policing (matching netfilter marks)
Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I
2007 Jun 25
0
Re: CentOS Digest, Vol 29, Issue 25
On Mon, June 25, 2007 08:00, centos-request at centos.org wrote: > Send CentOS mailing list submissions to > centos at centos.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.centos.org/mailman/listinfo/centos > or, via email, send a message with subject or body 'help' to > centos-request at centos.org > > You can reach the
2007 Jun 12
1
How to setup both Transpaent Proxy and firewall on the same Machine.
Hi ALL, I want to setup Transpaent Proxy on the box running iptables Firewall. With iptables, I have given below rules. iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -F -t nat iptables -F -t mangle #Enabling ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward #enable syn cookies (prevent against the common 'syn flood attack') echo "1"
2007 Feb 20
0
Fwd: Fwd: HOW to enable traceroute with IPTABLES(SLOVED)
Hi all, That issue is over now. I found why my ESTABLISHED,RELATED rule at the top of INPUT chain did not work for udp and icmp. The reason was I have included the protocol as tcp as below iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT I removed -p tcp from above rule. Now it works for all protocols. Thanks for your support. ---------- Forwarded message
2019 Oct 09
2
[Bug 1370] New: iptables-restore-translate
https://bugzilla.netfilter.org/show_bug.cgi?id=1370 Bug ID: 1370 Summary: iptables-restore-translate Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:
2004 Jan 14
0
Precedence of iptables chain, local routing table and newly created routing table
Hi, I been trying on ip rule fwmark and iptables MARK. I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others? Network Diagram ------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client Steps (performed on LINUX ROUTER) (1) Delete route to 192.168.8.0 from
2007 Dec 12
1
Re: LARTC Digest, Vol 34, Issue 12
Hey Marek, I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well formed my kernel. My others TC rules for source IP address (not for MAC address) does work fine...!!!, the problem is whith the MAC because is a not "IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it, and if i make an analogy from my others INGRESS rules applied to Src
2007 Aug 08
0
Allocating 64 kbits/s out of 256 kbits/s for one LAN behind firewall
Hi, I have a CENTOS BOX as a firewall . both iptabes and iproute 2 are running on it. pls see bleow for installed RPMs. [root at firebox ~]# rpm -qa |grep iptables iptables-1.2.11-3.1.RHEL4 [root at firebox ~]# rpm -qa |grep iproute iproute-2.6.9-3.EL4.7 It has 3 ethernet cards. pls see below. eth0 - internet ip (pls asume. 1.2.3.4/29 ). it connects to ISP router. eth1 - 192.168.100.254
2007 Sep 12
4
ASTERISK BOX behind a filewall
Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT
2005 Jul 07
1
HELP PLEASE BITTORRENT SHAPING (HTB)
Ok, earlier I post a message explaining my problem with HTB and layer7 (or ipp2p), about not being able to shape the traffic. Well, actually this is what''s happening, I''m marking the packets (right now, I''m using ipp2p as Klaus adviced me to) with iptables, and my queue rules are made using tcng, I''m using the HTB qdisc, and traffic is going to the HTB class