Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/iptables/user/ en-us (c) Gossamer Threads Inc. All rights reserved. 25 Nov 2009 16:34:11 -0800 120 75 23 http://www.gossamer-threads.com/lists/iptables/user/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg gmane has picked up the new lists, marc.info probably also (if not it will soon), so effective immediately, I'm disabling subscriptions and postings t 20 Sep 2007 03:51:23 -0800 http://www.gossamer-threads.com/lists/iptables/user/69119 Hi folks, This is one of those problems where the best solution may just be "don't do that", but here's my question for what it's worth: I 18 Sep 2007 09:28:24 -0800 http://www.gossamer-threads.com/lists/iptables/user/69108 Hi, I am working with SNAT and DNAT rules. When I send a packet {[IP1]} out it goes through the SNAT rules and source field in ip header gets changed 18 Sep 2007 04:47:03 -0800 http://www.gossamer-threads.com/lists/iptables/user/69099 Just a reminder, the netfilter and netfilter-devel lists have moved to kernel.org, you can subscribe to the new lists at http://vger.kernel.org/vger- 18 Sep 2007 04:35:21 -0800 http://www.gossamer-threads.com/lists/iptables/user/69097 I run RHEL3 with kernel 2.4.21-32.0.1.ELsmp. Yesterday morning I started to play with iptables on this server and yesterday evening I had kernel crash 17 Sep 2007 03:39:14 -0800 http://www.gossamer-threads.com/lists/iptables/user/69076 This is on a machine sitting behind another firewall. It runs debian, with debian linux-image-2.6.18-5-686 2.6.18.dfsg.1-13etch2. Once in a while, w 16 Sep 2007 16:38:43 -0800 http://www.gossamer-threads.com/lists/iptables/user/69073 hi, i am trying to set up routing of all outgoing http-requests on my workstation through my openvpn gateway (tun0). the web told me to do it: ipta 15 Sep 2007 16:15:45 -0800 http://www.gossamer-threads.com/lists/iptables/user/69069 Re! Ok, sorry to bother you, I missed the email announcement of the migration. :) Best wishes, René. -- )\._.,--....,'``. Let GNU/Linux wor 15 Sep 2007 10:38:45 -0800 http://www.gossamer-threads.com/lists/iptables/user/69064 Hello! It seems there's something wrong with the http://ipset.netfilter.org/ site. I get an 403 Forbidden when trying to get it. Has the project move 15 Sep 2007 10:25:10 -0800 http://www.gossamer-threads.com/lists/iptables/user/69068 Harald Welte wrote: > I don't have an annotated photo, but maybe somebody wants to make one > using the following data: > > (all from left to right) 15 Sep 2007 03:40:13 -0800 http://www.gossamer-threads.com/lists/iptables/user/69054 On Wed, Sep 12, 2007 at 08:30:48PM +0200, Jan Engelhardt wrote: > > On Sep 12 2007 12:36, Patrick McHardy wrote: > > The netfilter and netfilter-deve 15 Sep 2007 02:37:45 -0800 http://www.gossamer-threads.com/lists/iptables/user/69056 Hi, Is there's anyway to use INPUT chain with uid-owner ? something like that : iptables -A INPUT -p tcp -mowner --uid-owner root --dport 80 -j DRO 13 Sep 2007 05:20:18 -0800 http://www.gossamer-threads.com/lists/iptables/user/69044 Hi, Are there any examples of using IPTABLES with explanations of each command on Linux? Regards, Dan 13 Sep 2007 04:40:02 -0800 http://www.gossamer-threads.com/lists/iptables/user/69042 Hi! There will be an administrative downtime of pracitcally all netfilter.org services during the next couple of days (thursday/friday). I don't real 12 Sep 2007 08:37:42 -0800 http://www.gossamer-threads.com/lists/iptables/user/69037 The netfilter and netfilter-devel mailinglists are moving to kernel.org, you can subscribe to the new lists at: http://vger.kernel.org/vger-lists.htm 12 Sep 2007 03:36:33 -0800 http://www.gossamer-threads.com/lists/iptables/user/69030 Hi, :) Here is the situation: I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my LAN, and eth1 (192.168.0.20) connected to Int 11 Sep 2007 15:36:53 -0800 http://www.gossamer-threads.com/lists/iptables/user/69027 Hi. I have problem in following scenario: 3 routers A, B, C: router A: eth0--> DSL ( public IP ) eth1 --> 192.168.0.1 ( local network ) routing t 11 Sep 2007 14:54:25 -0800 http://www.gossamer-threads.com/lists/iptables/user/69026 Hi, My goal is to modify the source IP address of local processed packets but it has to be done before any routing (so the packet will be directed 11 Sep 2007 08:31:15 -0800 http://www.gossamer-threads.com/lists/iptables/user/69024 How I can combine a few addresses in one rule? For example, I'd like to add two IPs 10.10.10.1 and 10.10.10.2 to the same rule. ______________ 11 Sep 2007 04:52:19 -0800 http://www.gossamer-threads.com/lists/iptables/user/69021 Hello everybody, i need to know the possibilities of iptables for the following setup.. My gateway security device has three interfaces Device-1 -- 11 Sep 2007 04:50:05 -0800 http://www.gossamer-threads.com/lists/iptables/user/69020 Hi all, I just introduced a new 10Mbit/s line into my network, and I'm severely rusty on iptables and experiencing some trouble setting up my rules p 10 Sep 2007 08:17:13 -0800 http://www.gossamer-threads.com/lists/iptables/user/69015 First of all, I'll explain my network setup. My gateway has two network interfaces: eth0 & eth1. eth0 (192.168.1.1) is connected to public netw 10 Sep 2007 05:18:48 -0800 http://www.gossamer-threads.com/lists/iptables/user/69014 Dear All, For the Firewall setting, how can we use the ftp and ssh service ? For file 1 : #!/bin/bash modprobe ip_tables modprobe ip_nat_ftp modpr 08 Sep 2007 04:56:08 -0800 http://www.gossamer-threads.com/lists/iptables/user/69001 Greetings, I'm trying to get ulogd 2.0.0beta1 to work but each time I start the daemon I get this in my log file: Fri Sep 7 22:21:45 2007 <5> ulogd 07 Sep 2007 14:34:38 -0800 http://www.gossamer-threads.com/lists/iptables/user/68995 Hi I have introduced a variable in xt_counters data structure of type uint_64t to be used as a counter in ipt_entry data structure. I have installed 06 Sep 2007 19:50:13 -0800 http://www.gossamer-threads.com/lists/iptables/user/68984 Hi, In my machine i have 3 ethernet cards: eth0, eth1 and eth2 eth0 had 192.168.1.20, eth1 192.168.1.1 and eth2 had 10.0.0.1 ip. eth1 and eth2 are 06 Sep 2007 13:08:12 -0800 http://www.gossamer-threads.com/lists/iptables/user/68983 Hi All, I'm using kernel v. 2.6.22.1, iptables v. 1.3.8. I have an ADSL connection with dynamic IP. I use ipp2p to indentify and CONNMARK to mark p2p 06 Sep 2007 06:35:31 -0800 http://www.gossamer-threads.com/lists/iptables/user/68977 Hi, I am currently setting up a server which connects an internal LAN to multiple other LANs via VPNs (i.e. my server acts as VPN client, connecting 05 Sep 2007 11:04:16 -0800 http://www.gossamer-threads.com/lists/iptables/user/68955 Hi all, i have a linux box with three ethernet card. I want to bridge eth0 with eth2 and to have eth1 like a DMZ. Before, i was using linux-2.4.27 w 05 Sep 2007 09:00:59 -0800 http://www.gossamer-threads.com/lists/iptables/user/68953 Hi, In our current kernel, iptables doesn't work due to the error "can't initialize iptables table `filter'". I suspect that the netfilter is not turn 04 Sep 2007 11:48:30 -0800 http://www.gossamer-threads.com/lists/iptables/user/68938 Hi, INL Devel Team is proud to announce the availability of the first preview of Nulog2. Nulog2 is a complete rewrite of Nulog the historical filter 03 Sep 2007 14:34:09 -0800 http://www.gossamer-threads.com/lists/iptables/user/68930 Hi netfilter list, This is my first post to this list, so if this question is better handled by a different list, or offtopic, please kindly inform 30 Aug 2007 15:12:54 -0800 http://www.gossamer-threads.com/lists/iptables/user/68873 Hi, I observed that when creating conntrack record using conntrack tool, no event is catched (using conntrack -E). That might be reason why the recor 30 Aug 2007 06:11:00 -0800 http://www.gossamer-threads.com/lists/iptables/user/68865 Hi, I've problem when using conntrack and conntrackd. I tried to create a record using conntrack. But, I didn't see the record in conntrackd cache 30 Aug 2007 04:41:18 -0800 http://www.gossamer-threads.com/lists/iptables/user/68864 I have posted this before under another thread, but did not get many replies. So I thought I would post it under a more appropriate subject. OK, so 30 Aug 2007 03:45:43 -0800 http://www.gossamer-threads.com/lists/iptables/user/68862 Hi I am getting the error as mentioned below; the problem arose when I have changed the data structure of the ipt_entry which stores the rules an 30 Aug 2007 02:42:26 -0800 http://www.gossamer-threads.com/lists/iptables/user/68859 Hello! My network was just changed from a vanilla ADSL connection to direct ftth. There is now a network connector with a 100MB/s entry, which gets 29 Aug 2007 03:33:42 -0800 http://www.gossamer-threads.com/lists/iptables/user/68816 I've been attempting to play with netfilter_queue to see how effective a certain similarity hashing technique would work for identifying parts of docu 29 Aug 2007 01:13:42 -0800 http://www.gossamer-threads.com/lists/iptables/user/68813 Hi, I'm happy to announce the new ipset release. The main changes are - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho 28 Aug 2007 04:05:50 -0800 http://www.gossamer-threads.com/lists/iptables/user/68801 You are right, indeed I have just tested and that doesn't work, it's just to follow traffic bound to sip. I thus will use your solution which after te 28 Aug 2007 01:39:13 -0800 http://www.gossamer-threads.com/lists/iptables/user/68798 hi, I search for an small example-module (I'm right that patch-o-matic is a ip_queue-Application?) which is used by ip_queue - yes the old one for 2 27 Aug 2007 08:31:45 -0800 http://www.gossamer-threads.com/lists/iptables/user/68790 According to the manpage for iptables: limit This module matches at a limited rate using a token bucket filter. A rule using this exte 27 Aug 2007 08:01:26 -0800 http://www.gossamer-threads.com/lists/iptables/user/68788 The normal apologies for the noobie-type question... We have IPCop nicely segregating our orange (DMZ) and green (blocked) LANs. As time has gone on, 27 Aug 2007 07:45:17 -0800 http://www.gossamer-threads.com/lists/iptables/user/68786 Hello, I have the following problem LAN ---------------------------------Etch Linux Firewall----------------------------------------------------- 27 Aug 2007 07:26:45 -0800 http://www.gossamer-threads.com/lists/iptables/user/68784 Hello, I am using some internal IPs (169.254.x.x) on my box and then performing SNAT and DNAT from/to this IP to/from actual public IP. It has been 27 Aug 2007 01:35:06 -0800 http://www.gossamer-threads.com/lists/iptables/user/68779 I have a very simple set of iptables rules: # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -p tcp -i eth0 --d 26 Aug 2007 18:51:44 -0800 http://www.gossamer-threads.com/lists/iptables/user/68774 Hi, I have an application that monitors packets being forwarded through the machine using a simple rule in the iptables. Chain FORWARD (policy AC 26 Aug 2007 14:38:42 -0800 http://www.gossamer-threads.com/lists/iptables/user/68901 Hi Currently I am studying the architecture of netfilter/iptables and unfortunately I didnt find much information regarding them. Although different 25 Aug 2007 16:57:47 -0800 http://www.gossamer-threads.com/lists/iptables/user/68766 Hi I am working on some performance measures of the IPtables these days. I want to know; Is it possible that output of iptables list command i.e. ip 25 Aug 2007 16:27:32 -0800 http://www.gossamer-threads.com/lists/iptables/user/68765 where is I'm to the put psd macth? Att. -- Leandro Moreira Linux Networking Telefone: +55 (32) 9197-7909 E-mail/MSN: leandro@leandromoreira.eti.b 25 Aug 2007 12:20:09 -0800 http://www.gossamer-threads.com/lists/iptables/user/68757 I'm looking for some firewall tweaking advice. We have a dedicated firewall which hit ran out of conntrack slots recently. We had already tweaked th 25 Aug 2007 10:38:46 -0800 http://www.gossamer-threads.com/lists/iptables/user/68756 Hi, :) I'm working on a special sort of VPN. I'm suppose to do it using TUN/TAP driver. All I need is to forward (or any other appropriate technical 25 Aug 2007 03:52:14 -0800 http://www.gossamer-threads.com/lists/iptables/user/68753 Hi all, I want to add the match time. I apply the last snapshot with this patch ( patch-o-matic-ng-20060702) The compilation stop after with this er 25 Aug 2007 02:58:57 -0800 http://www.gossamer-threads.com/lists/iptables/user/68752 Hello, how do i configure that all mp3 extention will block using iptables --string value? is this correct? /sbin/iptables -I INPUT -j DROP -p tcp 24 Aug 2007 00:50:16 -0800 http://www.gossamer-threads.com/lists/iptables/user/68746 Ok, I'm hitting my head on a brick wall of my ignorance here. I have 10 DSL routers with associated internet connections. They are all configured to 23 Aug 2007 18:37:39 -0800 http://www.gossamer-threads.com/lists/iptables/user/68743 Hi folks, We run a linux based product (RHEL4 based, kernel-2.6.9-55, and iptables-1.2.11). During the running of the product, when we make changes 23 Aug 2007 17:32:58 -0800 http://www.gossamer-threads.com/lists/iptables/user/68742 Hi, I tried to change the default port of sip_contrack and h323_conntrack in iptables. The problem is those conntrack are "hard compiled" in the ker 23 Aug 2007 08:30:07 -0800 http://www.gossamer-threads.com/lists/iptables/user/68739 Hi, It has been quite a while since I looked at what was happening in Linux traffic shaping, so I am not sure if this has been discussed / improved 23 Aug 2007 08:28:44 -0800 http://www.gossamer-threads.com/lists/iptables/user/68747 Hi, I am just wondering why this script don't block iptables -A INPUT -p tcp -m string --string 'bittorent' --algo kmp -d 0/0 --dport 80 -j REJECT 22 Aug 2007 18:19:43 -0800 http://www.gossamer-threads.com/lists/iptables/user/68729 I am trying to use the recent module to block all traffic from policy violators. I have got it working to ignore people who get ping happy, but I can 22 Aug 2007 06:23:18 -0800 http://www.gossamer-threads.com/lists/iptables/user/68723 Hi, I have a couple of question on conntrackd 1) could anyone share results of testing highly loaded system with synchronization of conntrack tables 22 Aug 2007 05:10:24 -0800 http://www.gossamer-threads.com/lists/iptables/user/68721 Peoples, Sorry my bad English, is not my natural language. My doubt is following. In the older version of the patch - o - matic (20040706), the PSD 21 Aug 2007 15:58:05 -0800 http://www.gossamer-threads.com/lists/iptables/user/68744 After many many hours of frustration and failures I'm almost to the point that I don't think this is even currently possible with Linux. With out go 21 Aug 2007 09:14:48 -0800 http://www.gossamer-threads.com/lists/iptables/user/68715 Hi all, I have an issue with my linux iptables firewall and cannot figure out what to do. I will make this as short and sweet as I can. My Network is 21 Aug 2007 05:05:10 -0800 http://www.gossamer-threads.com/lists/iptables/user/68899 Greetings. I'm working on a rules compiler that takes advantage of ipset and I'd like to hear opinions on the following subject: When firewall rules 20 Aug 2007 16:30:21 -0800 http://www.gossamer-threads.com/lists/iptables/user/68702 Hi, just another question. Let my router be 192.168.7.33 with interfaces eth0 and ppp0; then this works perfectly here: # iptables -t nat -A PRERO 20 Aug 2007 07:11:02 -0800 http://www.gossamer-threads.com/lists/iptables/user/68684 Hi, on one of my machines the REJECT target doesn't behave as I expect. It is inserted into a chain but it is not accepted as a policy. myhost ~ # 20 Aug 2007 06:52:06 -0800 http://www.gossamer-threads.com/lists/iptables/user/68682 Hello, all. I have encountered the problem of compiling "time" match extension for 2.6.21.5 kernel. After searching netfilter-devel-maillist I have f 20 Aug 2007 05:36:38 -0800 http://www.gossamer-threads.com/lists/iptables/user/68681 Hello Guys, I have always read on documentations and messages on this mailing list that the several helpers available for netfilter would 'recog 19 Aug 2007 16:14:44 -0800 http://www.gossamer-threads.com/lists/iptables/user/68676 Hi, I have been using Iptables on linux 2.4.26 for several years. I am running on an Axis platform (cris architecture). Recently I started moving my 19 Aug 2007 15:37:11 -0800 http://www.gossamer-threads.com/lists/iptables/user/68675 thanks but I don't understant about the eth1, my network only runs on eth0 ... could you explain what the whole line does? Thanks ! Patrik a écrit 18 Aug 2007 12:58:55 -0800 http://www.gossamer-threads.com/lists/iptables/user/68669 Hi thanks, could you explain what this line does ? This is what I understand : Foward incomming form eth0 to Output eth1 with tcp port 21 but I dont 18 Aug 2007 12:26:37 -0800 http://www.gossamer-threads.com/lists/iptables/user/68668 Hello, this is my first message so I hope I'm doing this right ! :) I've got iptables setup and running well on my server and up to now I've not had 18 Aug 2007 12:08:59 -0800 http://www.gossamer-threads.com/lists/iptables/user/68667 Hi, I am trying to compile libnetfilters_queue.0.0.15 with libnfnetlink-0.0.16 and am getting the following compile time errors, any help would be a 17 Aug 2007 12:39:39 -0800 http://www.gossamer-threads.com/lists/iptables/user/68665 Hello, Is there any way how to edit/delete/create entries in the conntrack table ? Thanks for replies 17 Aug 2007 06:56:03 -0800 http://www.gossamer-threads.com/lists/iptables/user/68660 Hi, I've following problem when compiling conntrack-tools v0.0.95. gcc -g -O2 -o conntrack conntrack.o ../extensions/.libs/libct_proto_tcp.a ../exte 17 Aug 2007 01:57:49 -0800 http://www.gossamer-threads.com/lists/iptables/user/68645 Hi, I have a couple of questions regarding netfilter capability. I am building a network management system (a set of servers and software on a large 16 Aug 2007 22:14:18 -0800 http://www.gossamer-threads.com/lists/iptables/user/68641 I'm trying to figure out how to set up a rule to reply properly to a connection attempt to a filtered port, with no success. ip6tables -I INPUT -p tc 16 Aug 2007 08:19:03 -0800 http://www.gossamer-threads.com/lists/iptables/user/68634 I've got a rather bizarre configuration: Linux box has 4 ethernet devices (eth0, eth1, eth2, and eth3). eth2 and eth3 are looking to Internet, eth0 is 16 Aug 2007 07:59:03 -0800 http://www.gossamer-threads.com/lists/iptables/user/68631 Hi, I just updated to linux kernel 2.1.22 and when trying to use iptables, I get the following answer: # iptables -L iptables v1.3.8: can't initiali 15 Aug 2007 01:31:00 -0800 http://www.gossamer-threads.com/lists/iptables/user/68617 Hi, My employer has an interest in having enhancing the functionality of netfilter/trunk/ipset/ipset_nethash.c with the 2.6.18+ kernels and is explor 14 Aug 2007 21:56:11 -0800 http://www.gossamer-threads.com/lists/iptables/user/68614 Hi, I want to forward port 3739 on my firewall (openvpn server) to an openvpn client on port 3739. This is my setup: firewall: external interface: 14 Aug 2007 14:59:56 -0800 http://www.gossamer-threads.com/lists/iptables/user/68611 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I finally changed device to connect to internet on my gateway linux box , from a netgear router to an e 14 Aug 2007 13:32:39 -0800 http://www.gossamer-threads.com/lists/iptables/user/68610 I am sorry if this is a frequently raised topic, but I have done some web searches for it, including ones limited to netfilter.org, and looked through 14 Aug 2007 10:33:37 -0800 http://www.gossamer-threads.com/lists/iptables/user/68606 I'm trying to use the libipq fucntions such as ipq_create_handle in C, but I keep getting the error too many arguments to function `ipq_create_handl 14 Aug 2007 10:33:12 -0800 http://www.gossamer-threads.com/lists/iptables/user/68605 Dear Scott, You can download the newest "libnfnetlink" library from the www.netfilter.org. And when you successfully install the new library, yo 14 Aug 2007 07:21:12 -0800 http://www.gossamer-threads.com/lists/iptables/user/68595 Hi * I just try setup firewall. Config is following: Desktop Firewll (192.168.1.1) ------Eth0 Eth1(91.189.74.10)---------ISP Scri 14 Aug 2007 02:59:07 -0800 http://www.gossamer-threads.com/lists/iptables/user/68589 Hi, I was trying to drop arp packets such that only specific interface should answer the arp requests. I added following rules in input chain. -j DROP 13 Aug 2007 23:45:42 -0800 http://www.gossamer-threads.com/lists/iptables/user/68586 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For relatively obscure reasons, I am trying to build a set of rules that run into the hundreds of thous 13 Aug 2007 15:52:22 -0800 http://www.gossamer-threads.com/lists/iptables/user/68577 Hi, it seems it is a simple task, but can't get it going. I want have a couple of private machines accessing a public one (and other way around) thro 13 Aug 2007 01:58:09 -0800 http://www.gossamer-threads.com/lists/iptables/user/68571 Hi all! Seems like I'm getting out on the deep water here, but how do I NAT Cisco's SCCP protocol? I'm trying to do this on a Linksys (WRT54G) route 13 Aug 2007 01:51:50 -0800 http://www.gossamer-threads.com/lists/iptables/user/68570 -- I have been trying to block all traffic from an internal ip address, and packets are still going out, (seen with tcpdump) I don't see any traffic 12 Aug 2007 20:15:52 -0800 http://www.gossamer-threads.com/lists/iptables/user/68568 On 08/11/2007 01:46:51 PM, Jay Sprenkle - jsprenkle@gmail.com wrote: .... > I've put in a rule in my iptables chain but notice when I try to > connec 11 Aug 2007 11:55:51 -0800 http://www.gossamer-threads.com/lists/iptables/user/68560 Good morning all, I'm already aware mac address is easily spoofed but I'd like to make it just a little bit harder to break into my system anyway. I' 11 Aug 2007 10:46:51 -0800 http://www.gossamer-threads.com/lists/iptables/user/68558 Dear all, i am using linux as firewall and proxy server, having some problem regarding Microsoft VPN, my network users connect Microsoft vpn server. 11 Aug 2007 00:59:19 -0800 http://www.gossamer-threads.com/lists/iptables/user/68552 I need to increase the default size of the queue_max_length but do not see where in the code this is defined. Can someone send me a pointer to the loc 10 Aug 2007 11:24:41 -0800 http://www.gossamer-threads.com/lists/iptables/user/68550 Hi, I wrote some performance tests of NAT table. The main idea is, that I add 10000 random+senseless rules to the NAT table (snat, postrouting) and t 09 Aug 2007 10:44:37 -0800 http://www.gossamer-threads.com/lists/iptables/user/68548 Hi, I wrote some performance tests of NAT table. The main idea is, that I add 10000 random+senseless rules to the NAT table (snat, postrouting) and t 09 Aug 2007 10:33:56 -0800 http://www.gossamer-threads.com/lists/iptables/user/68547 Hello, I tried to use ACCOUNT to see passing data and make graphs from it, but I see only one direction. # iptables -A FORWARD -j ACCOUNT --addr 0.0 09 Aug 2007 06:04:31 -0800 http://www.gossamer-threads.com/lists/iptables/user/68545 Hello, all. I have spent nearly a week trying to solve my problem and is almost entirely stuck. I would appreciate any help or advise. In addition to 09 Aug 2007 00:17:37 -0800 http://www.gossamer-threads.com/lists/iptables/user/68544