Nemeth Gyorgy a écrit :
>>
> Yes, it can work as a short go-nogo test. But the suggestion was not
> mentioned it, that it is only for that. And it is very likely that when
> the OP tries this and it 'works' (I mean the Windows machine behind the
> Linux works well), then the rules will remain.
I w
I adopted Mr. Gyorgy's suggested iptables rules with only a
couple of additions based on nmap's report that port 411 was open
because it passed with flying colors nmaps tcp and udp scan of the
first 1056 ports, grc.com tests and pcflank.com tests.
For a single user system running no service
2014-08-10 22:30 keltezéssel, Joe írta:
> Why is it unresolvable? A DROP/REJECT policy is fail-safe, ACCEPT
> isn't. If the rest of the rules are correct, (and more importantly,
> guaranteed always to stay that way in the face of editing, sometimes
> rushed) an ACCEPT policy is redundant, and if th
On Tue, Aug 12, 2014 at 5:19 AM, Joe wrote:
> On Tue, 12 Aug 2014 04:53:51 -0400
> Tom H wrote:
>>
>> And you've proven my point...
>
> Agreed, I just can't see why there is any controversy.
You misunderstand. The fact that you can't accept that there may be
others who have good reason (whatever
On Tue, 12 Aug 2014 04:53:51 -0400
Tom H wrote:
>
> And you've proven my point...
>
>
Agreed, I just can't see why there is any controversy.
--
Joe
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian
On Sun, Aug 10, 2014 at 4:30 PM, Joe wrote:
> On Sun, 10 Aug 2014 16:07:01 -0400
> Tom H wrote:
>> On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy
>> wrote:
>>> 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -P ACCEPT
iptabl
On Mon, Aug 11, 2014 at 02:06:28PM +0200, Pascal Hambourg wrote:
> Mike McClain a ?crit :
> >
> > Clearly DNS lookup is working and I have a problem with the
> > configuration of IE.
>
> Check in its network settings whether a proxy is defined, and remove it.
Hi Pascal,
Nope, no proxy.
Mike McClain a écrit :
>
> Clearly DNS lookup is working and I have a problem with the
> configuration of IE.
Check in its network settings whether a proxy is defined, and remove it.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
On Mon, 11 Aug 2014 17:44:52 +1000
Andrew McGlashan wrote:
>
> I give another vote for IPCop btw that or pfsense, but IPCop is
> simpler.
>
Yes, but it's a distribution in itself, which means you need to
dedicate an entire computer to it. (No, I don't think there is any point
in running
On 10/08/2014 10:06 AM, Mike McClain wrote:
>> Please describe your network topology. Where's the Win2k box ?
> __
> | Debian| LAN| Windows 2000 |
> Inet|Linux|-
On Sun, 10 Aug 2014 16:07:01 -0400
Tom H wrote:
> On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy
> wrote:
> > 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
> >>
> >> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
> >>
> >> sysctl -w net.ipv4.ip_forward=1
> >> iptables -
On Sun, Aug 10, 2014 at 2:24 PM, Nemeth Gyorgy wrote:
> 2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
>>
>> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
>>
>> sysctl -w net.ipv4.ip_forward=1
>> iptables -t nat -P ACCEPT
>> iptables -t filter -P ACCEPT
>
> This is really
2014-08-10 11:33 keltezéssel, Pascal Hambourg írta:
> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
>
> sysctl -w net.ipv4.ip_forward=1
> iptables -t nat -P ACCEPT
> iptables -t filter -P ACCEPT
This is really a big sechole.
> iptables -t mangle -P ACCEPT
> iptables -t nat -
2014-08-10 01:49 keltezéssel, Mike McClain írta:
>> It's a rather complicated, sometimes overcomplicated script. But some
>> rules are missing and/or not in the correct order.
>
> I've little doubt you are correct, admittedly I'm flailing a bit.
> Trying this and that with little luck.
> I'd appre
On Sun, Aug 10, 2014 at 11:33:27AM +0200, Pascal Hambourg wrote:
>
> Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum :
>
> sysctl -w net.ipv4.ip_forward=1
> iptables -t nat -P ACCEPT
> iptables -t filter -P ACCEPT
> iptables -t mangle -P ACCEPT
> iptables -t nat -F
> iptables -t fi
On Sat, Aug 09, 2014 at 10:30:53PM -0600, Bob Proulx wrote:
> Mike McClain wrote:
> > Pascal Hambourg wrote:
> > > Please describe your network topology. Where's the Win2k box ?
> >
> > __
> > | Debian|
Mike McClain a écrit :
>
> from a zsh prompt:
> Mike zsh:~> nslookup
> Default Server: resolver1.opendns.com
> Address: 208.67.222.222
>
> Didn't return.
Of course not. If you don't provide a domain name to query in the
command line, nslookup just sits there and waits for a command or a name
to
Mike McClain a écrit :
> On Fri, Aug 08, 2014 at 09:13:23PM +0200, Pascal Hambourg wrote:
>>
>> Same as Nemeth Gyorgy : restart without any filtering, just the IP
>> forwarding and masquerading. If it does not work, it's not due to
>> filtering. Then when everything works add the filtering.
>
> Al
Bob Proulx a écrit :
> Mike McClain wrote:
>> __
>> | Debian| LAN| Windows 2000 |
>> Inet|Linux|-| S40 |
>> (ppp) | 192.168.1.2 |
Mike McClain wrote:
> Pascal Hambourg wrote:
> > Please describe your network topology. Where's the Win2k box ?
>
> __
> | Debian| LAN| Windows 2000 |
> Inet|Linux|
On Fri, Aug 08, 2014 at 09:13:23PM +0200, Pascal Hambourg wrote:
> Hello,
>
> Mike McClain a ?crit :
> > I've been trying to get my hand rolled iptables firewall to
> > masquerade traffic on the LAN to/from a Win2K box.
>
> Please describe your network topology. Where's the Win2k box ?
On Fri, Aug 08, 2014 at 08:24:11PM +0200, Nemeth Gyorgy wrote:
> 2014-08-08 09:04 keltez?ssel, Mike McClain ?rta:
> > I've been trying to get my hand rolled iptables firewall to
> > masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
> > the point that I can ping from the boxes
On Fri, Aug 08, 2014 at 09:16:05PM -0700, Matt Ventura wrote:
> On 8/8/2014 12:04 AM, Mike McClain wrote:
> > I've been trying to get my hand rolled iptables firewall to
> >masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
> >the point that I can ping from the boxes both ways
On Fri, Aug 08, 2014 at 07:05:28PM -0700, David Christensen wrote:
> On 08/08/2014 12:04 AM, Mike McClain wrote:
> > I've been trying to get my hand rolled iptables firewall to
> >masquerade traffic on the LAN to/from a Win2K box.
>
> I used to write my own firewall/ router rules, but then disc
On 8/8/2014 12:04 AM, Mike McClain wrote:
I've been trying to get my hand rolled iptables firewall to
masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
the point that I can ping from the boxes both ways, smbclient can move
files both ways and the Win2K box can ping Google'
On 08/08/2014 12:04 AM, Mike McClain wrote:
I've been trying to get my hand rolled iptables firewall to
masquerade traffic on the LAN to/from a Win2K box.
I used to write my own firewall/ router rules, but then discovered
purpose-built firewall/ router FOSS distributions. I used IPCop fo
Hello,
Mike McClain a écrit :
> I've been trying to get my hand rolled iptables firewall to
> masquerade traffic on the LAN to/from a Win2K box.
Please describe your network topology. Where's the Win2k box ?
What's S40 ?
> I've gotten it to
> the point that I can ping from the boxes both way
2014-08-08 09:04 keltezéssel, Mike McClain írta:
> I've been trying to get my hand rolled iptables firewall to
> masquerade traffic on the LAN to/from a Win2K box. I've gotten it to
> the point that I can ping from the boxes both ways, smbclient can move
> files both ways and the Win2K box can
28 matches
Mail list logo
