Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
closing irc acces ....
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: closing irc acces ....

  1. #1
    bYTeGr4v3
    Guest

    closing irc acces ....

    i tried to close some ports with iptables but i still can connect to irc
    iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 6000:65535 -j DROP
    please help me thanks for your time

  2. #2

    Re:closing irc acces ....

    what program are you connecting with and what address?
    whatdoyougetwhenyoumultiplysixbynine??

  3. #3
    JimH
    Guest

    Re:closing irc acces ....

    What Linux distribution/version are you running?

    Description of your network setup would help alot.

    Jim H

  4. #4
    bYTeGr4v3
    Guest

    Re:closing irc acces ....

    i'm using slackware 8.1
    irc client mirc

  5. #5
    JimH
    Guest

    Re:closing irc acces ....

    Well since I know nothing about how your network is setup I can only make a couple of generic suggestions.

    Port 6667 is the default port used by IRC. This will drop all outgoing/forwarded packets from 192.168.0.0/24 ( I assume this is your internal ip address range from your first post)

    iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --dport 6667 -j DROP
    iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 6667 -j DROP

    Jim H

  6. #6
    bYTeGr4v3
    Guest

    Re:closing irc acces ....

    i tried the way u adviced me ... but still can get access to irc . and if a try the section with forward it will became the first rule and will block some acsess ??? after i wrote with forward internet n/a > amd mirc could connect on 7777 if specified . please help me to understood what to do . all i want is to cut connection for irc. also i flushed all channels . thanks a lot

  7. #7
    JimH
    Guest

    Re:closing irc acces ....

    If you are running an IRC client on 7777 besides the default port of 6667 then you will have to close that port also with similar lines.

    The best way is to set the default table policies to DROP and write rules that only allow access you want.

    Jim H

  8. #8
    bYTeGr4v3
    Guest

    Re:closing irc acces ....

    Quote Originally Posted by JimH
    If you are running an IRC client on 7777 besides the default port of 6667 then you will have to close that port also with similar lines.

    The best way is to set the default table policies to DROP and write rules that only allow access you want.

    Jim H
    so i only make forwarding for 25 53 80 110 (the ports i need)
    i'm not sure about 53 for my lan . if u're kind can u explain with some examples the use of iptables (i`ve read the how-to)
    need some explination about how it works, chains, policies .... in other words an example with some explination .

    ps. i know it's kind off topic , but please help ...
    best regards !

  9. #9
    JimH
    Guest

    Re:closing irc acces ....

    Yes you will need port 53 open for DNS.

    A few examples

    I imagine if you are masquerading the boxes on the Lan you are currently using....

    iptables -A FORWARD -i <lan> -o <external dev> -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

    iptables -A FORWARD -i <external dev> -o <lan> -m state --state ESTABLISHED,RELATED -j ACCEPT

    You need to remove the "NEW" from the first one above.

    Then create rules like below for what you wish to allow.

    iptables -A FORWARD -o <external dev> -p udp --sport 1024:65535 -d <nameserver> --dport 53 -m state --state NEW -j ACCEPT

    iptables -A FORWARD -o <external dev> -p tcp --sport 1024:65535 -d <nameserver> --dport 53 -m state --state NEW -j ACCEPT

    iptables -A FORWARD -o <external dev> -p tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT

    Understand what is going to here?

    Jim H

  10. #10
    bYTeGr4v3
    Guest

    Re:closing irc acces ....

    yes and no ???

    first yes i'm using masquerade... but let me tell u how it's done. 1 server 166Mhz 3GB hdd/48MB RAM with Slackware 8.1 - mail server, gateway and web server. 2 nics -1 eth0 - external and eth1 internal. also i have a zone for bind , server is primary master and the nameserver from the isp is secondary master. i've chrooted bind for security reasons.

    u said :

    iptables -A FORWARD - i <lan> -o <external device> -m state --state ESTABLISHED, RELATED -j ACCEPT

    iptables -A FORWARD -i <external device> -o <lan> -m state --state ESTABLISHED, RELATED -j ACCEPT

    so ... external device and internal device (lan) can be specified like IP's .... external device aaa.bbb.ccc.aaa
    and internal device 192.168.0.0/24 or like devices meaning
    internal device eth1 and external device eth0 ?
    second what's the meaning of state, ESTABLISHED and RELATED ?

    i've seen that u are using sport between 1024 and 65535
    and i'm wondering why ? looking at this i'm thinking that the connection from the clients (LAN) to server is made on ports bigger than 1024.

    <nameserver> the nameserver from isp isnt'it ?

    thanks a lot jim

    have a great time

Similar Threads

  1. How do I regain acces to my linux partition?
    By AljoshaNL in forum Linux - General Topics
    Replies: 23
    Last Post: 12-31-2005, 05:02 PM
  2. Internet Closing
    By CoolJsa14 in forum Windows - General Topics
    Replies: 3
    Last Post: 01-03-2005, 12:36 PM
  3. Programs Closing
    By Millermagic in forum Windows - General Topics
    Replies: 13
    Last Post: 01-03-2005, 03:21 AM
  4. Dual boot - how to acces files on windows partition
    By Jtsky in forum Windows - General Topics
    Replies: 5
    Last Post: 04-19-2004, 08:59 PM
  5. GLO Possibly closing its doors
    By paradox in forum General Chat
    Replies: 22
    Last Post: 11-14-2002, 04:01 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •