This is a list of operating system distributions designed for use as the operating system of a machine acting as a router and/or firewall.
List of router or firewall distributions – Wikipedia, the free encyclopedia.
Tag Archives: iptables
nf_conntrack and the conntrack program
Anyway I did at a fast
cat /proc/net/nf_conntrack | grep 5060to get all connection tracking entries for SIP. And I found more than one, here is on example.
via nf_conntrack and the conntrack program | Robert Penz Blog.
More info on conntrack here…
The timeout for this entry is 180 sec and 172 seconds to go, and the SIP client was all the time sending new probes and therefore the connection was never dropped. What can you do in this instance? You can install conntrack. It is a userspace command line program targeted at system administrators. It enables you to view and manage the in-kernel connection tracking state table. If you want to take a look at the manual without installing it (apt-get install conntrack) you can take a look at this webpage which contains the man page. With this program I did delete the entries with the wrong IP address and everything worked again.
Masquerading Made Simple HOWTO
Masquerading Made Simple HOWTO.
Masquerading must be put in the NAT chain or the router won’t know how to return packets to subnets other than its own LAN.
Force iptables to log messages to a different log file
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.
By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks