[01:05] <zillah> hey all
[01:22] <krakrjak> hey what's up?
[01:31] <zillah> trying to fix my ubuntu server lol
[01:34] <zillah> i'm having issues with iptables and can't figure out what i'm doing wrong
[02:18] <krakrjak> pastebin it up
[02:18] <krakrjak> sorry got distracted by iscsi again.
[02:22] <zillah> i'm not sure what to paste
[02:26] <zillah> i think i may have it if i can figure out how to paste into vi on ubuntu from putty on windows that i'm logged into from a Mac
[02:27] <zillah> haha, i got it
[02:30] <zillah> well, i was able to paste...i still haven't fixed my problem...i can't ssh into the server from outside the network
[02:30] <zillah> i added:
[02:30] <zillah> /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[02:30] <zillah> to /etc/rc.local
[02:30] <zillah> and ran both from a shell, but i still get a time-out when i try to connect
[02:39] <krakrjak> what's the other one?
[02:39] <krakrjak> I see the harmless rule.
[02:41] <krakrjak> you've stumped me.  have any console access?
[02:43] <krakrjak> ok...  so can you see port 22 filtered on the host using nmap -P0 -p 22 <host>?
[02:43] <zillah> i can get in by using terminal services to a Windows server then putty from there
[02:44] <krakrjak> right, but from outside the network can you see the host at all?
[02:44] <krakrjak> just no ssh after using -A INPUT?
[02:44] <krakrjak> you might want the rule higher in the list.
[02:44] <zillah> yeah i'm not sure what nmap says though...i don't have any boxes with it here
[02:45] <zillah> i think i can put it on the mac real quick
[02:45] <krakrjak> ok so check the iptables -L INPUT and see if there's a block all before the specific ACCEPT
[02:47] <zillah> ok
[02:47] <zillah> here is my /etc/rc.local
[02:47] <zillah> http://pastebin.com/kH9X9a3X
[02:47] <zillah> all of the port forwards work
[02:50] <zillah> yeah, they are at the bottom
[02:50] <krakrjak> hrm..  I think the OUTPUT rule is bad.  I think I'd just set -P OUTPUT ACCEPT at the top.
[02:50] <krakrjak> I don't know why this isn't working though...  seems like it should.
[02:52] <zillah> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
[02:52] <zillah> oops, didn't mean to paste that
[02:52] <krakrjak> http://pastebin.com/QBTXpbCN
[02:53] <zillah> http://pastebin.com/4cu1A3MN
[02:53] <krakrjak> Yeah that looks good.
[02:53] <zillah> there is the INPUT chain
[02:53] <krakrjak> ok let's see here.
[02:55] <krakrjak> OUTPUT have any hints...  I think 23 should be higher.  I don't think anything makes it past #14
[02:57] <zillah> http://pastebin.com/1GgCYe2b
[02:58] <krakrjak> #17 and #18 are not needed.
[02:58] <krakrjak> What is managing your firewall besides rc.local?
[02:59] <krakrjak> There's a lot of rules in there for the small bit of iptables in the rc.local.  Like the DROP policy on INPUT for example.
[02:59] <zillah> that's what i was wondering
[02:59] <krakrjak> ufs?
[02:59] <krakrjak> ufw?
[02:59] <zillah> maybe these don't need to go in rc.local
[03:00] <krakrjak> I think you can leave the forwards there if you want :)
[03:00] <zillah> root@ubuntu:/home/mitchell# service ufw status
[03:00] <krakrjak> just need to find the other program fiddling with the firewall.
[03:01] <krakrjak> 11.04?
[03:03] <zillah> no older...i can't remember what to cat to find it
[03:03] <krakrjak> hrm...  what's in /etc/init.d
[03:04] <krakrjak> any of those sound like firewall programs?
[03:05] <zillah> not any that i recognize
[03:06] <zillah> ufw is in there but says it isn't running
[03:06] <zillah> oh...firestarter is in there
[03:06] <krakrjak> hrm...  that sounds likely
[03:06] <zillah> it's running
[03:07] <zillah> isn't firestarter a GUI tool?
[03:07] <krakrjak> yeah, but I guess you can use it from the command line...
[03:08] <krakrjak> it can be used as a daemon and just managed as files from the ubuntu page I found.
[03:09] <krakrjak> https://help.ubuntu.com/community/Firestarter
[03:09] <krakrjak> You can try just turning it off invoke-rc.d firestarter stop and see what the new rules look like then run your rc.local again.
[03:09] <krakrjak> if you're fixed just uninstall firestarter
[03:10] <zillah> i'm gonna try it
[03:11] <zillah> yay!!!!
[03:11] <zillah> it works!
[03:13] <zillah> that is soooo much better
[03:15] <zillah> haha, now my eggdrop is open to the outside, not sure i like that
[03:15] <zillah> but now I now how to fix it  :)
[03:16] <zillah> thanks for the help
[03:24] <krakrjak> anytime
[03:36] <zillah> lol now i can't get irssi to compile on it or install via apt
[03:36] <krakrjak> ack!
[03:36] <zillah> i need to upgrade this box, but when i do it breaks vmware
[03:38] <zillah> DISTRIB_DESCRIPTION="Ubuntu 9.04"
[03:38] <zillah> DISTRIB_DESCRIPTION="Ubuntu 9.04"
[03:46] <krakrjak> dang, going way back in Ubuntu terms.
[03:46] <krakrjak> it's only one Debian back though :)
[03:46] <zillah> lol this box is just a little over two years old
[03:47] <krakrjak> this box is much older, but the OS is newer.
[03:49] <zillah> i've resisted upgrade/reinstall because of vmware...i have a free license for vmware infrastructure and it seems like you can't get that anymore
[03:49] <zillah> and if i re-install vmware it will have to reactivate the license or whatever
[03:50] <zillah> and the virtual machine on it is my PDC for my Windows domain
[03:59] <zillah> hey TommyT
[03:59] <TommyT> howdy
[03:59] <zillah> how are you tonight?>
[04:00] <TommyT> doing OK... trying to do six things at once, though. I forgot I had irc open on this netbook
[04:00] <zillah> lol i know how that goes
[04:01] <TommyT> were you in on the Google+ meeting last night?
[04:01] <zillah> yeah, i'm Mitchell
[04:02] <TommyT> Ah... I don't know everyone. Maybe I will learn names better if I use the Google+ thing
[04:02] <TommyT> I did get my sound going
[04:02] <zillah> what did you have to do?
[04:02] <TommyT> The workaround for this model on 11.04 is run pavucontrol then run the LEFT mic volume to zero
[04:03] <TommyT> I don't know why
[04:03] <TommyT> This is an Acer Aspire D260
[04:03] <TommyT> Wal-mart special
[04:03] <zillah> heh, well at least it works
[04:03] <TommyT> The stock control re-locks the volume controls together
[04:04] <TommyT> If I was smart enough to understand what was going on there's probably a config file to fix it for good
[04:05] <zillah> oh, you have to change it after every re-boot?
[04:07] <TommyT> the place I read it says it pops back easily, but so far it has persisted
[04:08] <TommyT> I think various applications mess with it and make it stop working
[04:08] <TommyT> Skype is one that was mentioned
[04:09] <TommyT> I'm getting the "time for bed" message from the other room...
[04:09] <zillah> ah
[04:09] <zillah> lol
[04:09] <TommyT> I'll try to have proper hardware for the next Google+ thing
[04:09] <zillah> i'm hoping to be on linux instead of mac next time
[04:10] <TommyT> whatever works... I may have to move to the Mac if I can't get things working otherwise. This netbook is ALMOST too underpowered
[04:10] <TommyT> We have a Mac Mini that can probably handle it though
[04:10] <TommyT> But we don't keep a camera on it
[04:10] <zillah> I miss my Mini, i sold it when i got my macbook pro
[04:11] <zillah> i got an iSight but the audio wouldn't work on Snow Leopard, but it would on older MacOS
[04:12] <TommyT> THat's weird. Is it the old old firewire iSight?
[04:12] <TommyT> I have a generic Logitech that works fine
[04:13] <zillah> yeah, it was the old old firewire i think
[04:13] <TommyT> if it says Plug & Play in Windows XP, it will generally work on linux, and many Mac apps work fine with them too.
[04:13] <zillah> yeah, i had a logitech working using Macam
[04:14] <zillah> framerate was horrible though
[04:14] <TommyT> I don't do video much... but the Google+ was impressive especially for a "free" service
[04:15] <TommyT> I was shopping around for a conference service awhile back and that did fine
[04:15] <zillah> yeah, same here.  I've  played with FaceTime a little, but hasn't been that useful yet
[04:15] <zillah> i was impressed with Google+
[04:15] <TommyT> So as the article they linked to said, I think for Google+ the hangouts (is that what it's called?) will be the killer app
[04:15] <TommyT> I haven't done the circle stuff much yet
[04:16] <zillah> yeah
[04:16] <zillah> you mean as far as making new circles, or just putting people into them?
[04:16] <TommyT> putting people in...somewhere here I had an article with the 15 people you should follow with Google+ so I added some "celebrity" stuff
[04:16] <TommyT> BUT
[04:17] <TommyT> the article listed Newt Gingrich as someone worth following... but he got called out for having like 80+% fake followers on twitter
[04:18] <zillah> lol
[04:18] <TommyT> I have used FaceBook for awhile but so far few people I have known for a long time are on Google+
[04:18] <TommyT> It wouldn't even let ME in until Tony sent me the invite
[04:18] <TommyT> and _I_ thought Google loved me
[04:18] <TommyT> they even sent me a shirt
[04:19] <zillah> LOL
[04:19] <TommyT> (I was a paid Blogger user and they sent a nice shirt to people when they made it free)
[04:19] <TommyT> but what have I done for them lately?
[04:19] <zillah> i'm not sure how i got signed up
[04:20] <zillah> i think i just logged into gmail one day and it was there
[04:20] <TommyT> That's what _I_ expected to happen... that's how lots of stuff has been with them for me
[04:20] <TommyT> sites, voice, etc.
[04:20] <TommyT> I have the phone number, several sites, even domains they manage
[04:21] <TommyT> host, I mean
[04:21] <TommyT> But I guess I'm not social enough or something
[04:21] <zillah> everything i have i had somewhere else before google bought it
[04:21] <zillah> like grandcentral and picasa
[04:21] <zillah> lol
[04:22] <TommyT> OH and I have an Android phone. Surely that counts for something. Yeah I had GrandCentral.
[04:22] <zillah> i'm thinking about switching to Android
[04:22] <TommyT> I used Flickr instead of Picasa, though
[04:22] <TommyT> Android has been OK but it has amazingly rough edges
[04:23] <TommyT> I have a Verizon Motorola Droid2, and the stuff you have to do to make it acceptable is a pain
[04:23] <zillah> i have a chinese tablet running 2.2
[04:23] <zillah> it's ok for what it is, but i can only use the amazon market
[04:24] <TommyT> That's odd... I tried the Amazon market and it didn't manage the apps as well as the Android one
[04:24] <TommyT> But maybe I didn't give it a chance
[04:25] <TommyT> I noticed everything I wanted was in both places and sometimes cheaper (free) on Android
[04:25] <zillah> yeah thats what i've heard
[04:26] <TommyT> well maybe that is the signal to go to bed. the trackpad just put me into Facebook chat
[04:26] <TommyT> and I sent a message to an old friend of mine who is offline
[04:27] <TommyT> so I told her "oops"
[04:27] <zillah> lol
[04:27] <zillah> take care man
[04:27] <zillah> ttyl
[04:27] <TommyT> bye
[04:46] <zillah> yay, i finally got irsii compiled