»
[ :: ]
< | >
: , " - , - "
#11 Skip to the next post in this topic.
: 15 2010, 11:57
Str82DHeaD

Avatar




: Li fans
: 269
: 2008

: 4.5

Offline
, . .
Code Sample: 
Chain OUTPUT (policy DROP 38 packets, 36928 bytes)
pkts bytes target prot opt in out source destination
1790 194K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OFFICE (2 references)
pkts bytes target prot opt in out source destination
5670 465K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain PUBLIC (2 references)
pkts bytes target prot opt in out source destination
505 32274 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,80,443
39 2964 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
11693 998K DROP all -- * * 0.0.0.0/0 0.0.0.0/0



Code Sample: 
Chain PREROUTING (policy ACCEPT 3215K packets, 271M bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 31835 packets, 1863K bytes)
pkts bytes target prot opt in out source destination
21127 1860K SNAT all -- * vlan91 192.168.20.0/24 0.0.0.0/0 to:94.94.94.94


Chain OUTPUT (policy ACCEPT 27634 packets, 1557K bytes)
pkts bytes target prot opt in out source destination


. ? .

Str82DHeaD 15 2010, 11:58
:  Str82DHeaD

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#12 Skip to the next post in this topic.
Skip to the previous post in this topic. : 15 2010, 12:01
mcwolf

No avatar chosen




: Li gurus
: 1489
: 2005

: 5

Offline

DROP-
:  mcwolf

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#13 Skip to the next post in this topic.
Skip to the previous post in this topic. : 15 2010, 12:10
Str82DHeaD

Avatar




: Li fans
: 269
: 2008

: 4.5

Offline
Quote: (Str82DHeaD @ Jul. 15 2010, 08:42)

, , , IP. .
:
iptables -L -t filter -n
Code Sample: 
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
OFFICE all -- 0.0.0.0/0 0.0.0.0/0
OFFICE all -- 0.0.0.0/0 0.0.0.0/0
PUBLIC all -- 0.0.0.0/0 0.0.0.0/0
PUBLIC all -- 0.0.0.0/0 0.0.0.0/0


Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 192.168.20.X 69.63.176.0/20
DROP all -- 192.168.20.y 69.63.176.0/20
DROP all -- 192.168.20.z 69.63.176.0/20
DROP all -- 192.168.20.f 69.63.176.0/20

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain OFFICE (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain PUBLIC (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22,80,443
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0



iptables -L -t nat -n
Code Sample: 
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.20.0/24 0.0.0.0/0 to:94.94.94.94


iptables -L -t mangle -n
Code Sample: 
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

ifconfig -a

Code Sample: 
vlan1 Link encap:Ethernet HWaddr 00:0f:7e:af:48:22
inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::20e:7fff:feef:4822/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5769423 errors:0 dropped:0 overruns:0 frame:0
TX packets:4145466 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:601865043 (573.9 MiB) TX bytes:2968059441 (2.7 GiB)

vlan2 Link encap:Ethernet HWaddr 00:0e:7f:ef:48:23
inet addr:94.94.94.94 Bcast:94.94.94.93 Mask:255.255.255.192
inet6 addr: fe80::20e:7fff:feef:4823/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32753283 errors:0 dropped:0 overruns:0 frame:0
TX packets:59743987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2877578438 (2.6 GiB) TX bytes:2480680575 (2.3 GiB)

route -n
Code Sample: 
94.94.94.0 0.0.0.0 255.255.255.192 U 0 0 0 vlan2
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1
192.168.194.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.198.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 94.94.94.99 0.0.0.0 UG 0 0 0 vlan2


netstat -tan | grep 80

Code Sample: 
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
tcp 0 0 192.168.37.3:80 0.0.0.0:* LISTEN
tcp 0 0 192.168.20.3:80 0.0.0.0:* LISTEN
tcp 0 0 94,94,94,94:80 0.0.0.0:* LISTEN

iptables -L -t filter -n -v
Code Sample: 
Chain OUTPUT (policy DROP 38 packets, 36928 bytes)
pkts bytes target prot opt in out source destination
1790 194K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OFFICE (2 references)
pkts bytes target prot opt in out source destination
5670 465K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain PUBLIC (2 references)
pkts bytes target prot opt in out source destination
505 32274 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,80,443
39 2964 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
11693 998K DROP all -- * * 0.0.0.0/0 0.0.0.0/0


iptables -L -t nat -n -v
Code Sample: 
Chain PREROUTING (policy ACCEPT 3215K packets, 271M bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 31835 packets, 1863K bytes)
pkts bytes target prot opt in out source destination
21127 1860K SNAT all -- * vlan91 192.168.20.0/24 0.0.0.0/0 to:94.94.94.94


Chain OUTPUT (policy ACCEPT 27634 packets, 1557K bytes)
pkts bytes target prot opt in out source destination


Str82DHeaD 15 2010, 12:12
:  Str82DHeaD

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#14 Skip to the next post in this topic.
Skip to the previous post in this topic. : 15 2010, 12:12
mcwolf

No avatar chosen




: Li gurus
: 1489
: 2005

: 5

Offline

iptables -L -t filter -n -v
iptables -L -t nat -n -v

- filter

- vlan91 ifconfig -a
( )

mcwolf 15 2010, 12:16
:  mcwolf

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#15 Skip to the next post in this topic.
Skip to the previous post in this topic. : 15 2010, 12:18
Str82DHeaD

Avatar




: Li fans
: 269
: 2008

: 4.5

Offline
iptables -L -t filter -n -v

Code Sample: 
Chain INPUT (policy DROP 10 packets, 628 bytes)
pkts bytes target prot opt in out source destination
415 40368 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
12 504 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7460 614K OFFICE all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 OFFICE all -- vlan3 * 0.0.0.0/0 0.0.0.0/0
113 8670 PUBLIC all -- vlan3 * 0.0.0.0/0 0.0.0.0/0
22278 1882K PUBLIC all -- vlan2 * 0.0.0.0/0 0.0.0.0/0


Chain FORWARD (policy DROP 61 packets, 13199 bytes)
pkts bytes target prot opt in out source destination
13 624 DROP all -- * * 192.168.20.x 69.63.176.0/20
3 144 DROP all -- * * 192.168.20.y 69.63.176.0/20
9 432 DROP all -- * * 192.168.20.z 69.63.176.0/20
..............................................................................
2544K 2143M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP 38 packets, 36928 bytes)
pkts bytes target prot opt in out source destination
3105 358K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OFFICE (2 references)
pkts bytes target prot opt in out source destination
7460 614K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain PUBLIC (2 references)
pkts bytes target prot opt in out source destination
1153 74774 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,80,443
66 5016 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
21172 1811K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

iptables -L -t nat -n -v
Code Sample: 
Chain PREROUTING (policy ACCEPT 3246K packets, 274M bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 31880 packets, 1867K bytes)
pkts bytes target prot opt in out source destination
42216 3631K SNAT all -- * vlan2 192.168.20.0/24 0.0.0.0/0 to:94.94.94.94


Chain OUTPUT (policy ACCEPT 27679 packets, 1561K bytes)
pkts bytes target prot opt in out source destination


Str82DHeaD 15 2010, 12:19
:  Str82DHeaD

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#16 Skip to the next post in this topic.
Skip to the previous post in this topic. : 15 2010, 12:55
mcwolf

No avatar chosen




: Li gurus
: 1489
: 2005

: 5

Offline
( ) - OUTPUT filter ( ACCEPT - )

192.168.20.3 ( ) - - ( )
:  mcwolf

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#17 Skip to the next post in this topic.
Skip to the previous post in this topic. : 15 2010, 12:55
Str82DHeaD

Avatar




: Li fans
: 269
: 2008

: 4.5

Offline
! , ... -, ... .
...

Str82DHeaD 15 2010, 12:57
:  Str82DHeaD

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
#18 Skip to the next post in this topic.
Skip to the previous post in this topic. : 16 2010, 23:09
tolostoi

Avatar




: Li maniacs
: 869
: 2006

: 5

Offline
, , :P .
hosts , , .

Edit: , , ?
/etc/sysctl.conf

tolostoi 17 2010, 09:20

:  tolostoi

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
#19
Skip to the previous post in this topic. : 28 2010, 13:38
Str82DHeaD

Avatar




: Li fans
: 269
: 2008

: 4.5

Offline
, ..... . :14;  :14;
:  Str82DHeaD

  • AOL  AOL:
  • ICQ  ICQ:
  • MSN  MSN:
  • YIM  Yahoo IM:
WEB  
< | >
18 () 14 2010, 13:13

© 2014 Linux Index Project
Powered by iF 1.0.0 © 2006 ikonForums