Linux: разрешение вопросов, перспективы и общение (comp.soft.linux.discuss) : Рассылка : Subscribe.Ru

← Апрель 2010 →
	1 01.04.2010 00:29:00 00:48:03 08:25:47 12:45:52 14:45:36 20:10:53 20:23:25	2	3	4 04.04.2010 00:59:43 02:11:51 08:58:05 13:22:04 21:18:06
5 05.04.2010 09:29:03 09:53:02 11:16:37 11:19:43 18:55:55	6 06.04.2010 04:43:38 09:25:14 10:48:25 16:16:09 16:37:51	7	8 08.04.2010 03:09:42 13:10:25 13:16:12 16:05:27	9 09.04.2010 00:59:04 01:33:27 05:25:22 07:57:56 08:05:40 08:07:43 08:15:24 08:18:37 08:47:44 09:20:46 09:51:35 10:02:44 10:54:38 12:13:30 12:39:58 13:04:38 18:59:28 19:28:34	10 10.04.2010 00:48:19 01:35:19 01:40:58 07:52:56 08:59:19 09:17:55 15:09:50 20:15:53 20:29:37 20:45:39 20:56:50 21:04:12 21:28:15 21:35:13 21:37:43	11
12 12.04.2010 17:22:56 17:57:24	13 13.04.2010 02:11:20 02:16:12 02:58:31 03:15:58 06:33:13 10:14:55 15:13:58	14	15	16 16.04.2010 00:41:06 18:06:58 18:26:53	17 17.04.2010 11:29:30 12:22:32 16:28:34	18
19	20	21	22	23	24	25
26 26.04.2010 09:20:56 13:31:05 15:31:03 17:18:21	27 27.04.2010 01:35:09 04:55:11 07:51:46	28	29	30

Re: два сервера

В добавок к ip rule show, ip route table %tablename% каждой таблицы,
которая упоминается в ip rule show.

В Чтв, 01/04/2010 в 13:50 +0400, besshaposhnikovmn пишет:
> ip route
> 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.208
> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
> default via 172.16.0.1 dev eth0
> default via 192.168.0.1 dev eth1 scope link
>
>
>
> iptables -L -v -n --line-numbers
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 976 87059 BASE_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 399 43621 INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 3 399 43621 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 399 43621 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 356 38179 VALID_CHK all -- eth0 * 0.0.0.0/0
> 0.0.0.0/0
> 6 356 38179 EXT_INPUT_CHAIN !icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 7 0 0 EXT_INPUT_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec
> burst 100
> 8 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 9 43 5442 INT_INPUT_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 11 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
> `AIF:Dropped INPUT packet: '
> 12 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 2 668 BASE_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 0 0 FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 0 0 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 6 0 0 EXT_FORWARD_IN_CHAIN all -- eth0 *
> 0.0.0.0/0 0.0.0.0/0
> 7 0 0 EXT_FORWARD_OUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 0 0 INT_FORWARD_IN_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 9 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 11 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0
> 0.0.0.0/0
> 12 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 eth0
> 0.0.0.0/0 0.0.0.0/0
> 13 0 0 POST_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 14 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix
> `AIF:Dropped FORWARD packet: '
> 15 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 754 181K BASE_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 94 11372 OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 94 11372 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Fragment packet: '
> 6 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
> 7 51 5930 EXT_OUTPUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 43 5442 INT_OUTPUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 9 94 11372 POST_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 10 94 11372 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 0 0 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 555 41270 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 22 2168 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 638 167K ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 22 2168 ACCEPT all -- * lo 0.0.0.0/0
> 0.0.0.0/0
>
> Chain DMZ_FORWARD_IN_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_FORWARD_OUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INET_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_LAN_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_OUTPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 VALID_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain EXT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_ICMP_FLOOD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable flood: '
> 2 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 3 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded fld: '
> 4 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 5 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param-problem fld: '
> 6 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 7 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request(ping) fld: '
> 8 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 9 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-reply(pong) flood: '
> 10 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 11 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-source-quench fld: '
> 12 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 4
> 13 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6
> prefix `AIF:ICMP(other) flood: '
> 14 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 2 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 3 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
> 4 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp dpt:0
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:TCP source port 0: '
> 6 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:UDP source port 0: '
> 7 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp spt:0
> 8 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp spt:0
> 9 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:67 dpt:68
> 10 3 180 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80
> 11 0 0 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:8000
> 12 2 120 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:22
> 13 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 14 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 15 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable: '
> 16 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded: '
> 17 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param.-problem: '
> 18 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 19 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 20 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 21 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 22 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 23 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg
> 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: '
> 24 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min
> burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: '
> 25 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
> 26 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 27 27 2604 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 28 6 360 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 29 14 952 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 30 351 37879 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 31 7 420 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 32 344 37459 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 33 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 34 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Connect attempt: '
> 35 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_DROP (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Blocked host(s): '
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain HOST_BLOCK_DST (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_SRC (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INET_DMZ_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 43 5442 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain INT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain LAN_INET_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 6 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_DROP_CHAIN (38 references)
> num pkts bytes target prot opt in out source
> destination
> 1 351 37879 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain POST_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain RESERVED_NET_CHK (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 10.0.0.0/8
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class A address: '
> 2 0 0 LOG all -- * * 172.16.0.0/12
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class B address: '
> 3 0 0 LOG all -- * * 192.168.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class C address: '
> 4 0 0 LOG all -- * * 169.254.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class M$ address: '
> 5 0 0 LOG all -- * * 224.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 6 0 0 LOG all -- * * 239.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 7 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 10.0.0.0/8 0.0.0.0/0
> 8 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 172.16.0.0/12 0.0.0.0/0
> 9 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/16 0.0.0.0/0
> 10 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 169.254.0.0/16 0.0.0.0/0
> 11 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 224.0.0.0/24 0.0.0.0/0
> 12 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 239.0.0.0/24 0.0.0.0/0
>
> Chain SPOOF_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 43 5442 RETURN all -- eth1 * 192.168.0.0/24
> 0.0.0.0/0
> 2 0 0 LOG all -- * * 192.168.0.0/24
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Spoofed packet: '
> 3 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/24 0.0.0.0/0
> 4 356 38179 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain VALID_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS scan: '
> 2 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: '
> 3 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: '
> 4 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth FIN scan: '
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: '
> 6 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: '
> 7 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth Null scan: '
> 8 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
> 9 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
> 10 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
> 11 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
> 12 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
> 13 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
> 14 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
> 15 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(64): '
> 16 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(128): '
> 17 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=64
> 18 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=128
> 19 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0 state INVALID
> 20 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix
> `AIF:Fragment packet: '
> 21 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
>
not what they look like.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36989; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039977

Povietkin Konstantin

2010-04-01 20:23:25 (#1039977)

Re: два сервера

Если можно еще и ip rule show
В Чтв, 01/04/2010 в 13:50 +0400, besshaposhnikovmn пишет:
> ip route
> 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.208
> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
> default via 172.16.0.1 dev eth0
> default via 192.168.0.1 dev eth1 scope link
>
>
>
> iptables -L -v -n --line-numbers
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 976 87059 BASE_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 399 43621 INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 3 399 43621 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 399 43621 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 356 38179 VALID_CHK all -- eth0 * 0.0.0.0/0
> 0.0.0.0/0
> 6 356 38179 EXT_INPUT_CHAIN !icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 7 0 0 EXT_INPUT_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec
> burst 100
> 8 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 9 43 5442 INT_INPUT_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 11 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
> `AIF:Dropped INPUT packet: '
> 12 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 2 668 BASE_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 0 0 FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 0 0 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 6 0 0 EXT_FORWARD_IN_CHAIN all -- eth0 *
> 0.0.0.0/0 0.0.0.0/0
> 7 0 0 EXT_FORWARD_OUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 0 0 INT_FORWARD_IN_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 9 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 11 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0
> 0.0.0.0/0
> 12 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 eth0
> 0.0.0.0/0 0.0.0.0/0
> 13 0 0 POST_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 14 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix
> `AIF:Dropped FORWARD packet: '
> 15 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 754 181K BASE_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 94 11372 OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 94 11372 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Fragment packet: '
> 6 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
> 7 51 5930 EXT_OUTPUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 43 5442 INT_OUTPUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 9 94 11372 POST_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 10 94 11372 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 0 0 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 555 41270 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 22 2168 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 638 167K ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 22 2168 ACCEPT all -- * lo 0.0.0.0/0
> 0.0.0.0/0
>
> Chain DMZ_FORWARD_IN_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_FORWARD_OUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INET_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_LAN_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_OUTPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 VALID_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain EXT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_ICMP_FLOOD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable flood: '
> 2 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 3 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded fld: '
> 4 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 5 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param-problem fld: '
> 6 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 7 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request(ping) fld: '
> 8 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 9 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-reply(pong) flood: '
> 10 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 11 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-source-quench fld: '
> 12 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 4
> 13 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6
> prefix `AIF:ICMP(other) flood: '
> 14 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 2 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 3 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
> 4 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp dpt:0
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:TCP source port 0: '
> 6 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:UDP source port 0: '
> 7 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp spt:0
> 8 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp spt:0
> 9 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:67 dpt:68
> 10 3 180 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80
> 11 0 0 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:8000
> 12 2 120 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:22
> 13 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 14 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 15 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable: '
> 16 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded: '
> 17 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param.-problem: '
> 18 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 19 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 20 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 21 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 22 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 23 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg
> 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: '
> 24 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min
> burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: '
> 25 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
> 26 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 27 27 2604 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 28 6 360 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 29 14 952 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 30 351 37879 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 31 7 420 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 32 344 37459 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 33 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 34 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Connect attempt: '
> 35 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_DROP (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Blocked host(s): '
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain HOST_BLOCK_DST (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_SRC (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INET_DMZ_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 43 5442 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain INT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain LAN_INET_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 6 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_DROP_CHAIN (38 references)
> num pkts bytes target prot opt in out source
> destination
> 1 351 37879 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain POST_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain RESERVED_NET_CHK (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 10.0.0.0/8
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class A address: '
> 2 0 0 LOG all -- * * 172.16.0.0/12
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class B address: '
> 3 0 0 LOG all -- * * 192.168.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class C address: '
> 4 0 0 LOG all -- * * 169.254.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class M$ address: '
> 5 0 0 LOG all -- * * 224.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 6 0 0 LOG all -- * * 239.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 7 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 10.0.0.0/8 0.0.0.0/0
> 8 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 172.16.0.0/12 0.0.0.0/0
> 9 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/16 0.0.0.0/0
> 10 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 169.254.0.0/16 0.0.0.0/0
> 11 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 224.0.0.0/24 0.0.0.0/0
> 12 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 239.0.0.0/24 0.0.0.0/0
>
> Chain SPOOF_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 43 5442 RETURN all -- eth1 * 192.168.0.0/24
> 0.0.0.0/0
> 2 0 0 LOG all -- * * 192.168.0.0/24
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Spoofed packet: '
> 3 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/24 0.0.0.0/0
> 4 356 38179 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain VALID_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS scan: '
> 2 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: '
> 3 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: '
> 4 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth FIN scan: '
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: '
> 6 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: '
> 7 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth Null scan: '
> 8 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
> 9 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
> 10 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
> 11 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
> 12 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
> 13 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
> 14 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
> 15 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(64): '
> 16 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(128): '
> 17 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=64
> 18 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=128
> 19 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0 state INVALID
> 20 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix
> `AIF:Fragment packet: '
> 21 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
>
not what they look like.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36988; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039966

Povietkin Konstantin

2010-04-01 20:10:53 (#1039966)

vncserver

Проблема.
Не могу увидеть консоль vncviewer
Коннект успешно. $DISPLAY устонавливаю.
открывается но в консоль не видно.
Перегрузить нельзя. HP-UX система. Бьемся уже день. Помогите советом.

Information from ESET NOD32 Antivirus, version of virus signature
database 4991 (20100401) The message was checked by ESET NOD32 Antivirus.

http://www.esetnod32.ru

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36987; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039748

div0***@m*****.ru

2010-04-01 14:45:36 (#1039748)

Re: два сервера

ip route
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.208
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
default via 172.16.0.1 dev eth0
default via 192.168.0.1 dev eth1 scope link

iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 976 87059 BASE_INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
2 399 43621 INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
3 399 43621 HOST_BLOCK_SRC all -- * *
0.0.0.0/0 0.0.0.0/0
4 399 43621 SPOOF_CHK all -- * * 0.0.0.0/0
0.0.0.0/0
5 356 38179 VALID_CHK all -- eth0 * 0.0.0.0/0
0.0.0.0/0
6 356 38179 EXT_INPUT_CHAIN !icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 state NEW
7 0 0 EXT_INPUT_CHAIN icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec
burst 100
8 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 state NEW
9 43 5442 INT_INPUT_CHAIN all -- eth1 *
0.0.0.0/0 0.0.0.0/0
10 0 0 POST_INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
11 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
`AIF:Dropped INPUT packet: '
12 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 2 668 BASE_FORWARD_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
3 0 0 FORWARD_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
4 0 0 HOST_BLOCK_SRC all -- * *
0.0.0.0/0 0.0.0.0/0
5 0 0 HOST_BLOCK_DST all -- * *
0.0.0.0/0 0.0.0.0/0
6 0 0 EXT_FORWARD_IN_CHAIN all -- eth0 *
0.0.0.0/0 0.0.0.0/0
7 0 0 EXT_FORWARD_OUT_CHAIN all -- * eth0
0.0.0.0/0 0.0.0.0/0
8 0 0 INT_FORWARD_IN_CHAIN all -- eth1 *
0.0.0.0/0 0.0.0.0/0
9 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1
0.0.0.0/0 0.0.0.0/0
10 0 0 SPOOF_CHK all -- * * 0.0.0.0/0
0.0.0.0/0
11 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0
0.0.0.0/0
12 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 eth0
0.0.0.0/0 0.0.0.0/0
13 0 0 POST_FORWARD_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
14 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix
`AIF:Dropped FORWARD packet: '
15 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 754 181K BASE_OUTPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
3 94 11372 OUTPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
4 94 11372 HOST_BLOCK_DST all -- * *
0.0.0.0/0 0.0.0.0/0
5 0 0 LOG all -f * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
`AIF:Fragment packet: '
6 0 0 DROP all -f * * 0.0.0.0/0
0.0.0.0/0
7 51 5930 EXT_OUTPUT_CHAIN all -- * eth0
0.0.0.0/0 0.0.0.0/0
8 43 5442 INT_OUTPUT_CHAIN all -- * eth1
0.0.0.0/0 0.0.0.0/0
9 94 11372 POST_OUTPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
10 94 11372 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain BASE_FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED tcp dpts:1024:65535
3 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED udp dpts:1024:65535
4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED
5 0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0

Chain BASE_INPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 555 41270 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED tcp dpts:1024:65535
3 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED udp dpts:1024:65535
4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED
5 22 2168 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0

Chain BASE_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 638 167K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
2 22 2168 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0

Chain DMZ_FORWARD_IN_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_FORWARD_OUT_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_INET_FORWARD_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_INPUT_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_LAN_FORWARD_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_OUTPUT_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain EXT_FORWARD_IN_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 VALID_CHK all -- * * 0.0.0.0/0
0.0.0.0/0

Chain EXT_FORWARD_OUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain EXT_ICMP_FLOOD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-unreachable flood: '
2 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 3
3 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-time-exceeded fld: '
4 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 11
5 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-param-problem fld: '
6 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 12
7 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request(ping) fld: '
8 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
9 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-reply(pong) flood: '
10 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0
11 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-source-quench fld: '
12 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 4
13 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6
prefix `AIF:ICMP(other) flood: '
14 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0

Chain EXT_INPUT_CHAIN (2 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
level 6 prefix `AIF:Port 0 OS fingerprint: '
2 0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
level 6 prefix `AIF:Port 0 OS fingerprint: '
3 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:0
4 0 0 POST_INPUT_DROP_CHAIN udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:0
5 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0
level 6 prefix `AIF:TCP source port 0: '
6 0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0
level 6 prefix `AIF:UDP source port 0: '
7 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:0
8 0 0 POST_INPUT_DROP_CHAIN udp -- * *
0.0.0.0/0 0.0.0.0/0 udp spt:0
9 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:67 dpt:68
10 3 180 ACCEPT tcp -- + * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
11 0 0 ACCEPT tcp -- + * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8000
12 2 120 ACCEPT tcp -- + * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
13 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
14 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request: '
15 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-unreachable: '
16 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-time-exceeded: '
17 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-param.-problem: '
18 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 3
19 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 11
20 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 12
21 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
22 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0
23 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg
3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: '
24 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min
burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: '
25 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
26 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
level 6 prefix `AIF:PRIV connect attempt: '
27 27 2604 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
level 6 prefix `AIF:PRIV connect attempt: '
28 6 360 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG
flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
29 14 952 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG
flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
30 351 37879 POST_INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
31 7 420 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0
32 344 37459 POST_INPUT_DROP_CHAIN udp -- * *
0.0.0.0/0 0.0.0.0/0
33 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0
34 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix
`AIF:Connect attempt: '
35 0 0 POST_INPUT_DROP_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0

Chain EXT_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain HOST_BLOCK_DROP (0 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Blocked host(s): '
2 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain HOST_BLOCK_DST (2 references)
num pkts bytes target prot opt in out source
destination

Chain HOST_BLOCK_SRC (2 references)
num pkts bytes target prot opt in out source
destination

Chain INET_DMZ_FORWARD_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain INPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain INT_FORWARD_IN_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain INT_FORWARD_OUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain INT_INPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
2 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request: '
3 0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
4 43 5442 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain INT_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain LAN_INET_FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
2 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request: '
3 0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
5 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0
6 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain POST_FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain POST_INPUT_CHAIN (2 references)
num pkts bytes target prot opt in out source
destination

Chain POST_INPUT_DROP_CHAIN (38 references)
num pkts bytes target prot opt in out source
destination
1 351 37879 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain POST_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain RESERVED_NET_CHK (0 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG all -- * * 10.0.0.0/8
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class A address: '
2 0 0 LOG all -- * * 172.16.0.0/12
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class B address: '
3 0 0 LOG all -- * * 192.168.0.0/16
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class C address: '
4 0 0 LOG all -- * * 169.254.0.0/16
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class M$ address: '
5 0 0 LOG all -- * * 224.0.0.0/24
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Multicast address: '
6 0 0 LOG all -- * * 239.0.0.0/24
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Multicast address: '
7 0 0 POST_INPUT_DROP_CHAIN all -- * *
10.0.0.0/8 0.0.0.0/0
8 0 0 POST_INPUT_DROP_CHAIN all -- * *
172.16.0.0/12 0.0.0.0/0
9 0 0 POST_INPUT_DROP_CHAIN all -- * *
192.168.0.0/16 0.0.0.0/0
10 0 0 POST_INPUT_DROP_CHAIN all -- * *
169.254.0.0/16 0.0.0.0/0
11 0 0 POST_INPUT_DROP_CHAIN all -- * *
224.0.0.0/24 0.0.0.0/0
12 0 0 POST_INPUT_DROP_CHAIN all -- * *
239.0.0.0/24 0.0.0.0/0

Chain SPOOF_CHK (2 references)
num pkts bytes target prot opt in out source
destination
1 43 5442 RETURN all -- eth1 * 192.168.0.0/24
0.0.0.0/0
2 0 0 LOG all -- * * 192.168.0.0/24
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
`AIF:Spoofed packet: '
3 0 0 POST_INPUT_DROP_CHAIN all -- * *
192.168.0.0/24 0.0.0.0/0
4 356 38179 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0

Chain VALID_CHK (2 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth XMAS scan: '
2 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: '
3 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: '
4 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth FIN scan: '
5 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: '
6 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: '
7 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth Null scan: '
8 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
9 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
10 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
11 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
12 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
13 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
14 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
15 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:Bad TCP flag(64): '
16 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:Bad TCP flag(128): '
17 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp option=64
18 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp option=128
19 0 0 POST_INPUT_DROP_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
20 0 0 LOG all -f * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix
`AIF:Fragment packet: '
21 0 0 DROP all -f * * 0.0.0.0/0
0.0.0.0/0

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36986; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039644

besshaposhnikovmn

2010-04-01 12:45:52 (#1039644)

Re: два сервера

Схему можно нарисовать, например руками на листе бумаги. Маршрутизацию -
на каждой машине ip route + iptables -L -v -n --line-numbers
В Срд, 31/03/2010 в 19:09 +0400, besshaposhnikovmn пишет:
> Простите за глупый вопрос, а как?
> просто я давно работаю под линукс а с серверами начал работать недевно(((
> > Было бы не плохо, если бы Вы указали схему сети и таблицы маршрутизации
> > обеих машин.
> >
> > 31 марта 2010 г. 16:25 пользователь besshaposhnikovmn <
> > besshaposhnikov***@g*****.ru> написал:
> >
> >
> >> Доброго времени суток.
> >> У нас в сети стоит сервер раздающий интернет почту и тд по локальной сети.
> >> мы решили поднять еще один сервер подняли dns сделали его шлюзом.
> >> только вот осталась одна проблема, машины которые стоят за вторым
> >> сервером могут попасть в интернет, только если укажут прокси и порт
> >> 172.16.0.1:3128 первого сервера, можно ли это обойти, чтобы машины сразу
> >> попадали в интернет?
> >>
> >>
>
not what they look like.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36985; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039433

Povietkin Konstantin

2010-04-01 08:25:47 (#1039433)

Re: Видеокамера для скайпа

Большое спасибо всем откликнувшимся.
Есть информация для выбора :)

Eugene Saenko

2010-04-01 00:48:03 (#1039345)

Re: Видеокамера для скайпа

В Срд, 31/03/2010 в 13:24 +0400, Eugene Saenko пишет:
> Уважаемое Сообщество,
> Прошу откликнуться только тех, кто использовал видеокамеру со скапом под
> Linux.
>

Использую со скайпом A4Tech PK-600MJ. В Fedora 12 настраивать ничего не
пришлось.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36983; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039325

Тимур Владимирович Таран

2010-04-01 00:29:00 (#1039325)