два сервера

два сервера

Ответы:

Linux: разрешение вопросов, перспективы и общение

Статистика

← Март 2010 →
1	2	3	4	5	6	7
8	9	10 10.03.2010 09:07:48 11:45:53 12:02:11 12:51:00 19:08:52	11 11.03.2010 04:55:50 09:25:38 13:13:39 20:35:59 21:46:22	12 12.03.2010 12:23:46 13:00:49 14:10:50 14:41:18 15:41:43	13	14
15	16 16.03.2010 07:06:16 09:42:58 10:02:38 11:00:56	17	18	19	20	21
22	23	24 24.03.2010 18:36:46 20:02:08 21:03:26	25 25.03.2010 09:46:08 10:35:55 10:57:24 11:03:03 11:19:59 11:26:00 11:34:29 11:42:02 16:47:12 17:27:31 23:36:32	26 26.03.2010 07:14:35 09:40:16 11:30:53 13:34:39 22:31:09	27 27.03.2010 11:18:37 12:27:17 12:33:33 12:42:32 14:52:21 15:02:03 15:21:06	28
29 29.03.2010 08:16:28 10:30:41 15:14:47 18:33:27	30 30.03.2010 05:28:25 11:05:03	31 31.03.2010 13:25:58 13:45:56 13:47:57 14:06:28 16:20:52 16:31:56 17:31:04 18:05:19 23:53:27

Доброго времени суток.
У нас в сети стоит сервер раздающий интернет почту и тд по локальной сети.
мы решили поднять еще один сервер подняли dns сделали его шлюзом.
только вот осталась одна проблема, машины которые стоят за вторым
сервером могут попасть в интернет, только если укажут прокси и порт
172.16.0.1:3128 первого сервера, можно ли это обойти, чтобы машины сразу
попадали в интернет?

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36979; Возраст листа: 2441; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1038993

Ответить

besshaposhnikovmn

Wed, 31 Mar 2010 17:25:14 +0400 (#1038993)

Было бы не плохо, если бы Вы указали схему сети и таблицы маршрутизации
обеих машин.

31 марта 2010 г. 16:25 пользователь besshaposhnikovmn <
besshaposhnikov***@g*****.ru> написал:

› показать цитату

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36980; Возраст листа: 2441; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039041

Ответить

Константин Поветкин

Wed, 31 Mar 2010 16:07:07 +0300 (#1039041)

Простите за глупый вопрос, а как?
просто я давно работаю под линукс а с серверами начал работать недевно(((

› показать цитату

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36981; Возраст листа: 2441; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039083

Ответить

besshaposhnikovmn

Wed, 31 Mar 2010 19:09:24 +0400 (#1039083)

Схему можно нарисовать, например руками на листе бумаги. Маршрутизацию -
на каждой машине ip route + iptables -L -v -n --line-numbers
В Срд, 31/03/2010 в 19:09 +0400, besshaposhnikovmn пишет:

› показать цитату

not what they look like.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36985; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039433

Ответить

Povietkin Konstantin

Thu, 01 Apr 2010 07:19:35 +0300 (#1039433)

ip route
172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.208
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
default via 172.16.0.1 dev eth0
default via 192.168.0.1 dev eth1 scope link

iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 976 87059 BASE_INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
2 399 43621 INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
3 399 43621 HOST_BLOCK_SRC all -- * *
0.0.0.0/0 0.0.0.0/0
4 399 43621 SPOOF_CHK all -- * * 0.0.0.0/0
0.0.0.0/0
5 356 38179 VALID_CHK all -- eth0 * 0.0.0.0/0
0.0.0.0/0
6 356 38179 EXT_INPUT_CHAIN !icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 state NEW
7 0 0 EXT_INPUT_CHAIN icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec
burst 100
8 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0 state NEW
9 43 5442 INT_INPUT_CHAIN all -- eth1 *
0.0.0.0/0 0.0.0.0/0
10 0 0 POST_INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
11 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
`AIF:Dropped INPUT packet: '
12 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 2 668 BASE_FORWARD_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
3 0 0 FORWARD_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
4 0 0 HOST_BLOCK_SRC all -- * *
0.0.0.0/0 0.0.0.0/0
5 0 0 HOST_BLOCK_DST all -- * *
0.0.0.0/0 0.0.0.0/0
6 0 0 EXT_FORWARD_IN_CHAIN all -- eth0 *
0.0.0.0/0 0.0.0.0/0
7 0 0 EXT_FORWARD_OUT_CHAIN all -- * eth0
0.0.0.0/0 0.0.0.0/0
8 0 0 INT_FORWARD_IN_CHAIN all -- eth1 *
0.0.0.0/0 0.0.0.0/0
9 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1
0.0.0.0/0 0.0.0.0/0
10 0 0 SPOOF_CHK all -- * * 0.0.0.0/0
0.0.0.0/0
11 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0
0.0.0.0/0
12 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 eth0
0.0.0.0/0 0.0.0.0/0
13 0 0 POST_FORWARD_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
14 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix
`AIF:Dropped FORWARD packet: '
15 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source
destination
1 754 181K BASE_OUTPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
3 94 11372 OUTPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
4 94 11372 HOST_BLOCK_DST all -- * *
0.0.0.0/0 0.0.0.0/0
5 0 0 LOG all -f * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
`AIF:Fragment packet: '
6 0 0 DROP all -f * * 0.0.0.0/0
0.0.0.0/0
7 51 5930 EXT_OUTPUT_CHAIN all -- * eth0
0.0.0.0/0 0.0.0.0/0
8 43 5442 INT_OUTPUT_CHAIN all -- * eth1
0.0.0.0/0 0.0.0.0/0
9 94 11372 POST_OUTPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
10 94 11372 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain BASE_FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED tcp dpts:1024:65535
3 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED udp dpts:1024:65535
4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED
5 0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0

Chain BASE_INPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 555 41270 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED tcp dpts:1024:65535
3 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED udp dpts:1024:65535
4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED
5 22 2168 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0

Chain BASE_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 638 167K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
2 22 2168 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0

Chain DMZ_FORWARD_IN_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_FORWARD_OUT_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_INET_FORWARD_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_INPUT_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_LAN_FORWARD_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain DMZ_OUTPUT_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain EXT_FORWARD_IN_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 VALID_CHK all -- * * 0.0.0.0/0
0.0.0.0/0

Chain EXT_FORWARD_OUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain EXT_ICMP_FLOOD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-unreachable flood: '
2 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 3
3 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-time-exceeded fld: '
4 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 11
5 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-param-problem fld: '
6 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 12
7 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request(ping) fld: '
8 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
9 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-reply(pong) flood: '
10 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0
11 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-source-quench fld: '
12 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 4
13 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6
prefix `AIF:ICMP(other) flood: '
14 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0

Chain EXT_INPUT_CHAIN (2 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
level 6 prefix `AIF:Port 0 OS fingerprint: '
2 0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
level 6 prefix `AIF:Port 0 OS fingerprint: '
3 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:0
4 0 0 POST_INPUT_DROP_CHAIN udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:0
5 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0
level 6 prefix `AIF:TCP source port 0: '
6 0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0
level 6 prefix `AIF:UDP source port 0: '
7 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp spt:0
8 0 0 POST_INPUT_DROP_CHAIN udp -- * *
0.0.0.0/0 0.0.0.0/0 udp spt:0
9 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:67 dpt:68
10 3 180 ACCEPT tcp -- + * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
11 0 0 ACCEPT tcp -- + * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8000
12 2 120 ACCEPT tcp -- + * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
13 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
14 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request: '
15 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-unreachable: '
16 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-time-exceeded: '
17 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-param.-problem: '
18 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 3
19 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 11
20 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 12
21 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
22 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 0
23 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg
3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: '
24 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min
burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: '
25 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
26 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
level 6 prefix `AIF:PRIV connect attempt: '
27 27 2604 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
level 6 prefix `AIF:PRIV connect attempt: '
28 6 360 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG
flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
29 14 952 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG
flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
30 351 37879 POST_INPUT_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0
31 7 420 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0
32 344 37459 POST_INPUT_DROP_CHAIN udp -- * *
0.0.0.0/0 0.0.0.0/0
33 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
0.0.0.0/0 0.0.0.0/0
34 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix
`AIF:Connect attempt: '
35 0 0 POST_INPUT_DROP_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0

Chain EXT_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain HOST_BLOCK_DROP (0 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Blocked host(s): '
2 0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain HOST_BLOCK_DST (2 references)
num pkts bytes target prot opt in out source
destination

Chain HOST_BLOCK_SRC (2 references)
num pkts bytes target prot opt in out source
destination

Chain INET_DMZ_FORWARD_CHAIN (0 references)
num pkts bytes target prot opt in out source
destination

Chain INPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain INT_FORWARD_IN_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain INT_FORWARD_OUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain INT_INPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
2 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request: '
3 0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
4 43 5442 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain INT_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain LAN_INET_FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination
1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
2 0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:ICMP-request: '
3 0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0
5 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0
6 0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain POST_FORWARD_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain POST_INPUT_CHAIN (2 references)
num pkts bytes target prot opt in out source
destination

Chain POST_INPUT_DROP_CHAIN (38 references)
num pkts bytes target prot opt in out source
destination
1 351 37879 DROP all -- * * 0.0.0.0/0
0.0.0.0/0

Chain POST_OUTPUT_CHAIN (1 references)
num pkts bytes target prot opt in out source
destination

Chain RESERVED_NET_CHK (0 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG all -- * * 10.0.0.0/8
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class A address: '
2 0 0 LOG all -- * * 172.16.0.0/12
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class B address: '
3 0 0 LOG all -- * * 192.168.0.0/16
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class C address: '
4 0 0 LOG all -- * * 169.254.0.0/16
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Class M$ address: '
5 0 0 LOG all -- * * 224.0.0.0/24
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Multicast address: '
6 0 0 LOG all -- * * 239.0.0.0/24
0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
`AIF:Multicast address: '
7 0 0 POST_INPUT_DROP_CHAIN all -- * *
10.0.0.0/8 0.0.0.0/0
8 0 0 POST_INPUT_DROP_CHAIN all -- * *
172.16.0.0/12 0.0.0.0/0
9 0 0 POST_INPUT_DROP_CHAIN all -- * *
192.168.0.0/16 0.0.0.0/0
10 0 0 POST_INPUT_DROP_CHAIN all -- * *
169.254.0.0/16 0.0.0.0/0
11 0 0 POST_INPUT_DROP_CHAIN all -- * *
224.0.0.0/24 0.0.0.0/0
12 0 0 POST_INPUT_DROP_CHAIN all -- * *
239.0.0.0/24 0.0.0.0/0

Chain SPOOF_CHK (2 references)
num pkts bytes target prot opt in out source
destination
1 43 5442 RETURN all -- eth1 * 192.168.0.0/24
0.0.0.0/0
2 0 0 LOG all -- * * 192.168.0.0/24
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
`AIF:Spoofed packet: '
3 0 0 POST_INPUT_DROP_CHAIN all -- * *
192.168.0.0/24 0.0.0.0/0
4 356 38179 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0

Chain VALID_CHK (2 references)
num pkts bytes target prot opt in out source
destination
1 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth XMAS scan: '
2 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: '
3 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: '
4 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth FIN scan: '
5 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: '
6 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: '
7 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG
flags 0 level 6 prefix `AIF:Stealth Null scan: '
8 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
9 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
10 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
11 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
12 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
13 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
14 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
15 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:Bad TCP flag(64): '
16 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0
level 6 prefix `AIF:Bad TCP flag(128): '
17 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp option=64
18 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp option=128
19 0 0 POST_INPUT_DROP_CHAIN all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
20 0 0 LOG all -f * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix
`AIF:Fragment packet: '
21 0 0 DROP all -f * * 0.0.0.0/0
0.0.0.0/0

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36986; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039644

Ответить

besshaposhnikovmn

Thu, 01 Apr 2010 13:50:33 +0400 (#1039644)

Если можно еще и ip rule show
В Чтв, 01/04/2010 в 13:50 +0400, besshaposhnikovmn пишет:

› показать цитату

> ip route
> 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.208
> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
> default via 172.16.0.1 dev eth0
> default via 192.168.0.1 dev eth1 scope link
>
>
>
> iptables -L -v -n --line-numbers
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 976 87059 BASE_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 399 43621 INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 3 399 43621 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 399 43621 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 356 38179 VALID_CHK all -- eth0 * 0.0.0.0/0
> 0.0.0.0/0
> 6 356 38179 EXT_INPUT_CHAIN !icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 7 0 0 EXT_INPUT_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec
> burst 100
> 8 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 9 43 5442 INT_INPUT_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 11 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
> `AIF:Dropped INPUT packet: '
> 12 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 2 668 BASE_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 0 0 FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 0 0 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 6 0 0 EXT_FORWARD_IN_CHAIN all -- eth0 *
> 0.0.0.0/0 0.0.0.0/0
> 7 0 0 EXT_FORWARD_OUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 0 0 INT_FORWARD_IN_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 9 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 11 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0
> 0.0.0.0/0
> 12 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 eth0
> 0.0.0.0/0 0.0.0.0/0
> 13 0 0 POST_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 14 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix
> `AIF:Dropped FORWARD packet: '
> 15 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 754 181K BASE_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 94 11372 OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 94 11372 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Fragment packet: '
> 6 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
> 7 51 5930 EXT_OUTPUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 43 5442 INT_OUTPUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 9 94 11372 POST_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 10 94 11372 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 0 0 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 555 41270 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 22 2168 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 638 167K ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 22 2168 ACCEPT all -- * lo 0.0.0.0/0
> 0.0.0.0/0
>
> Chain DMZ_FORWARD_IN_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_FORWARD_OUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INET_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_LAN_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_OUTPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 VALID_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain EXT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_ICMP_FLOOD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable flood: '
> 2 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 3 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded fld: '
> 4 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 5 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param-problem fld: '
> 6 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 7 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request(ping) fld: '
> 8 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 9 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-reply(pong) flood: '
> 10 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 11 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-source-quench fld: '
> 12 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 4
> 13 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6
> prefix `AIF:ICMP(other) flood: '
> 14 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 2 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 3 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
> 4 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp dpt:0
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:TCP source port 0: '
> 6 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:UDP source port 0: '
> 7 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp spt:0
> 8 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp spt:0
> 9 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:67 dpt:68
> 10 3 180 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80
> 11 0 0 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:8000
> 12 2 120 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:22
> 13 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 14 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 15 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable: '
> 16 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded: '
> 17 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param.-problem: '
> 18 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 19 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 20 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 21 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 22 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 23 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg
> 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: '
> 24 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min
> burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: '
> 25 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
> 26 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 27 27 2604 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 28 6 360 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 29 14 952 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 30 351 37879 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 31 7 420 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 32 344 37459 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 33 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 34 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Connect attempt: '
> 35 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_DROP (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Blocked host(s): '
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain HOST_BLOCK_DST (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_SRC (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INET_DMZ_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 43 5442 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain INT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain LAN_INET_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 6 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_DROP_CHAIN (38 references)
> num pkts bytes target prot opt in out source
> destination
> 1 351 37879 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain POST_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain RESERVED_NET_CHK (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 10.0.0.0/8
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class A address: '
> 2 0 0 LOG all -- * * 172.16.0.0/12
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class B address: '
> 3 0 0 LOG all -- * * 192.168.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class C address: '
> 4 0 0 LOG all -- * * 169.254.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class M$ address: '
> 5 0 0 LOG all -- * * 224.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 6 0 0 LOG all -- * * 239.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 7 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 10.0.0.0/8 0.0.0.0/0
> 8 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 172.16.0.0/12 0.0.0.0/0
> 9 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/16 0.0.0.0/0
> 10 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 169.254.0.0/16 0.0.0.0/0
> 11 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 224.0.0.0/24 0.0.0.0/0
> 12 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 239.0.0.0/24 0.0.0.0/0
>
> Chain SPOOF_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 43 5442 RETURN all -- eth1 * 192.168.0.0/24
> 0.0.0.0/0
> 2 0 0 LOG all -- * * 192.168.0.0/24
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Spoofed packet: '
> 3 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/24 0.0.0.0/0
> 4 356 38179 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain VALID_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS scan: '
> 2 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: '
> 3 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: '
> 4 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth FIN scan: '
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: '
> 6 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: '
> 7 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth Null scan: '
> 8 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
> 9 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
> 10 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
> 11 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
> 12 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
> 13 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
> 14 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
> 15 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(64): '
> 16 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(128): '
> 17 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=64
> 18 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=128
> 19 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0 state INVALID
> 20 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix
> `AIF:Fragment packet: '
> 21 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
>

not what they look like.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36988; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039966

Ответить

Povietkin Konstantin

Thu, 01 Apr 2010 19:04:37 +0300 (#1039966)

В добавок к ip rule show, ip route table %tablename% каждой таблицы,
которая упоминается в ip rule show.

В Чтв, 01/04/2010 в 13:50 +0400, besshaposhnikovmn пишет:

› показать цитату

> ip route
> 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.208
> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
> default via 172.16.0.1 dev eth0
> default via 192.168.0.1 dev eth1 scope link
>
>
>
> iptables -L -v -n --line-numbers
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 976 87059 BASE_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 399 43621 INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 3 399 43621 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 399 43621 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 356 38179 VALID_CHK all -- eth0 * 0.0.0.0/0
> 0.0.0.0/0
> 6 356 38179 EXT_INPUT_CHAIN !icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 7 0 0 EXT_INPUT_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 60/sec
> burst 100
> 8 0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 *
> 0.0.0.0/0 0.0.0.0/0 state NEW
> 9 43 5442 INT_INPUT_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 11 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix
> `AIF:Dropped INPUT packet: '
> 12 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 2 668 BASE_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 0 0 FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 0 0 HOST_BLOCK_SRC all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 6 0 0 EXT_FORWARD_IN_CHAIN all -- eth0 *
> 0.0.0.0/0 0.0.0.0/0
> 7 0 0 EXT_FORWARD_OUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 0 0 INT_FORWARD_IN_CHAIN all -- eth1 *
> 0.0.0.0/0 0.0.0.0/0
> 9 0 0 INT_FORWARD_OUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 10 0 0 SPOOF_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 11 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0
> 0.0.0.0/0
> 12 0 0 LAN_INET_FORWARD_CHAIN all -- eth1 eth0
> 0.0.0.0/0 0.0.0.0/0
> 13 0 0 POST_FORWARD_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 14 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 3 LOG flags 0 level 6 prefix
> `AIF:Dropped FORWARD packet: '
> 15 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 754 181K BASE_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 2 0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
> 3 94 11372 OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 4 94 11372 HOST_BLOCK_DST all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 5 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Fragment packet: '
> 6 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
> 7 51 5930 EXT_OUTPUT_CHAIN all -- * eth0
> 0.0.0.0/0 0.0.0.0/0
> 8 43 5442 INT_OUTPUT_CHAIN all -- * eth1
> 0.0.0.0/0 0.0.0.0/0
> 9 94 11372 POST_OUTPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 10 94 11372 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 0 0 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 555 41270 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED tcp dpts:1024:65535
> 3 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED udp dpts:1024:65535
> 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED
> 5 22 2168 ACCEPT all -- lo * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain BASE_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 638 167K ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 state ESTABLISHED
> 2 22 2168 ACCEPT all -- * lo 0.0.0.0/0
> 0.0.0.0/0
>
> Chain DMZ_FORWARD_IN_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_FORWARD_OUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INET_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_INPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_LAN_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain DMZ_OUTPUT_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 VALID_CHK all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain EXT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain EXT_ICMP_FLOOD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable flood: '
> 2 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 3 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded fld: '
> 4 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 5 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param-problem fld: '
> 6 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 7 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request(ping) fld: '
> 8 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 9 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 0 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-reply(pong) flood: '
> 10 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 11 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 4 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-source-quench fld: '
> 12 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 4
> 13 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 12/hour burst 1 LOG flags 0 level 6
> prefix `AIF:ICMP(other) flood: '
> 14 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 2 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpt:0 limit: avg 6/hour burst 1 LOG flags 0
> level 6 prefix `AIF:Port 0 OS fingerprint: '
> 3 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
> 4 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp dpt:0
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:TCP source port 0: '
> 6 0 0 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:0 limit: avg 6/hour burst 5 LOG flags 0
> level 6 prefix `AIF:UDP source port 0: '
> 7 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp spt:0
> 8 0 0 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0 udp spt:0
> 9 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp spt:67 dpt:68
> 10 3 180 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80
> 11 0 0 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:8000
> 12 2 120 ACCEPT tcp -- + * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:22
> 13 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 14 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 15 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 3 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-unreachable: '
> 16 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 11 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-time-exceeded: '
> 17 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 12 limit: avg 12/hour burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-param.-problem: '
> 18 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 3
> 19 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 11
> 20 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 12
> 21 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 8
> 22 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0 icmp type 0
> 23 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 flags:!0x17/0x02 limit: avg
> 3/min burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (UNPRIV)?: '
> 24 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 flags:!0x17/0x02 limit: avg 3/min
> burst 5 LOG flags 0 level 6 prefix `AIF:Stealth scan (PRIV)?: '
> 25 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
> 26 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 27 27 2604 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0
> level 6 prefix `AIF:PRIV connect attempt: '
> 28 6 360 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 29 14 952 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 udp dpts:1024:65535 limit: avg 6/min burst 2 LOG
> flags 0 level 6 prefix `AIF:UNPRIV connect attempt: '
> 30 351 37879 POST_INPUT_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 31 7 420 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 32 344 37459 POST_INPUT_DROP_CHAIN udp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 33 0 0 POST_INPUT_DROP_CHAIN icmp -- * *
> 0.0.0.0/0 0.0.0.0/0
> 34 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Connect attempt: '
> 35 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0
>
> Chain EXT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_DROP (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Blocked host(s): '
> 2 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain HOST_BLOCK_DST (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain HOST_BLOCK_SRC (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INET_DMZ_FORWARD_CHAIN (0 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_IN_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_FORWARD_OUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain INT_INPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 43 5442 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain INT_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain LAN_INET_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 ACCEPT icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 20/sec burst 100
> 2 0 0 LOG icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:ICMP-request: '
> 3 0 0 DROP icmp -- * * 0.0.0.0/0
> 0.0.0.0/0 icmp type 8
> 4 0 0 ACCEPT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 5 0 0 ACCEPT udp -- * * 0.0.0.0/0
> 0.0.0.0/0
> 6 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_FORWARD_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_CHAIN (2 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain POST_INPUT_DROP_CHAIN (38 references)
> num pkts bytes target prot opt in out source
> destination
> 1 351 37879 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain POST_OUTPUT_CHAIN (1 references)
> num pkts bytes target prot opt in out source
> destination
>
> Chain RESERVED_NET_CHK (0 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG all -- * * 10.0.0.0/8
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class A address: '
> 2 0 0 LOG all -- * * 172.16.0.0/12
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class B address: '
> 3 0 0 LOG all -- * * 192.168.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class C address: '
> 4 0 0 LOG all -- * * 169.254.0.0/16
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Class M$ address: '
> 5 0 0 LOG all -- * * 224.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 6 0 0 LOG all -- * * 239.0.0.0/24
> 0.0.0.0/0 limit: avg 1/min burst 1 LOG flags 0 level 6 prefix
> `AIF:Multicast address: '
> 7 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 10.0.0.0/8 0.0.0.0/0
> 8 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 172.16.0.0/12 0.0.0.0/0
> 9 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/16 0.0.0.0/0
> 10 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 169.254.0.0/16 0.0.0.0/0
> 11 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 224.0.0.0/24 0.0.0.0/0
> 12 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 239.0.0.0/24 0.0.0.0/0
>
> Chain SPOOF_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 43 5442 RETURN all -- eth1 * 192.168.0.0/24
> 0.0.0.0/0
> 2 0 0 LOG all -- * * 192.168.0.0/24
> 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix
> `AIF:Spoofed packet: '
> 3 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 192.168.0.0/24 0.0.0.0/0
> 4 356 38179 RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain VALID_CHK (2 references)
> num pkts bytes target prot opt in out source
> destination
> 1 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x29 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS scan: '
> 2 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x37 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-PSH scan: '
> 3 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x3F limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth XMAS-ALL scan: '
> 4 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x01 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth FIN scan: '
> 5 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x06/0x06 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/RST scan: '
> 6 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x03/0x03 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth SYN/FIN scan?: '
> 7 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp flags:0x3F/0x00 limit: avg 3/min burst 5 LOG
> flags 0 level 6 prefix `AIF:Stealth Null scan: '
> 8 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
> 9 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
> 10 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
> 11 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
> 12 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
> 13 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
> 14 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
> 15 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=64 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(64): '
> 16 0 0 LOG tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp option=128 limit: avg 3/min burst 1 LOG flags 0
> level 6 prefix `AIF:Bad TCP flag(128): '
> 17 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=64
> 18 0 0 POST_INPUT_DROP_CHAIN tcp -- * *
> 0.0.0.0/0 0.0.0.0/0 tcp option=128
> 19 0 0 POST_INPUT_DROP_CHAIN all -- * *
> 0.0.0.0/0 0.0.0.0/0 state INVALID
> 20 0 0 LOG all -f * * 0.0.0.0/0
> 0.0.0.0/0 limit: avg 3/min burst 1 LOG flags 0 level 4 prefix
> `AIF:Fragment packet: '
> 21 0 0 DROP all -f * * 0.0.0.0/0
> 0.0.0.0/0
>

not what they look like.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 36989; Возраст листа: 2442; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1039977

Ответить

Povietkin Konstantin

Thu, 01 Apr 2010 19:16:20 +0300 (#1039977)

оказалось, что проблема в не настроенном dns
Я блин по ошибке удалил конфиги как мне их восстановить?

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 37002; Возраст листа: 2447; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1043490

Ответить

besshaposhnikovmn

Tue, 06 Apr 2010 09:24:54 +0400 (#1043490)

On 06.04.2010 08:24, besshaposhnikovmn wrote:

› показать цитату

Если бекапа нет то в большинстве случаев с данными можно попрощаться.
Впрочем если много свободного времени то можно попробовать открыть винт
в HEX-редакторе и попытаться поискать характерную строчку нужного конфига.

-*Название листа "Linux: разрешение вопросов, перспективы и общение";
Написать в лист: mailto:comp.soft.linux.discuss-list@subscribe.ru
Адрес правил листа http://subscribe.ru/catalog/comp.soft.linux.discuss/rules
Номер письма: 37003; Возраст листа: 2447; Участников: 1366
Адрес сайта рассылки: http://www.linuxrsp.ru
Адрес этого письма в архиве: http://subscribe.ru/archive/comp.soft.linux.discuss/msg/1043552

Ответить

Amper

Tue, 06 Apr 2010 09:47:35 +0300 (#1043552)

← Март 2010 →

10 10.03.2010 09:07:48 11:45:53 12:02:11 12:51:00 19:08:52

11 11.03.2010 04:55:50 09:25:38 13:13:39 20:35:59 21:46:22

12 12.03.2010 12:23:46 13:00:49 14:10:50 14:41:18 15:41:43

16 16.03.2010 07:06:16 09:42:58 10:02:38 11:00:56

24 24.03.2010 18:36:46 20:02:08 21:03:26

25 25.03.2010 09:46:08 10:35:55 10:57:24 11:03:03 11:19:59 11:26:00 11:34:29 11:42:02 16:47:12 17:27:31 23:36:32

26 26.03.2010 07:14:35 09:40:16 11:30:53 13:34:39 22:31:09

27 27.03.2010 11:18:37 12:27:17 12:33:33 12:42:32 14:52:21 15:02:03 15:21:06

29 29.03.2010 08:16:28 10:30:41 15:14:47 18:33:27

30 30.03.2010 05:28:25 11:05:03

31 31.03.2010 13:25:58 13:45:56 13:47:57 14:06:28 16:20:52 16:31:56 17:31:04 18:05:19 23:53:27