Freesco, NND, CDN, EOS
http://forum.freesco.pl/

czyzbyfirewall cos blokowal? nie dziala program do zamowien
http://forum.freesco.pl/viewtopic.php?f=22&t=12910		 Strona 1 z 1
Autor:  albert_szpenio [ sobota, 1 lipca 2006, 20:34 ]
Tytuł:  czyzbyfirewall cos blokowal? nie dziala program do zamowien
witam
mam serwer na nnd od dluzszego czasu, podpialem dzisiaj do sieci kumpla ktory prowadzi sklep i ma jakis program z hurtowni do robienia zamowien on line. Niestety program sie nie laczy:( (wyskakuje komunikat ze nie ma podlaczenia do netu). wszystko inne dziala, net jest gg jest ale ten jeden jedyny program sie nie laczy :(

jedyne ustawienia w tym programie odnosnie netu sa takie:
Serwer hurtowni: 80.53.232.42
Port: 1313
Haslo: *******

moje laczeto dsl z tepsy
co moze byc nie tak ?

moj firewall wyglada tak:

: [/] [] ()
# Generated by iptables-save v1.3.1 on Sat Jul  1 12:48:09 2006
*filter
:INPUT DROP [3:275]
:FORWARD DROP [7:3192]
:OUTPUT ACCEPT [1:176]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 135,445 -j DROP
-A INPUT -i eth0 -p tcp -m multiport --dports 1313 -j ACCEPT
-A INPUT -i eth0 -p udp -m multiport --dports 1313 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT -s 192.168.1.1 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.8 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.9 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.10 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.11 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.12 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.14 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.18 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.20 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.21 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.22 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.24 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.26 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.28 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.31 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.33 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.40 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.99 -i ! eth0 -j ACCEPT
-A INPUT -s 192.168.1.101 -i ! eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o lo -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 135,445 -j DROP
-A FORWARD -d 192.168.1.9 -p tcp -m tcp --dport 4662:4672 -j ACCEPT
-A FORWARD -s 192.168.1.9 -p tcp -m tcp --sport 4662:4672 -j ACCEPT
-A FORWARD -d 192.168.1.9 -p udp -m udp --dport 4662:4672 -j ACCEPT
-A FORWARD -s 192.168.1.9 -p udp -m udp --sport 4662:4672 -j ACCEPT
-A FORWARD -d 192.168.1.40 -p tcp -m tcp --dport 1313:1313 -j ACCEPT
-A FORWARD -s 192.168.1.40 -p tcp -m tcp --sport 1313:1313 -j ACCEPT
-A FORWARD -d 192.168.1.40 -p udp -m udp --dport 1313:1313 -j ACCEPT
-A FORWARD -s 192.168.1.40 -p udp -m udp --sport 1313:1313 -j ACCEPT
-A FORWARD -s 192.168.1.1 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.8 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.9 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.10 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.11 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.12 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.14 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.18 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.20 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.21 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.22 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.24 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.26 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.28 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.31 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.33 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.40 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.99 -i ! eth0 -j ACCEPT
-A FORWARD -s 192.168.1.101 -i ! eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jul  1 12:48:10 2006
# Generated by iptables-save v1.3.1 on Sat Jul  1 12:48:10 2006
*mangle
:PREROUTING ACCEPT [8232:6447863]
:INPUT ACCEPT [759:64814]
:FORWARD ACCEPT [7463:6381181]
:OUTPUT ACCEPT [401:52301]
:POSTROUTING ACCEPT [7904:6436192]
:niceshaper_dl - [0:0]
:niceshaper_ul - [0:0]
-A PREROUTING -s 192.168.1.0/255.255.255.0 -i eth1 -j niceshaper_ul
-A INPUT -d 80.55.218.174 -i eth0 -j niceshaper_dl
-A OUTPUT -s 80.55.218.174 -o eth0 -j niceshaper_ul
-A POSTROUTING -d 192.168.1.0/255.255.255.0 -o eth1 -j niceshaper_dl
-A niceshaper_dl -s 192.168.1.1 -d 192.168.1.0/255.255.255.0 -o eth1 -j RETURN
-A niceshaper_dl -s 80.55.218.174 -d 192.168.1.0/255.255.255.0 -o eth1 -j RETURN
-A niceshaper_dl
-A niceshaper_dl -d 80.55.218.174 -i eth0 -j RETURN
-A niceshaper_dl -d 192.168.1.8 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.9 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.10 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.11 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.12 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.13 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.14 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.15 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.16 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.17 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.18 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.19 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.20 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.21 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.22 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.23 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.24 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.25 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.26 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.27 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.28 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.29 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.30 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.31 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.32 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.33 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.34 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.40 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.99 -o eth1 -j RETURN
-A niceshaper_dl -d 192.168.1.101 -o eth1 -j RETURN
-A niceshaper_ul -s 192.168.1.0/255.255.255.0 -d 192.168.1.1 -i eth1 -j RETURN
-A niceshaper_ul -s 192.168.1.0/255.255.255.0 -d 80.55.218.174 -i eth1 -j RETURN
-A niceshaper_ul
-A niceshaper_ul -s 80.55.218.174 -o eth0 -j MARK --set-mark 0x800
-A niceshaper_ul -s 192.168.1.8 -i eth1 -j MARK --set-mark 0x801
-A niceshaper_ul -s 192.168.1.9 -i eth1 -j MARK --set-mark 0x802
-A niceshaper_ul -s 192.168.1.10 -i eth1 -j MARK --set-mark 0x803
-A niceshaper_ul -s 192.168.1.11 -i eth1 -j MARK --set-mark 0x804
-A niceshaper_ul -s 192.168.1.12 -i eth1 -j MARK --set-mark 0x805
-A niceshaper_ul -s 192.168.1.13 -i eth1 -j MARK --set-mark 0x806
-A niceshaper_ul -s 192.168.1.14 -i eth1 -j MARK --set-mark 0x807
-A niceshaper_ul -s 192.168.1.15 -i eth1 -j MARK --set-mark 0x808
-A niceshaper_ul -s 192.168.1.16 -i eth1 -j MARK --set-mark 0x809
-A niceshaper_ul -s 192.168.1.17 -i eth1 -j MARK --set-mark 0x80a
-A niceshaper_ul -s 192.168.1.18 -i eth1 -j MARK --set-mark 0x80b
-A niceshaper_ul -s 192.168.1.19 -i eth1 -j MARK --set-mark 0x80c
-A niceshaper_ul -s 192.168.1.20 -i eth1 -j MARK --set-mark 0x80d
-A niceshaper_ul -s 192.168.1.21 -i eth1 -j MARK --set-mark 0x80e
-A niceshaper_ul -s 192.168.1.22 -i eth1 -j MARK --set-mark 0x80f
-A niceshaper_ul -s 192.168.1.23 -i eth1 -j MARK --set-mark 0x810
-A niceshaper_ul -s 192.168.1.24 -i eth1 -j MARK --set-mark 0x811
-A niceshaper_ul -s 192.168.1.25 -i eth1 -j MARK --set-mark 0x812
-A niceshaper_ul -s 192.168.1.26 -i eth1 -j MARK --set-mark 0x813
-A niceshaper_ul -s 192.168.1.27 -i eth1 -j MARK --set-mark 0x814
-A niceshaper_ul -s 192.168.1.28 -i eth1 -j MARK --set-mark 0x815
-A niceshaper_ul -s 192.168.1.29 -i eth1 -j MARK --set-mark 0x816
-A niceshaper_ul -s 192.168.1.30 -i eth1 -j MARK --set-mark 0x817
-A niceshaper_ul -s 192.168.1.31 -i eth1 -j MARK --set-mark 0x818
-A niceshaper_ul -s 192.168.1.32 -i eth1 -j MARK --set-mark 0x819
-A niceshaper_ul -s 192.168.1.33 -i eth1 -j MARK --set-mark 0x81a
-A niceshaper_ul -s 192.168.1.34 -i eth1 -j MARK --set-mark 0x81b
-A niceshaper_ul -s 192.168.1.40 -i eth1 -j MARK --set-mark 0x81b
-A niceshaper_ul -s 192.168.1.99 -i eth1 -j MARK --set-mark 0x81b
-A niceshaper_ul -s 192.168.1.101 -i eth1 -j MARK --set-mark 0x81c
COMMIT
# Completed on Sat Jul  1 12:48:10 2006
# Generated by iptables-save v1.3.1 on Sat Jul  1 12:48:10 2006
*nat
:PREROUTING ACCEPT [620:56801]
:POSTROUTING ACCEPT [7:861]
:OUTPUT ACCEPT [7:861]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 4662:4672 -j DNAT --to-destination 192.168.1.9
-A PREROUTING -i eth0 -p udp -m udp --dport 4662:4672 -j DNAT --to-destination 192.168.1.9
-A PREROUTING -i eth0 -p tcp -m tcp --dport 1313:1313 -j DNAT --to-destination 192.168.1.40
-A PREROUTING -i eth0 -p udp -m udp --dport 1313:1313 -j DNAT --to-destination 192.168.1.40
-A POSTROUTING -s 192.168.1.1 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.9 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.10 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.11 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.12 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.14 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.18 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.20 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.21 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.22 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.26 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.28 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.31 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.33 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.40 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.99 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.101 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Jul  1 12:48:10 2006
GeSHi © Codebox Plus
Autor:  albert_szpenio [ sobota, 1 lipca 2006, 20:35 ]
Tytuł: 
aaa ...koles dostal ode mnie adres 192.168.1.40

chcialem przy pomocy nndconf przekierowac ruch z portu 1313 na jego ip...ale nic to nie dalo :(
Autor:  zciech [ sobota, 1 lipca 2006, 21:50 ]
Tytuł: 
sprawdz za swojego serwera:
: [/] [] ()
root@serwer:~$nmap 80.53.232.42 -p 1313

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on cw42.internetdsl.tpnet.pl (80.53.232.42):
Port       State       Service
1313/tcp   open        unknown
GeSHi © Codebox Plus


jesli nie bedzie open to sprawdz maske dla eth0

: [/] [] ()
root@serwer:~$ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:30:4F:17:28:32
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
GeSHi © Codebox Plus


nie musisz nic przekierowywac
:!:
Autor:  albert_szpenio [ sobota, 1 lipca 2006, 23:17 ]
Tytuł: 
po poleceniu nmap mialem cos takiego:

: [/] [] ()
[root@router_nnd hubert]# nmap 80.53.232.42 -p 1313

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-07-01 21:58 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.106 seconds
GeSHi © Codebox Plus
Autor:  albert_szpenio [ sobota, 1 lipca 2006, 23:18 ]
Tytuł: 
po ifconfig:

: [/] [] ()
[root@router_nnd hubert]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:80:AD:76:88:13
          inet addr:80.55.218.174  Bcast:80.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:843807 errors:0 dropped:0 overruns:0 frame:0
          TX packets:831533 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:488072315 (465.4 Mb)  TX bytes:384462432 (366.6 Mb)
          Interrupt:10 Base address:0x1000
GeSHi © Codebox Plus
Autor:  zciech [ niedziela, 2 lipca 2006, 00:04 ]
Tytuł: 
255.0.0.0 ale maske wyj..ales

poptaw w
/etc/network/external/rc.dsl
: [/] [] ()
#!/bin/sh

. /etc/rc.conf
. /etc/rc.d/functions

IP="twoj ip tu jest"
GATEWAY="twoj gatewaj tu jest"
MASKA="255.255.255.224"<----- tu popraw maske
BROADCAST="`/bin/ipmask $MASKA $IP | cut -f 1 -d ' '`"

case $1 in
        start)
                ifconfig $EXTIF $IP broadcast $BROADCAST netmask $MASKA up && \
                route add default gw $GATEWAY
                wynik
                ;;
        stop)
                route del default && \
                ifconfig $EXTIF down
                wynik
                ;;
esac
GeSHi © Codebox Plus


na taka jaka dostales od tepsy
255.255.255.cos co zalezy od rodzaju dsl-a

i zrestartuj to
./rc.dsl stop
./rc.dsl start
Autor:  albert_szpenio [ niedziela, 2 lipca 2006, 12:17 ]
Tytuł: 
ObrazekObrazekObrazekObrazek

jestes wielki :)))

DZIEKI...dziala :)
Strona 1 z 1 Strefa czasowa UTC+2godz.
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/