Freesco, NND, CDN, EOS :: Wyświetl temat - firewall... Czy ktos moze pomoc ??!!

: [/] [] ()

# Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005
*filter
:INPUT DROP [72809:5286018]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [18113:7587085]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 135,445 -j DROP
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT -i ! eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o lo -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 135,445 -j DROP
-A FORWARD -i ! eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Jan 31 19:42:18 2005
# Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005
*mangle
:PREROUTING ACCEPT [4332988:1943617490]
:INPUT ACCEPT [104881:9583447]
:FORWARD ACCEPT [4228062:1934028369]
:OUTPUT ACCEPT [18113:7587085]
:POSTROUTING ACCEPT [4246175:1941615454]
:niceshaper_dl - [0:0]
:niceshaper_ul - [0:0]
-A PREROUTING -s 195.182.164.0/255.255.255.0 -i eth1 -j niceshaper_ul
-A POSTROUTING -d 195.182.164.0/255.255.255.0 -o eth1 -j niceshaper_dl
-A niceshaper_dl -s 195.182.164.1 -d 195.182.164.0/255.255.255.0 -o eth1 -j RETURN
-A niceshaper_dl -s 83.16.49.98 -d 195.182.164.0/255.255.255.0 -o eth1 -j RETURN
-A niceshaper_dl
-A niceshaper_dl -d 195.182.164.1 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.2 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.3 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.4 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.5 -o eth1 -j RETURN
.....
-A niceshaper_dl -d 195.182.164.50 -o eth1 -j RETURN
-A niceshaper_ul -s 195.182.164.0/255.255.255.0 -d 195.182.164.1 -i eth1 -j RETURN
-A niceshaper_ul -s 195.182.164.0/255.255.255.0 -d 83.16.49.98 -i eth1 -j RETURN
-A niceshaper_ul
-A niceshaper_ul -s 195.182.164.1 -i eth1 -j MARK --set-mark 0x801
-A niceshaper_ul -s 195.182.164.2 -i eth1 -j MARK --set-mark 0x802
-A niceshaper_ul -s 195.182.164.3 -i eth1 -j MARK --set-mark 0x803
-A niceshaper_ul -s 195.182.164.4 -i eth1 -j MARK --set-mark 0x804
-A niceshaper_ul -s 195.182.164.5 -i eth1 -j MARK --set-mark 0x805
....
-A niceshaper_ul -s 195.182.164.50 -i eth1 -j MARK --set-mark 0x832
COMMIT
# Completed on Mon Jan 31 19:42:18 2005
# Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005
*nat
:PREROUTING ACCEPT [202193:12918989]
:POSTROUTING ACCEPT [2:96]
:OUTPUT ACCEPT [5:275]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jan 31 19:42:18 2005
                                               

GeSHi © Codebox Plus

: [/] [] ()

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            multiport dports 135,445
REJECT     tcp  --  anywhere             anywhere            tcp dpt:auth reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            tcp dpt:1080 reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 5
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            multiport dports 135,445
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Autor:	milupo [ poniedziałek, 31 stycznia 2005, 11:00 ]
Tytuł:	firewall... Czy ktos moze pomoc ??!!
witam, Zainstalowalem sobie nowe nnd i niceshaper'a potem w /etc/rc.d/iptables dalem save i zapisalo mi regulki do pliku /etc/iptables/iptables.rules : : [/] [] () # Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005 filter :INPUT DROP [72809:5286018] :FORWARD DROP [0:0] :OUTPUT ACCEPT [18113:7587085] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m multiport --dports 135,445 -j DROP -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT -A INPUT -i ! eth0 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o lo -j ACCEPT -A FORWARD -p tcp -m multiport --dports 135,445 -j DROP -A FORWARD -i ! eth0 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Mon Jan 31 19:42:18 2005 # Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005 mangle :PREROUTING ACCEPT [4332988:1943617490] :INPUT ACCEPT [104881:9583447] :FORWARD ACCEPT [4228062:1934028369] :OUTPUT ACCEPT [18113:7587085] :POSTROUTING ACCEPT [4246175:1941615454] :niceshaper_dl - [0:0] :niceshaper_ul - [0:0] -A PREROUTING -s 195.182.164.0/255.255.255.0 -i eth1 -j niceshaper_ul -A POSTROUTING -d 195.182.164.0/255.255.255.0 -o eth1 -j niceshaper_dl -A niceshaper_dl -s 195.182.164.1 -d 195.182.164.0/255.255.255.0 -o eth1 -j RETURN -A niceshaper_dl -s 83.16.49.98 -d 195.182.164.0/255.255.255.0 -o eth1 -j RETURN -A niceshaper_dl -A niceshaper_dl -d 195.182.164.1 -o eth1 -j RETURN -A niceshaper_dl -d 195.182.164.2 -o eth1 -j RETURN -A niceshaper_dl -d 195.182.164.3 -o eth1 -j RETURN -A niceshaper_dl -d 195.182.164.4 -o eth1 -j RETURN -A niceshaper_dl -d 195.182.164.5 -o eth1 -j RETURN ..... -A niceshaper_dl -d 195.182.164.50 -o eth1 -j RETURN -A niceshaper_ul -s 195.182.164.0/255.255.255.0 -d 195.182.164.1 -i eth1 -j RETURN -A niceshaper_ul -s 195.182.164.0/255.255.255.0 -d 83.16.49.98 -i eth1 -j RETURN -A niceshaper_ul -A niceshaper_ul -s 195.182.164.1 -i eth1 -j MARK --set-mark 0x801 -A niceshaper_ul -s 195.182.164.2 -i eth1 -j MARK --set-mark 0x802 -A niceshaper_ul -s 195.182.164.3 -i eth1 -j MARK --set-mark 0x803 -A niceshaper_ul -s 195.182.164.4 -i eth1 -j MARK --set-mark 0x804 -A niceshaper_ul -s 195.182.164.5 -i eth1 -j MARK --set-mark 0x805 .... -A niceshaper_ul -s 195.182.164.50 -i eth1 -j MARK --set-mark 0x832 COMMIT # Completed on Mon Jan 31 19:42:18 2005 # Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005 *nat :PREROUTING ACCEPT [202193:12918989] :POSTROUTING ACCEPT [2:96] :OUTPUT ACCEPT [5:275] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Mon Jan 31 19:42:18 2005 GeSHi © Codebox Plus Natomiast po wydaniu komendy: iptables -L mam cos takiego: : [/] [] () Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere multiport dports 135,445 REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:1080 reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere multiport dports 135,445 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination GeSHi © Codebox Plus czy moglby mi ktos pomoc z tym firewallem? nie bardzo wiem jak sobie z tym poradzic. Z gory wielkie dzieki[/code]

Autor:	Endriu_kos [ poniedziałek, 31 stycznia 2005, 22:48 ]
Tytuł:
Witam, Spróbuj jeszcze: iptables -L -t mangle iptables -L -t nat a zobaczysz pozostałe regułki.

Freesco, NND, CDN, EOS http://forum.freesco.pl/

firewall... Czy ktos moze pomoc ??!! http://forum.freesco.pl/viewtopic.php?f=22&t=6623	Strona 1 z 1

Strona 1 z 1	Strefa czasowa UTC+2godz.
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/