[Comm] iptables
Andriy Dobrovol's'kii
=?iso-8859-1?q?dobr_=CE=C1_iop=2Ekiev=2Eua?=
Чт Фев 5 16:45:03 MSK 2004
Alex S. Orel wrote:
> Hello Andriy,
>
> Thursday, February 5, 2004, 3:21:53 PM, you wrote:
>
> ADsk> Начнем с начала. Как не работающий iptables может мешать пингу и
> ADsk> остальным?
> ADsk> Что говорит iptables -L -v
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 54 4737 bad_tcp_packets tcp -- any any anywhere anywhere
> 38 9690 ACCEPT all -- lo any localhost.localdomain anywhere
> 2 254 ACCEPT all -- lo any is.comphunter.com.ua anywhere
> 0 0 ACCEPT all -- lo any is.comphunter.com.ua anywhere
> 66 7966 ACCEPT all -- eth0 any 192.168.0.0/24 anywhere
> 35 5603 ACCEPT all -- any any anywhere is.comphunter.com.uastate RELATED,ESTABLISHED
> 0 0 tcp_packets tcp -- any any anywhere anywhere
> 0 0 udp_packets udp -- any any anywhere anywhere
> 0 0 icmp_packets icmp -- any any anywhere anywhere
> 0 0 DROP all -- eth2 any anywhere BASE-ADDRESS.MCAST.NET/8
> 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT INPUT packet died: '
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 0 0 bad_tcp_packets tcp -- any any anywhere anywhere
> 0 0 ACCEPT all -- eth0 any anywhere anywhere
> 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
> 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT FORWARD packet died: '
>
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 49 3164 bad_tcp_packets tcp -- any any anywhere anywhere
> 38 9690 ACCEPT all -- any any localhost.localdomain anywhere
> 58 6466 ACCEPT all -- any any is.comphunter.com.ua anywhere
> 0 0 ACCEPT all -- any any is.comphunter.com.ua anywhere
> 36 2592 ACCEPT all -- any any is.comphunter.com.ua anywhere
> 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT OUTPUT packet died: '
>
> Chain allowed (2 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:SYN,RST,ACK/SYN
> 0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
> 0 0 DROP tcp -- any any anywhere anywhere
>
> Chain bad_tcp_packets (3 references)
> pkts bytes target prot opt in out source destination
> 0 0 REJECT tcp -- any any anywhere anywhere state NEW tcp flags:SYN,ACK/SYN,ACK reject-with tcp-reset
> 6 1428 LOG tcp -- any any anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN LOG level warning prefix `New not syn:'
> 6 1428 DROP tcp -- any any anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
>
> Chain icmp_packets (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
> 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
> 0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
>
> Chain tcp_packets (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 allowed tcp -- any any anywhere anywhere tcp dpt:ssh
> 0 0 allowed tcp -- any any anywhere anywhere tcp dpt:http
>
> Chain udp_packets (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domain
> 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:4000
> 0 0 DROP udp -- eth2 any anywhere 10.0.2.255 udp dpts:135:netbios-ssn
> 0 0 DROP udp -- eth2 any anywhere 255.255.255.255 udp dpts:bootps:bootpc
>
> ADsk> Что chkconfig --list |grep iptables
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Ну и? Что не работает?
--
Rgrds,
Andriy
*********************************************************************
email: dobr at iop dot kiev dot ua Kyiv, Ukraine
Phone: (380-44) 265-7824 Department of Gas Electronics
Fax: (380-44) 265-2329 Institute of Physics of NASU
*********************************************************************
Подробная информация о списке рассылки community