abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
Přihlášení | Registrace
×
napište » Zprávičky

inzerujte » Pracovní nabídky
    VeraCrypt 1.26.7
    dnes 10:55 | Nová verze

    Šifrovací nástroj VeraCrypt v menším vydání 1.26.7 nejen opravuje chyby a aktualizuje podporované algoritmy (podrobnosti v poznámkách vydání), ale také přestává podporovat původní svazky TrueCrypt.

    Fluttershy, yay! | Komentářů: 0
    Maker Faire Liberec
    dnes 09:00 | Pozvánky

    V sobotu 7. října proběhne Maker Faire Liberec, festival plný workshopů, interaktivních činností a především nadšených a zvídavých lidí.

    Ladislav Hagara | Komentářů: 0
    Výroční zpráva Mastodonu za rok 2022
    dnes 08:00 | Zajímavý článek

    Mastodon vydal výroční zprávu za rok 2022 (pdf).

    Ladislav Hagara | Komentářů: 0
    Ubuntu Summit 2023 proběhne od 3. do 5. listopadu v Rize
    včera 23:44 | Komunita

    Ubuntu Summit 2023 proběhne od 3. do 5. listopadu v Rize.

    Ladislav Hagara | Komentářů: 0
    Python 3.12.0
    včera 19:33 | Nová verze

    Programovací jazyk Python byl vydán v nové major verzi 3.12.0. Podrobný přehled novinek v Changelogu.

    Ladislav Hagara | Komentářů: 0
    Linux ve Scratchi
    včera 17:00 | Zajímavý projekt

    Linux ve Scratchi. Ne Linux v linuxové distribuci Linux From Scratch, ale Linux bežící v emulátoru procesoru RISC-V ve vizuálním programovacím jazyce Scratch.

    Ladislav Hagara | Komentářů: 0
    The Catch 2023 vyplul z přístavu
    včera 16:22 | Pozvánky

    Dnes ve 12 hodin začal další ročník CTF (Capture the Flag) soutěže The Catch: "Tentokrát nás kolegové z Forenzní laboratoře zavedou na loď plnou sofistikovaných síťových technologiích, kde soutěžící budou muset zvládnout náročné úkoly. Loď nese jméno našeho skvělého kolegy Josefa Vericha – síťového guru. Tradičně se soutěž koná v říjnu – měsíci kybernetické bezpečnosti."

    Ladislav Hagara | Komentářů: 1
    LinuxDays 2023 již tento víkend 7. a 8. října
    včera 07:00 | Pozvánky

    Konference LinuxDays 2023 proběhne již tento víkend 7. a 8. října v prostorách Fakulty informačních technologií Českého vysokého učení v Praze (FIT ČVUT). Na programu je spousta zajímavých přednášek a workshopů.

    Ladislav Hagara | Komentářů: 1
    Netflix odeslal poslední film na DVD
    1.10. 22:33 | IT novinky

    Netflix v pátek 29. září odeslal poslední film na DVD (YouTube). Společnost dnes známá jako streamovací služba začala před 25 lety jako půjčovna filmů na DVD. Zákazník si DVD objednal na webových stránkách, odesláno mu ale bylo klasickou poštou. Po zhlédnutí jej vložil do obálky a poslal zpět.

    Ladislav Hagara | Komentářů: 16
    6 bezpečnostních chyb v Eximu
    30.9. 17:11 | Bezpečnostní upozornění

    Zero Day Initiative zveřejnila informace o 6 bezpečnostních chybách (1, 2, 3, 4, 5, 6) v MTA Exim. Nejvážnější z nich CVE-2023-42115 má CVSS 9.8. Na opravě chyb se pracuje.

    Ladislav Hagara | Komentářů: 11
    Centrum | Napsat | Starší
    navrhněte » Anketa
    Raději
     (58%)
     (42%)
    Celkem 38 hlasů
     Komentářů: 3, poslední včera 23:31
    Rozcestník
    AbcLinuxu
    HDmag.cz
    AbcLinuxu:/ Poradna / Linuxová poradna / Problem s Firewallom
    Štítky: databáze, FTP, IMAP, Internet, MySQL, NAT, OpenVPN, server, sítě, skript, SSH, TCP, VPN

    Dotaz: Problem s Firewallom

    1.8.2008 17:59 deejay | skóre: 2
    Problem s Firewallom
    Přečteno: 776×
    Dobry den, mam postaveny kompletne cely firewall,ale mam problem a neviem si s nim rady.Neviem sa na svoj server cez ssh pripojit, pozeral som uz aj nastavenia ssh servera,ale stale badam,takze asi problem bude iba vo firewalle. Prikladam skript mojho firewallu..Este dolozim,ze z intranetu sa na ssh pripojim bez problemov a ze na ssh sa nechcem pripajat z internetu,ale cez vpn, ktoru mam na tap0 

    
#!/bin/bash

  IPT="/usr/sbin/iptables"
  IFC="/sbin/ifconfig"
  G="/bin/grep"
  SED="/bin/sed"
  AWK="/usr/bin/awk"
  ECHO="/bin/echo"

  # External interface
  EXTIF="eth1"
  EXTIP="192.168.3.2"
  EXTBC="255.255.255.255"
  EXTMSK="255.255.255.0"
  EXTNET="192.168.3.2/$EXTMSK"

  # Wifi siet
  WIFI="eth0"
  WIFINET="192.168.1.0"
  WIFIIP="192.168.1.254"
  WIFIMASK="255.255.255.0"
  WIFINETMASK="$WIFINET/$WIFIMASK"
  WIFIENABLE="yes"

  # Loop device/localhost
  LPDIF="lo"
  LPDIP="127.0.0.1"
  LPDMSK="255.0.0.0"
  LPDNET="$LPDIP/$LPDMSK"

  # services ENABLED from wifi network openvpn sa povoluje iba v cykle pre tap iface
  WIFI_SERVICE_TCP=(http domain ssh 67 10000 pop3 1194);
  WIFI_SERVICE_UDP=(http domain ssh 67 1194);

  # services ENABLED from external network
  EXTERNAL_SERVICE_TCP=(ssh http domain 445 139 2049 111 831 761 946 1629 1194);
  EXTERNAL_SERVICE_UDP=(ssh http domain 445 139 2049 111 831 761 946 1629 1194);

  # services ENABLED from localhost
  TCPSERV=(smtp http ftp ftps ftp-data ftps-data https mysql imap imaps pop3 pop3s domain ssh 445 139 2049 111 831 761 946 1629 1194)
  UDPSERV=(smtp http ftp ftps ftp-data ftps-data https mysql imap imaps pop3 pop3s domain ssh 445 139 2049 111 831 761 946 1629 1194)

start() {

  trap "" 2 3

  echo "Setting default policy:"
  $IPT -P INPUT DROP;
  $IPT -P OUTPUT ACCEPT;
  $IPT -P FORWARD DROP;

  CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null`
  for i in $CHAINS
  do
   $IPT -t $i -F
  done
  for i in $CHAINS
  do
   $IPT -t $i -X
  done

  echo "  INPUT -> DROP";
  echo " OUTPUT -> ACCEPT";
  echo "FORWARD -> DROP";

  echo 1 > /proc/sys/net/ipv4/ip_forward

  # DROP invalid packets
  $IPT -A INPUT -i $EXTIF -m state --state INVALID -j DROP

  # Block IP with bad destination
  $IPT -A INPUT -i $EXTIF -d ! $EXTIP -j DROP
 
  # allow localhost (local connections)
  $IPT -A INPUT -i tap0 -j ACCEPT
  $IPT -A INPUT -i $LPDIF -s $LPDIP -j ACCEPT
  $IPT -A INPUT -i $LPDIF -s $EXTIP -j ACCEPT
  # MASQUERADING internal network, if requested
  echo "MASQuerading outgoing connections"
  $IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

  # input
  $IPT -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT

  # forward
  $IPT -A FORWARD -p TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
  $IPT -A FORWARD -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
  $IPT -A FORWARD -i tap0 -o eth1 -j ACCEPT

    ## INPUT Z VONKU TCP
  ############################################################################
  echo -n "FW: ACCEPTing external TCP services... ";
  let a=0;
  for port in ${EXTERNAL_SERVICE_TCP[@]} ; do
      $IPT -A INPUT -p tcp -d $EXTIP -i $EXTIF --dport $port -j ACCEPT ;
      let a=$a+1;
  done;
  echo "($a)";
    ## INPUT Z VONKU UDP
  ############################################################################
  echo -n "FW: ACCEPTing external UDP services... ";
  let a=0;
  for port in ${EXTERNAL_SERVICE_UDP[@]} ; do
      $IPT -A INPUT -p udp -d $EXTIP -i $EXTIF --dport $port -j ACCEPT ;
      let a=$a+1;
  done;
  echo "($a)";

  ## INPUT Z WIFI TCP
  ############################################################################
  echo -n "FW: ACCEPTing wifi TCP services... ";
  let a=0;
  for port in ${WIFI_SERVICE_TCP[@]} ; do
      $IPT -A INPUT -i $WIFI -p tcp  --dport $port -j ACCEPT ;
      let a=$a+1;
  done;
  echo "($a)";
  ## INPUT Z WIFI UDP
  ############################################################################
  echo -n "FW: ACCEPTing wifi UDP services... ";
  let a=0;
  for port in ${WIFI_SERVICE_UDP[@]} ; do
      $IPT -A INPUT -i $WIFI -p udp  --dport $port -j ACCEPT ;
      let a=$a+1;
  done;
  echo "($a)";

  echo "Firewall rules applied!"
  trap - 2 3
}

stop() {
  trap "" 2 3
  echo "Stopping $prog: "


  CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null`
  for i in $CHAINS
  do
   $IPT -t $i -F
  done
  for i in $CHAINS
  do
   $IPT -t $i -X
  done

  echo "Setting default policies to ACCEPT"
  $IPT -P INPUT ACCEPT
  $IPT -P OUTPUT ACCEPT
  $IPT -P FORWARD ACCEPT

  trap - 2 3
}

restart() {
  stop
  start
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        restart
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $?

    Nástroje: Začni sledovat (0) ?Zašle upozornění na váš email při vložení nového komentáře.

    Odpovědi

    1.8.2008 20:38 Dejv | skóre: 37 | blog: Jak ten blog nazvat ... ? | Ostrava
    Rozbalit Rozbalit vše Re: Problem s Firewallom

    Strilim od boku, ale tipnul bych si, ze ta vpn by potrebovala jeste prohnat natem. Jake v ni mas adresy? Mozna to tam nekde mas, ale ja to nenasel. Jestli ve vpn mas jiny rozsah adres, (coz asi ano), tak k nemu jsem v tom skriptu nic nenasel, takze fw potom sice akceptuje vse, co prislo z tap0, ale ty pakety se pak asi routuji na vychozi branu a ne na mistni rozhrani.

    No, tak jsem se tu ted pred zkusenejsima asi pekne ztrapnil, ze jo :-D, tak ty moje blaboly prosim nekdo uvedte na pravou miru :-) Diky :-D


    Dejv
    Pevně věřím, že zkušenější uživatelé mě s mými nápady usměrní a pošlou tam, kam tyto nápady patří...
    1.8.2008 20:53 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Noo to je pravda,ze tam nic nemam co sa tyka natu,ale skusal som dopisat do firewallu 
    
> iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 10.0.1.0/255.255.255.0 -o tap0 -j MASQUERADE 
> iptables -t nat -A POSTROUTING -s 10.0.1.0/255.255.255.0 -o eth0 -j MASQUERADE 
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
> iptables -A FORWARD -i tap0 -j ACCEPT
> iptables -A INPUT -i tap0 -j ACCEPT
> iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT

    ale aj tak mi ssh nefunguje,ostatne sluzby mam kompletne pristupne z vpn..Ale co je divne,ze sluzby ktore mam vypisane v external services tak vsetky funguju okrem ssh aj napriek tomu ze ho tam mam vypisany...
    1.8.2008 22:08 tezkatlipoka | skóre: 35
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    hrozne blbe se mi to cte, zlatej firewall s jednotlivejma pravidlama. Kazdopadne pokud jsem neprehlidnul nejakej drop, ne predřazené pravidlo o tap ci ssh, tak pravidlo

    $IPT -A INPUT -i tap0 -j ACCEPT

    by melo povolit vsechno z VPN, nehlede na ostatni pravidla. Jesli ti ostatni sluzby skrz VPN chodej, neni mozne ze je ssh omezeno akorat na nejake rozhrani? Pokud mas dobre routovani, zadnej NAT na VPN nepotrebujes, a pokud jde o pristup na SSH serveru, pravidla pro forward se na tebe nevztahuji.
    Vaše řeč budiž ano, ano, ne, ne. Co je nad to, je od ďábla.
    3.8.2008 22:33 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    no ale bohuzel ten accept mi nepomohl,sam se tomu cudujem, ked dam pripojenie na ssh tak vypise connection closed by remote host :-( ...Jedine ako sa viem na dany stroj napojit je,ze sa napojim na vpn,potom sa napojim na ssh dalsieho servera v sieti a z neho sa napojim na danu gateway,inak to proste nejde :-(
    4.8.2008 08:43 tezkatlipoka | skóre: 35
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    mas mznost na chvilku schodit celej firewall a nastavit vsechna default na ACCEPT? Jestli je to vubec problem FW.
    Vaše řeč budiž ano, ano, ne, ne. Co je nad to, je od ďábla.
    3.8.2008 22:44 jirkamailto | skóre: 31
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Tohle sice neni odpoved na Vasi otazku, ale jen se zminim, pouzivam firehol, coz je velmi dobry a flexibilni generator pravidel do IPTABLES. Pouzivam vsude a jsem velmi spokojen, http://firehol.sourceforge.net/. Odpadlo me tim psani techto skriptu a pokud potrebuji povolit sluzbu apod, mam to hned. Jen mam trochu problem na debianu s nfs, ze se po restartu serveru firehol nenastartuje, ale myslim, ze je to jen o tom zvolit spravne poradi startovani sluzeb pri startu.
    4.8.2008 01:29 Martin Šebek | skóre: 18 | blog: Tady je Indiánovo | Mladá Boleslav
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Pošli výpis ip a, ip r a iptables -L INPUT.
    12.8.2008 17:57 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Zdravim a vopred sa ospravedlnujem,ale bol som na dovolenke a teda dlhsiu dobu bez internetu..Posielam vypisy 
    
> ip a
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:10:b5:df:87:1a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0
3: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 08:00:09:a9:2e:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.2/24 brd 192.168.3.255 scope global eth1
4: tap0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:ff:ae:4d:75:92 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.100/24 brd 10.0.1.255 scope global tap0


> ip r
192.168.3.0/24 dev eth1  proto kernel  scope link  src 192.168.3.2 
10.0.1.0/24 dev tap0  proto kernel  scope link  src 10.0.1.100 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.254 
127.0.0.0/8 dev lo  scope link 
default via 192.168.3.1 dev eth1 
default via 192.168.1.1 dev eth0  metric 1 

> iptables -L INPUT
Chain INPUT (policy DROP)
target     prot opt source               destination         
acct_int   all  --  anywhere             anywhere            
acct_ext   all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            state INVALID 
DROP       all  --  anywhere            !192.168.3.2         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  localhost            anywhere            
ACCEPT     all  --  192.168.3.2          anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:http 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:domain 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:microsoft-ds 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:netbios-ssn 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:nfsd 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:sunrpc 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:831 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:kpasswd 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:946 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:1629 
ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:1194 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:ssh 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:http 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:domain 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:microsoft-ds 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:netbios-ssn 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:nfsd 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:sunrpc 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:831 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:rxe 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:946 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:1629 
ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:1194 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10000 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1194 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:http 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:1194 
ACCEPT     all  --  anywhere             anywhere
    13.8.2008 07:57 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Ahoj, skus spravit netstat -nta a pozriet sa ci vobec ssh napocuva na spravnom porte. Resp este kukni ps aux | grep ssh ci vobec bezi. BTW - ssh na UDP - hmm?
    13.8.2008 08:04 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Esta ma napadla vec - ci ssh nieje nahodou zablokovane v tichto retazcoch (aj ked to je asi accounting ale predsa..)

    acct_int all -- anywhere anywhere acct_ext all -- anywhere anywhere

    Skus pastnut sem vypis

    ps aux | grep ssh netstat -nta | grep LIST iptables -nvL acct_int iptables -nvL acct_ext
    13.8.2008 08:06 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Pardon, tak to bude citatelne
    ps aux | grep ssh
    netstat -nta | grep LIST
    iptables -nvL acct_int
    iptables -nvL acct_ext
    13.8.2008 18:32 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    No sshd demon mi bezi,tomu som si na 100% isty,kedze sa na ssh bezne pripojim z LAN pripajam ale vypisy ....co sa tyka acct_int a acct_ext tak to su iba chainy na prenesene data pre jednotlive IP...Pozeral som aj konfigurak pre sshd demon,ci to nie je tam obmedzene ale je to vsetko v poriadku..Dokazom je aj to,ze ked zhodim firewall a dam default vsetko na ACCEPT tak sa na ssh pripojim z netu bez problemov..Nooo ssh na udp nebezi,ale uz som bol bezmocny a snazil som sa prehovorit sshd na udp :-) 
    > netstat -nta | grep LIST 
tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN     
tcp        0      0 10.0.1.100:53           0.0.0.0:*               LISTEN     
tcp        0      0 192.168.3.2:53          0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.254:53        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN     
> iptables -nvL acct_int 
Chain acct_int (4 references)
 pkts bytes target     prot opt in     out     source               destination         
 2237  157K            tcp  --  *      *       192.168.1.100        0.0.0.0/0           
 2279  332K            tcp  --  *      *       0.0.0.0/0            192.168.1.100       
14343  949K            udp  --  *      *       192.168.1.100        0.0.0.0/0           
  434  119K            udp  --  *      *       0.0.0.0/0            192.168.1.100       
   96  9120            icmp --  *      *       192.168.1.100        0.0.0.0/0           
   60  4704            icmp --  *      *       0.0.0.0/0            192.168.1.100       
16676 1115K            all  --  *      *       192.168.1.100        0.0.0.0/0           
 2773  456K            all  --  *      *       0.0.0.0/0            192.168.1.100       
 2177  152K            tcp  --  *      *       192.168.1.101        0.0.0.0/0           
 2218  328K            tcp  --  *      *       0.0.0.0/0            192.168.1.101       
55196 3555K            udp  --  *      *       192.168.1.101        0.0.0.0/0           
  434  119K            udp  --  *      *       0.0.0.0/0            192.168.1.101       
   96  9120            icmp --  *      *       192.168.1.101        0.0.0.0/0           
  360 21504            icmp --  *      *       0.0.0.0/0            192.168.1.101       
57469 3717K            all  --  *      *       192.168.1.101        0.0.0.0/0           
 3012  468K            all  --  *      *       0.0.0.0/0            192.168.1.101       
    0     0            tcp  --  *      *       192.168.1.102        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            udp  --  *      *       192.168.1.102        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            icmp --  *      *       192.168.1.102        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            all  --  *      *       192.168.1.102        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            tcp  --  *      *       192.168.1.103        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.103       
    0     0            udp  --  *      *       192.168.1.103        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.103       
    0     0            icmp --  *      *       192.168.1.103        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.103       
    0     0            all  --  *      *       192.168.1.103        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.103       
 2186  153K            tcp  --  *      *       192.168.1.104        0.0.0.0/0           
 2222  328K            tcp  --  *      *       0.0.0.0/0            192.168.1.104       
78248 5139K            udp  --  *      *       192.168.1.104        0.0.0.0/0           
  434  119K            udp  --  *      *       0.0.0.0/0            192.168.1.104       
   96  9120            icmp --  *      *       192.168.1.104        0.0.0.0/0           
  163 10472            icmp --  *      *       0.0.0.0/0            192.168.1.104       
80530 5301K            all  --  *      *       192.168.1.104        0.0.0.0/0           
 2819  458K            all  --  *      *       0.0.0.0/0            192.168.1.104       
    0     0            tcp  --  *      *       192.168.1.117        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.117       
    0     0            udp  --  *      *       192.168.1.117        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.117       
    0     0            icmp --  *      *       192.168.1.117        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.117       
    0     0            all  --  *      *       192.168.1.117        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.117       
15034 2226K            tcp  --  *      *       192.168.1.118        0.0.0.0/0           
23042   27M            tcp  --  *      *       0.0.0.0/0            192.168.1.118       
  814 84836            udp  --  *      *       192.168.1.118        0.0.0.0/0           
  385 90917            udp  --  *      *       0.0.0.0/0            192.168.1.118       
    2   168            icmp --  *      *       192.168.1.118        0.0.0.0/0           
   63  6506            icmp --  *      *       0.0.0.0/0            192.168.1.118       
15850 2311K            all  --  *      *       192.168.1.118        0.0.0.0/0           
23490   28M            all  --  *      *       0.0.0.0/0            192.168.1.118       
    0     0            tcp  --  *      *       192.168.1.119        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            udp  --  *      *       192.168.1.119        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            icmp --  *      *       192.168.1.119        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            all  --  *      *       192.168.1.119        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            tcp  --  *      *       192.168.1.120        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            udp  --  *      *       192.168.1.120        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            icmp --  *      *       192.168.1.120        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            all  --  *      *       192.168.1.120        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            tcp  --  *      *       192.168.1.121        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            udp  --  *      *       192.168.1.121        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            icmp --  *      *       192.168.1.121        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            all  --  *      *       192.168.1.121        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            tcp  --  *      *       192.168.1.122        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.122       
    0     0            udp  --  *      *       192.168.1.122        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.122       
    0     0            icmp --  *      *       192.168.1.122        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.122       
    0     0            all  --  *      *       192.168.1.122        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.122       
87226   10M            tcp  --  *      *       192.168.1.123        0.0.0.0/0           
 109K  101M            tcp  --  *      *       0.0.0.0/0            192.168.1.123       
 1278  151K            udp  --  *      *       192.168.1.123        0.0.0.0/0           
  726  279K            udp  --  *      *       0.0.0.0/0            192.168.1.123       
   21  1708            icmp --  *      *       192.168.1.123        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.123       
88525   11M            all  --  *      *       192.168.1.123        0.0.0.0/0           
 110K  101M            all  --  *      *       0.0.0.0/0            192.168.1.123       
    0     0            tcp  --  *      *       192.168.1.124        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.124       
    0     0            udp  --  *      *       192.168.1.124        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.124       
    0     0            icmp --  *      *       192.168.1.124        0.0.0.0/0           
   48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.124       
    0     0            all  --  *      *       192.168.1.124        0.0.0.0/0           
   48  4032            all  --  *      *       0.0.0.0/0            192.168.1.124       
> iptables -nvL acct_ext 
Chain acct_ext (4 references)
 pkts bytes target     prot opt in     out     source               destination
    14.8.2008 13:54 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Este otazka - ked sa pripajaz cez VPN - na aku adresu? Lebo ak na adresu VPN iface tak to ti samozrejme nepojde kvoli pravidlu:
    DROP all -- anywhere !192.168.3.2
    Ak sa pripajas na 192.168.3.2 - mozes poslat sem lokalnu routovaciu tabulku? Este jedna vec - pls daj vystup
    iptables -nvL
    lebo nevidim rozhrania tabulkach na ktorych to filtruje.
    Cakaaaam.... :)
    15.8.2008 18:15 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Zdravim,takze ked sa pripajam na VPN skusal som ssh jak na 10.0.1.100,co je adresa tap0 rozhrania,skusal som i 192.168.3.2,co je adresa rozhrania eth0 a skusal som i 192.168.1.254,co je adresa rozhrania eth1, ale na vsetkych tie iste hlasky...Posielam teda vypis ;-) 
    > iptables -nvL
Chain INPUT (policy DROP 17098 packets, 1602K bytes)
 pkts bytes target     prot opt in     out     source               destination         
24672 2070K acct_int   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
46374 4396K acct_ext   all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           state INVALID 
 2755 77140 DROP       all  --  eth1   *       0.0.0.0/0           !192.168.3.2         
 3908  823K ACCEPT     all  --  tap0   *       0.0.0.0/0            0.0.0.0/0           
22651 1742K ACCEPT     all  --  lo     *       127.0.0.1            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       192.168.3.2          0.0.0.0/0           
51610 9430K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
   12   672 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:22 
  141  8156 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:80 
    1    48 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:53 
 1816  124K ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:445 
  362 16248 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:139 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:2049 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:111 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:831 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:761 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:946 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:1629 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:1194 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:22 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:80 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:53 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:445 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:139 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:2049 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:111 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:831 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:761 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:946 
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:1629 
    3   126 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:1194 
   81  3888 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
    1    52 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1194 
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 
 2982  180K ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:22 
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1194 
    0     0 ACCEPT     all  --  tap0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 69285 packets, 4551K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 300K  299M acct_int   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
 495K   43M acct_int   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 acct_ext   all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 acct_ext   all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 509K  326M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
 4000  513K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  188 11245 ACCEPT     all  --  tap0   eth1    0.0.0.0/0            0.0.0.0/0           
  776 46560 ACCEPT     tcp  --  eth0   eth1    192.168.1.100        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.100        0.0.0.0/0           multiport dports 80 
  775 46500 ACCEPT     tcp  --  eth0   eth1    192.168.1.101        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.101        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.102        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.102        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.103        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.103        0.0.0.0/0           multiport dports 80 
  770 46200 ACCEPT     tcp  --  eth0   eth1    192.168.1.104        0.0.0.0/0           multiport dports 80 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.104        0.0.0.0/0           multiport dports 80 
 210K   14M ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  eth0   tap0    0.0.0.0/0            0.0.0.0/0           
   59  3588 ACCEPT     all  --  tap0   eth0    0.0.0.0/0            0.0.0.0/0           
    7   588 ACCEPT     all  --  eth1   tap0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 5222,5223 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 5222,5223 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
    0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 5222,5223 
    0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 5222,5223 

Chain OUTPUT (policy ACCEPT 111K packets, 20M bytes)
 pkts bytes target     prot opt in     out     source               destination         
35162 4740K acct_int   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
46374 4396K acct_ext   all  --  *      lo      0.0.0.0/0            0.0.0.0/0           

Chain acct_ext (4 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain acct_int (4 references)
 pkts bytes target     prot opt in     out     source               destination         
 4448  311K            tcp  --  *      *       192.168.1.100        0.0.0.0/0           
 4524  663K            tcp  --  *      *       0.0.0.0/0            192.168.1.100       
74635 4925K            udp  --  *      *       192.168.1.100        0.0.0.0/0           
  864  327K            udp  --  *      *       0.0.0.0/0            192.168.1.100       
  191 18134            icmp --  *      *       192.168.1.100        0.0.0.0/0           
  207 14280            icmp --  *      *       0.0.0.0/0            192.168.1.100       
79274 5254K            all  --  *      *       192.168.1.100        0.0.0.0/0           
 5595 1004K            all  --  *      *       0.0.0.0/0            192.168.1.100       
 4345  304K            tcp  --  *      *       192.168.1.101        0.0.0.0/0           
 4421  655K            tcp  --  *      *       0.0.0.0/0            192.168.1.101       
63342 4079K            udp  --  *      *       192.168.1.101        0.0.0.0/0           
  864  327K            udp  --  *      *       0.0.0.0/0            192.168.1.101       
  192 18240            icmp --  *      *       192.168.1.101        0.0.0.0/0           
  444 27552            icmp --  *      *       0.0.0.0/0            192.168.1.101       
67879 4401K            all  --  *      *       192.168.1.101        0.0.0.0/0           
 5729 1009K            all  --  *      *       0.0.0.0/0            192.168.1.101       
    0     0            tcp  --  *      *       192.168.1.102        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            udp  --  *      *       192.168.1.102        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            icmp --  *      *       192.168.1.102        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            all  --  *      *       192.168.1.102        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.102       
    0     0            tcp  --  *      *       192.168.1.103        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.103       
    0     0            udp  --  *      *       192.168.1.103        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.103       
    0     0            icmp --  *      *       192.168.1.103        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.103       
    0     0            all  --  *      *       192.168.1.103        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.103       
 4341  304K            tcp  --  *      *       192.168.1.104        0.0.0.0/0           
 4422  655K            tcp  --  *      *       0.0.0.0/0            192.168.1.104       
 131K 8595K            udp  --  *      *       192.168.1.104        0.0.0.0/0           
  864  327K            udp  --  *      *       0.0.0.0/0            192.168.1.104       
  192 18240            icmp --  *      *       192.168.1.104        0.0.0.0/0           
  450 27888            icmp --  *      *       0.0.0.0/0            192.168.1.104       
 135K 8917K            all  --  *      *       192.168.1.104        0.0.0.0/0           
 5736 1010K            all  --  *      *       0.0.0.0/0            192.168.1.104       
    0     0            tcp  --  *      *       192.168.1.117        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.117       
    0     0            udp  --  *      *       192.168.1.117        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.117       
    0     0            icmp --  *      *       192.168.1.117        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.117       
    0     0            all  --  *      *       192.168.1.117        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.117       
25861 3831K            tcp  --  *      *       192.168.1.118        0.0.0.0/0           
40112   47M            tcp  --  *      *       0.0.0.0/0            192.168.1.118       
 3723  448K            udp  --  *      *       192.168.1.118        0.0.0.0/0           
 2571  412K            udp  --  *      *       0.0.0.0/0            192.168.1.118       
    3   252            icmp --  *      *       192.168.1.118        0.0.0.0/0           
  135 12534            icmp --  *      *       0.0.0.0/0            192.168.1.118       
29587 4280K            all  --  *      *       192.168.1.118        0.0.0.0/0           
42818   48M            all  --  *      *       0.0.0.0/0            192.168.1.118       
    0     0            tcp  --  *      *       192.168.1.119        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            udp  --  *      *       192.168.1.119        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            icmp --  *      *       192.168.1.119        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            all  --  *      *       192.168.1.119        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.119       
    0     0            tcp  --  *      *       192.168.1.120        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            udp  --  *      *       192.168.1.120        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            icmp --  *      *       192.168.1.120        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            all  --  *      *       192.168.1.120        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.120       
    0     0            tcp  --  *      *       192.168.1.121        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            udp  --  *      *       192.168.1.121        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            icmp --  *      *       192.168.1.121        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            all  --  *      *       192.168.1.121        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.121       
    0     0            tcp  --  *      *       192.168.1.122        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.122       
    0     0            udp  --  *      *       192.168.1.122        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.122       
    0     0            icmp --  *      *       192.168.1.122        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.122       
    0     0            all  --  *      *       192.168.1.122        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.122       
 188K   20M            tcp  --  *      *       192.168.1.123        0.0.0.0/0           
 245K  250M            tcp  --  *      *       0.0.0.0/0            192.168.1.123       
 2924  354K            udp  --  *      *       192.168.1.123        0.0.0.0/0           
 1614  671K            udp  --  *      *       0.0.0.0/0            192.168.1.123       
   42  3444            icmp --  *      *       192.168.1.123        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.123       
 191K   21M            all  --  *      *       192.168.1.123        0.0.0.0/0           
 247K  251M            all  --  *      *       0.0.0.0/0            192.168.1.123       
    0     0            tcp  --  *      *       192.168.1.124        0.0.0.0/0           
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.124       
    0     0            udp  --  *      *       192.168.1.124        0.0.0.0/0           
    0     0            udp  --  *      *       0.0.0.0/0            192.168.1.124       
    0     0            icmp --  *      *       192.168.1.124        0.0.0.0/0           
   96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.124       
    0     0            all  --  *      *       192.168.1.124        0.0.0.0/0           
   96  8064            all  --  *      *       0.0.0.0/0            192.168.1.124

    a routrovacia tabulka 
    
> route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.3.1     0.0.0.0         UG    0      0        0 eth1
0.0.0.0         192.168.1.1     0.0.0.0         UG    1      0        0 eth0
    16.8.2008 08:39 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Jee, uz som in.
    Hm, no pravidla vypadaju byt ok, skus spustit tcpdump -i tap0 -nv na smerovaci a skus sa pripoit na SSH cez VPN (asi budes musit to spravit z intranetu az mas pristup na ssh) - a pozri ake chodia pakety (mozes aj pastnut sem).
    BWT - som sa zle vyjadril v prechadzajucom poste - lokalnu routovaciu tabulku na VPN kliente ked si pripojeny na VPN.
    Este jedna vec - na konci tabuliek INPUT a FORWARD v firewalle docasne pridaj logovanie:
    $IPT -A INPUT -j LOG --log-prefix "IN DROP: "
    $IPT -A FORWARD -j LOG --log-prefix "FWD DROP: "
    - bude podstatne jednoduchsy troubleshooting. (tail -f /var/log/messages)
    17.8.2008 09:01 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Zdravim,takze posielam moju lokalnu routrovaciu tabulku 
    
>route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
91.127.61.32    10.0.0.138      255.255.255.255 UGH   0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 tap0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tap0
    este dodam,ze pripajam sa z internetu,tak preto ta divna destinacia ( O2 ;-)

    Pridavam vypisy tcpdump,tie divne pripajania na port 10000 su na webmin ;-) 
    
07:50:08.995586 IP (tos 0x0, ttl  64, id 16636, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.43004 > 192.168.1.254.10000: F, cksum 0x2b40 (correct), 13315:13315(0) ack 17233 win 1347 nop,nop,timestamp 8863345 48110677
07:50:08.995692 IP (tos 0x0, ttl  64, id 42488, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.254.10000 > 10.0.1.1.43004: ., cksum 0x9f80 (correct), ack 13316 win 37100 nop,nop,timestamp 48110699 8863345
07:50:25.096541 IP (tos 0x0, ttl  64, id 27071, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.37890 > 192.168.1.254.22: S, cksum 0x00da (correct), 1512908695:1512908695(0) win 5488 mss 1337,sackOK,timestamp 8867368 0,nop,wscale 5
07:50:25.096645 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.254.22 > 10.0.1.1.37890: S, cksum 0x92dc (correct), 1356723669:1356723669(0) ack 1512908696 win 5792 mss 1460,sackOK,timestamp 48112309 8867368,nop,wscale 0
07:50:25.185012 IP (tos 0x0, ttl  64, id 27072, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.37890 > 192.168.1.254.22: ., cksum 0xd77f (correct), ack 1 win 172 nop,nop,timestamp 8867390 48112309
07:50:30.661216 IP (tos 0x0, ttl  64, id 55144, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.254.22 > 10.0.1.1.37890: F, cksum 0xbf5d (correct), 1:1(0) ack 1 win 5792 nop,nop,timestamp 48112866 8867390
07:50:30.750848 IP (tos 0x0, ttl  64, id 27073, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.37890 > 192.168.1.254.22: F, cksum 0xcfe2 (correct), 1:1(0) ack 2 win 172 nop,nop,timestamp 8868780 48112866
07:50:30.750963 IP (tos 0x0, ttl  64, id 55145, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.254.22 > 10.0.1.1.37890: ., cksum 0xb9e5 (correct), ack 2 win 5792 nop,nop,timestamp 48112875 8868780
07:50:37.346161 IP (tos 0x0, ttl  64, id 7346, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.46011 > 192.168.3.2.22: S, cksum 0xa998 (correct), 1705395886:1705395886(0) win 5488 mss 1337,sackOK,timestamp 8870428 0,nop,wscale 5
07:50:37.346321 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.3.2.22 > 10.0.1.1.46011: S, cksum 0xa891 (correct), 1361937350:1361937350(0) ack 1705395887 win 5792 mss 1460,sackOK,timestamp 48113534 8870428,nop,wscale 0
07:50:37.435479 IP (tos 0x0, ttl  64, id 7347, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.46011 > 192.168.3.2.22: ., cksum 0xed33 (correct), ack 1 win 172 nop,nop,timestamp 8870451 48113534
07:50:42.471158 IP (tos 0x0, ttl  64, id 42048, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.3.2.22 > 10.0.1.1.46011: F, cksum 0xd53d (correct), 1:1(0) ack 1 win 5792 nop,nop,timestamp 48114047 8870451
07:50:42.563147 IP (tos 0x0, ttl  64, id 7348, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.46011 > 192.168.3.2.22: F, cksum 0xe62f (correct), 1:1(0) ack 2 win 172 nop,nop,timestamp 8871732 48114047
07:50:42.563230 IP (tos 0x0, ttl  64, id 42049, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.3.2.22 > 10.0.1.1.46011: ., cksum 0xd032 (correct), ack 2 win 5792 nop,nop,timestamp 48114056 8871732
07:50:48.033087 IP (tos 0x0, ttl  64, id 27329, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.38552 > 10.0.1.100.22: S, cksum 0xa3a7 (correct), 1861619275:1861619275(0) win 5488 mss 1337,sackOK,timestamp 8873098 0,nop,wscale 5
07:50:48.033232 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.100.22 > 10.0.1.1.38552: S, cksum 0xb49f (correct), 1371958529:1371958529(0) ack 1861619276 win 5792 mss 1460,sackOK,timestamp 48114603 8873098,nop,wscale 0
07:50:48.122791 IP (tos 0x0, ttl  64, id 27330, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.38552 > 10.0.1.100.22: ., cksum 0xf941 (correct), ack 1 win 172 nop,nop,timestamp 8873121 48114603
07:50:53.151075 IP (tos 0x0, ttl  64, id 18102, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.100.22 > 10.0.1.1.38552: F, cksum 0xe14c (correct), 1:1(0) ack 1 win 5792 nop,nop,timestamp 48115115 8873121
07:50:53.241263 IP (tos 0x0, ttl  64, id 27331, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.38552 > 10.0.1.100.22: F, cksum 0xf240 (correct), 1:1(0) ack 2 win 172 nop,nop,timestamp 8874400 48115115
07:50:53.241316 IP (tos 0x0, ttl  64, id 18103, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.100.22 > 10.0.1.1.38552: ., cksum 0xdc43 (correct), ack 2 win 5792 nop,nop,timestamp 48115124 8874400
07:51:06.637279 IP (tos 0x0, ttl  64, id 30388, offset 0, flags [DF], proto: UDP (17), length: 58) 10.0.1.1.36934 > 10.0.1.100.53:  394+ A? www.danet.sk. (30)
07:51:06.638095 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 108) 10.0.1.100.53 > 10.0.1.1.36934:  394* 2/1/0 www.danet.sk. CNAME horus.danet.sk., horus.danet.sk. (80)
07:51:06.726574 IP (tos 0x0, ttl  64, id 52135, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.43008 > 192.168.1.254.10000: S, cksum 0xe0c8 (correct), 2160967021:2160967021(0) win 5488 mss 1337,sackOK,timestamp 8877770 0,nop,wscale 5
07:51:06.726683 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.254.10000 > 10.0.1.1.43008: S, cksum 0x3df1 (correct), 1414600441:1414600441(0) ack 2160967022 win 5792 mss 1460,sackOK,timestamp 48116472 8877770,nop,wscale 0
    a nakoniec log z firewallu 
    
Aug 17 07:49:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19198 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:50:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19199 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:50:25 horus sshd[8927]: refused connect from 10.0.1.1 (10.0.1.1)
Aug 17 07:50:37 horus sshd[8952]: refused connect from 10.0.1.1 (10.0.1.1)
Aug 17 07:50:37 horus kernel: FWD DROP: IN=eth1 OUT=eth0 SRC=87.197.246.186 DST=192.168.1.104 LEN=56 TOS=0x00 PREC=0xC0 TTL=249 ID=2696 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.104 DST=172.16.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=57 ID=52077 DF PROTO=UDP SPT=3111 DPT=28007 LEN=52 ] 
Aug 17 07:50:48 horus sshd[8971]: refused connect from 10.0.1.1 (10.0.1.1)
Aug 17 07:50:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19200 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:51:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19201 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:51:27 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=1011 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
Aug 17 07:51:34 horus kernel: IN DROP: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.1.254 DST=192.168.1.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=27683 SEQ=1 
Aug 17 07:51:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19202 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:51:58 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=39024 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
Aug 17 07:51:58 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=50677 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
Aug 17 07:52:22 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=7767 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
Aug 17 07:52:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19203 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:52:34 horus kernel: FWD DROP: IN=eth1 OUT=eth0 SRC=87.197.246.186 DST=192.168.1.101 LEN=56 TOS=0x00 PREC=0xC0 TTL=249 ID=2931 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.101 DST=172.16.1.1 LEN=77 TOS=0x00 PREC=0x00 TTL=57 ID=44894 DF PROTO=UDP SPT=3075 DPT=28007 LEN=57 ] 
Aug 17 07:52:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19204 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:53:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19205 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:53:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19206 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:54:20 horus kernel: IN DROP: IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=192.168.1.255 LEN=242 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=222 
Aug 17 07:54:20 horus kernel: IN DROP: IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=192.168.1.255 LEN=234 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=214 
Aug 17 07:54:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19207 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:54:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19208 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:55:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19209 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:55:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19210 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:56:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19211 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:56:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19212 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:57:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19213 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:57:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19214 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:58:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19215 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:58:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19216 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:59:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19217 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 07:59:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19218 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 08:00:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19219 PROTO=UDP SPT=520 DPT=520 LEN=52 
Aug 17 08:00:48 horus kernel: FWD DROP: IN=eth1 OUT=eth0 SRC=87.197.246.186 DST=192.168.1.104 LEN=56 TOS=0x00 PREC=0xC0 TTL=249 ID=3924 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.104 DST=172.16.1.1 LEN=65 TOS=0x00 PREC=0x00 TTL=57 ID=52506 DF PROTO=UDP SPT=3111 DPT=28007 LEN=45 ]
    17.8.2008 09:38 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Ahoj, neideme sem postit kopu dumpov, 261837062
    17.8.2008 10:43 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Ahoj,nechapem tvojej odpovedi
    17.8.2008 14:38 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    No to je moje ICQ, potom sem pastneme uz hotove riesenie, lebo uz to zacina byt necitatelne :)

    Založit nové vláknoNahoru

    Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

    Píšeme jinde
    ISSN 1214-1267   www.czech-server.cz
    Redakce | Inzerce | Podmínky použití | Osobní údaje
    © 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.