abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×

    dnes 10:55 | Nová verze

    Šifrovací nástroj VeraCrypt v menším vydání 1.26.7 nejen opravuje chyby a aktualizuje podporované algoritmy (podrobnosti v poznámkách vydání), ale také přestává podporovat původní svazky TrueCrypt.

    Fluttershy, yay! | Komentářů: 0
    dnes 09:00 | Pozvánky

    V sobotu 7. října proběhne Maker Faire Liberec, festival plný workshopů, interaktivních činností a především nadšených a zvídavých lidí.

    Ladislav Hagara | Komentářů: 0
    dnes 08:00 | Zajímavý článek Ladislav Hagara | Komentářů: 0
    včera 23:44 | Komunita

    Ubuntu Summit 2023 proběhne od 3. do 5. listopadu v Rize.

    Ladislav Hagara | Komentářů: 0
    včera 19:33 | Nová verze

    Programovací jazyk Python byl vydán v nové major verzi 3.12.0. Podrobný přehled novinek v Changelogu.

    Ladislav Hagara | Komentářů: 0
    včera 17:00 | Zajímavý projekt

    Linux ve Scratchi. Ne Linux v linuxové distribuci Linux From Scratch, ale Linux bežící v emulátoru procesoru RISC-V ve vizuálním programovacím jazyce Scratch.

    Ladislav Hagara | Komentářů: 0
    včera 16:22 | Pozvánky

    Dnes ve 12 hodin začal další ročník CTF (Capture the Flag) soutěže The Catch: "Tentokrát nás kolegové z Forenzní laboratoře zavedou na loď plnou sofistikovaných síťových technologiích, kde soutěžící budou muset zvládnout náročné úkoly. Loď nese jméno našeho skvělého kolegy Josefa Vericha – síťového guru. Tradičně se soutěž koná v říjnu – měsíci kybernetické bezpečnosti."

    Ladislav Hagara | Komentářů: 1
    včera 07:00 | Pozvánky

    Konference LinuxDays 2023 proběhne již tento víkend 7. a 8. října v prostorách Fakulty informačních technologií Českého vysokého učení v Praze (FIT ČVUT). Na programu je spousta zajímavých přednášek a workshopů.

    Ladislav Hagara | Komentářů: 1
    1.10. 22:33 | IT novinky

    Netflix v pátek 29. září odeslal poslední film na DVD (YouTube). Společnost dnes známá jako streamovací služba začala před 25 lety jako půjčovna filmů na DVD. Zákazník si DVD objednal na webových stránkách, odesláno mu ale bylo klasickou poštou. Po zhlédnutí jej vložil do obálky a poslal zpět.

    Ladislav Hagara | Komentářů: 16
    30.9. 17:11 | Bezpečnostní upozornění

    Zero Day Initiative zveřejnila informace o 6 bezpečnostních chybách (1, 2, 3, 4, 5, 6) v MTA Exim. Nejvážnější z nich CVE-2023-42115 má CVSS 9.8. Na opravě chyb se pracuje.

    Ladislav Hagara | Komentářů: 11
    Raději
     (58%)
     (42%)
    Celkem 38 hlasů
     Komentářů: 3, poslední včera 23:31
    Rozcestník

    Dotaz: Problem s Firewallom

    1.8.2008 17:59 deejay | skóre: 2
    Problem s Firewallom
    Přečteno: 776×
    Dobry den, mam postaveny kompletne cely firewall,ale mam problem a neviem si s nim rady.Neviem sa na svoj server cez ssh pripojit, pozeral som uz aj nastavenia ssh servera,ale stale badam,takze asi problem bude iba vo firewalle. Prikladam skript mojho firewallu..Este dolozim,ze z intranetu sa na ssh pripojim bez problemov a ze na ssh sa nechcem pripajat z internetu,ale cez vpn, ktoru mam na tap0

    
    #!/bin/bash
    
      IPT="/usr/sbin/iptables"
      IFC="/sbin/ifconfig"
      G="/bin/grep"
      SED="/bin/sed"
      AWK="/usr/bin/awk"
      ECHO="/bin/echo"
    
      # External interface
      EXTIF="eth1"
      EXTIP="192.168.3.2"
      EXTBC="255.255.255.255"
      EXTMSK="255.255.255.0"
      EXTNET="192.168.3.2/$EXTMSK"
    
      # Wifi siet
      WIFI="eth0"
      WIFINET="192.168.1.0"
      WIFIIP="192.168.1.254"
      WIFIMASK="255.255.255.0"
      WIFINETMASK="$WIFINET/$WIFIMASK"
      WIFIENABLE="yes"
    
      # Loop device/localhost
      LPDIF="lo"
      LPDIP="127.0.0.1"
      LPDMSK="255.0.0.0"
      LPDNET="$LPDIP/$LPDMSK"
    
      # services ENABLED from wifi network openvpn sa povoluje iba v cykle pre tap iface
      WIFI_SERVICE_TCP=(http domain ssh 67 10000 pop3 1194);
      WIFI_SERVICE_UDP=(http domain ssh 67 1194);
    
      # services ENABLED from external network
      EXTERNAL_SERVICE_TCP=(ssh http domain 445 139 2049 111 831 761 946 1629 1194);
      EXTERNAL_SERVICE_UDP=(ssh http domain 445 139 2049 111 831 761 946 1629 1194);
    
      # services ENABLED from localhost
      TCPSERV=(smtp http ftp ftps ftp-data ftps-data https mysql imap imaps pop3 pop3s domain ssh 445 139 2049 111 831 761 946 1629 1194)
      UDPSERV=(smtp http ftp ftps ftp-data ftps-data https mysql imap imaps pop3 pop3s domain ssh 445 139 2049 111 831 761 946 1629 1194)
    
    start() {
    
      trap "" 2 3
    
      echo "Setting default policy:"
      $IPT -P INPUT DROP;
      $IPT -P OUTPUT ACCEPT;
      $IPT -P FORWARD DROP;
    
      CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null`
      for i in $CHAINS
      do
       $IPT -t $i -F
      done
      for i in $CHAINS
      do
       $IPT -t $i -X
      done
    
      echo "  INPUT -> DROP";
      echo " OUTPUT -> ACCEPT";
      echo "FORWARD -> DROP";
    
      echo 1 > /proc/sys/net/ipv4/ip_forward
    
      # DROP invalid packets
      $IPT -A INPUT -i $EXTIF -m state --state INVALID -j DROP
    
      # Block IP with bad destination
      $IPT -A INPUT -i $EXTIF -d ! $EXTIP -j DROP
     
      # allow localhost (local connections)
      $IPT -A INPUT -i tap0 -j ACCEPT
      $IPT -A INPUT -i $LPDIF -s $LPDIP -j ACCEPT
      $IPT -A INPUT -i $LPDIF -s $EXTIP -j ACCEPT
      # MASQUERADING internal network, if requested
      echo "MASQuerading outgoing connections"
      $IPT -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
    
      # input
      $IPT -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
    
      # forward
      $IPT -A FORWARD -p TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
      $IPT -A FORWARD -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
      $IPT -A FORWARD -i tap0 -o eth1 -j ACCEPT
    
        ## INPUT Z VONKU TCP
      ############################################################################
      echo -n "FW: ACCEPTing external TCP services... ";
      let a=0;
      for port in ${EXTERNAL_SERVICE_TCP[@]} ; do
          $IPT -A INPUT -p tcp -d $EXTIP -i $EXTIF --dport $port -j ACCEPT ;
          let a=$a+1;
      done;
      echo "($a)";
        ## INPUT Z VONKU UDP
      ############################################################################
      echo -n "FW: ACCEPTing external UDP services... ";
      let a=0;
      for port in ${EXTERNAL_SERVICE_UDP[@]} ; do
          $IPT -A INPUT -p udp -d $EXTIP -i $EXTIF --dport $port -j ACCEPT ;
          let a=$a+1;
      done;
      echo "($a)";
    
      ## INPUT Z WIFI TCP
      ############################################################################
      echo -n "FW: ACCEPTing wifi TCP services... ";
      let a=0;
      for port in ${WIFI_SERVICE_TCP[@]} ; do
          $IPT -A INPUT -i $WIFI -p tcp  --dport $port -j ACCEPT ;
          let a=$a+1;
      done;
      echo "($a)";
      ## INPUT Z WIFI UDP
      ############################################################################
      echo -n "FW: ACCEPTing wifi UDP services... ";
      let a=0;
      for port in ${WIFI_SERVICE_UDP[@]} ; do
          $IPT -A INPUT -i $WIFI -p udp  --dport $port -j ACCEPT ;
          let a=$a+1;
      done;
      echo "($a)";
    
      echo "Firewall rules applied!"
      trap - 2 3
    }
    
    stop() {
      trap "" 2 3
      echo "Stopping $prog: "
    
    
      CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null`
      for i in $CHAINS
      do
       $IPT -t $i -F
      done
      for i in $CHAINS
      do
       $IPT -t $i -X
      done
    
      echo "Setting default policies to ACCEPT"
      $IPT -P INPUT ACCEPT
      $IPT -P OUTPUT ACCEPT
      $IPT -P FORWARD ACCEPT
    
      trap - 2 3
    }
    
    restart() {
      stop
      start
    }
    
    case "$1" in
      start)
            start
            ;;
      stop)
            stop
            ;;
      restart)
            restart
            ;;
      *)
            echo $"Usage: $0 {start|stop|restart}"
            exit 1
    esac
    
    exit $?
    
    
    
    
    

    Odpovědi

    1.8.2008 20:38 Dejv | skóre: 37 | blog: Jak ten blog nazvat ... ? | Ostrava
    Rozbalit Rozbalit vše Re: Problem s Firewallom

    Strilim od boku, ale tipnul bych si, ze ta vpn by potrebovala jeste prohnat natem. Jake v ni mas adresy? Mozna to tam nekde mas, ale ja to nenasel. Jestli ve vpn mas jiny rozsah adres, (coz asi ano), tak k nemu jsem v tom skriptu nic nenasel, takze fw potom sice akceptuje vse, co prislo z tap0, ale ty pakety se pak asi routuji na vychozi branu a ne na mistni rozhrani.

    No, tak jsem se tu ted pred zkusenejsima asi pekne ztrapnil, ze jo :-D, tak ty moje blaboly prosim nekdo uvedte na pravou miru :-) Diky :-D


    Dejv
    Pevně věřím, že zkušenější uživatelé mě s mými nápady usměrní a pošlou tam, kam tyto nápady patří...
    1.8.2008 20:53 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Noo to je pravda,ze tam nic nemam co sa tyka natu,ale skusal som dopisat do firewallu
    
    > iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT
    > iptables -t nat -A POSTROUTING -s 10.0.1.0/255.255.255.0 -o tap0 -j MASQUERADE 
    > iptables -t nat -A POSTROUTING -s 10.0.1.0/255.255.255.0 -o eth0 -j MASQUERADE 
    > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
    > iptables -A FORWARD -i tap0 -j ACCEPT
    > iptables -A INPUT -i tap0 -j ACCEPT
    > iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT
    

    ale aj tak mi ssh nefunguje,ostatne sluzby mam kompletne pristupne z vpn..Ale co je divne,ze sluzby ktore mam vypisane v external services tak vsetky funguju okrem ssh aj napriek tomu ze ho tam mam vypisany...
    1.8.2008 22:08 tezkatlipoka | skóre: 35
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    hrozne blbe se mi to cte, zlatej firewall s jednotlivejma pravidlama. Kazdopadne pokud jsem neprehlidnul nejakej drop, ne predřazené pravidlo o tap ci ssh, tak pravidlo

    $IPT -A INPUT -i tap0 -j ACCEPT

    by melo povolit vsechno z VPN, nehlede na ostatni pravidla. Jesli ti ostatni sluzby skrz VPN chodej, neni mozne ze je ssh omezeno akorat na nejake rozhrani? Pokud mas dobre routovani, zadnej NAT na VPN nepotrebujes, a pokud jde o pristup na SSH serveru, pravidla pro forward se na tebe nevztahuji.
    Vaše řeč budiž ano, ano, ne, ne. Co je nad to, je od ďábla.
    3.8.2008 22:33 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    no ale bohuzel ten accept mi nepomohl,sam se tomu cudujem, ked dam pripojenie na ssh tak vypise connection closed by remote host :-( ...Jedine ako sa viem na dany stroj napojit je,ze sa napojim na vpn,potom sa napojim na ssh dalsieho servera v sieti a z neho sa napojim na danu gateway,inak to proste nejde :-(
    4.8.2008 08:43 tezkatlipoka | skóre: 35
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    mas mznost na chvilku schodit celej firewall a nastavit vsechna default na ACCEPT? Jestli je to vubec problem FW.
    Vaše řeč budiž ano, ano, ne, ne. Co je nad to, je od ďábla.
    3.8.2008 22:44 jirkamailto | skóre: 31
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Tohle sice neni odpoved na Vasi otazku, ale jen se zminim, pouzivam firehol, coz je velmi dobry a flexibilni generator pravidel do IPTABLES. Pouzivam vsude a jsem velmi spokojen, http://firehol.sourceforge.net/. Odpadlo me tim psani techto skriptu a pokud potrebuji povolit sluzbu apod, mam to hned. Jen mam trochu problem na debianu s nfs, ze se po restartu serveru firehol nenastartuje, ale myslim, ze je to jen o tom zvolit spravne poradi startovani sluzeb pri startu.
    4.8.2008 01:29 Martin Šebek | skóre: 18 | blog: Tady je Indiánovo | Mladá Boleslav
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Pošli výpis ip a, ip r a iptables -L INPUT.
    12.8.2008 17:57 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Zdravim a vopred sa ospravedlnujem,ale bol som na dovolenke a teda dlhsiu dobu bez internetu..Posielam vypisy
    
    > ip a
    1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
    2: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
        link/ether 00:10:b5:df:87:1a brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0
    3: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
        link/ether 08:00:09:a9:2e:76 brd ff:ff:ff:ff:ff:ff
        inet 192.168.3.2/24 brd 192.168.3.255 scope global eth1
    4: tap0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
        link/ether 00:ff:ae:4d:75:92 brd ff:ff:ff:ff:ff:ff
        inet 10.0.1.100/24 brd 10.0.1.255 scope global tap0
    
    
    > ip r
    192.168.3.0/24 dev eth1  proto kernel  scope link  src 192.168.3.2 
    10.0.1.0/24 dev tap0  proto kernel  scope link  src 10.0.1.100 
    192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.254 
    127.0.0.0/8 dev lo  scope link 
    default via 192.168.3.1 dev eth1 
    default via 192.168.1.1 dev eth0  metric 1 
    
    > iptables -L INPUT
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    acct_int   all  --  anywhere             anywhere            
    acct_ext   all  --  anywhere             anywhere            
    DROP       all  --  anywhere             anywhere            state INVALID 
    DROP       all  --  anywhere            !192.168.3.2         
    ACCEPT     all  --  anywhere             anywhere            
    ACCEPT     all  --  localhost            anywhere            
    ACCEPT     all  --  192.168.3.2          anywhere            
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:ssh 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:http 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:domain 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:microsoft-ds 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:netbios-ssn 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:nfsd 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:sunrpc 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:831 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:kpasswd 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:946 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:1629 
    ACCEPT     tcp  --  anywhere             192.168.3.2         tcp dpt:1194 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:ssh 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:http 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:domain 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:microsoft-ds 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:netbios-ssn 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:nfsd 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:sunrpc 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:831 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:rxe 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:946 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:1629 
    ACCEPT     udp  --  anywhere             192.168.3.2         udp dpt:1194 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10000 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1194 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:http 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:1194 
    ACCEPT     all  --  anywhere             anywhere            
    
    13.8.2008 07:57 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Ahoj, skus spravit netstat -nta a pozriet sa ci vobec ssh napocuva na spravnom porte. Resp este kukni ps aux | grep ssh ci vobec bezi. BTW - ssh na UDP - hmm?
    13.8.2008 08:04 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Esta ma napadla vec - ci ssh nieje nahodou zablokovane v tichto retazcoch (aj ked to je asi accounting ale predsa..)

    acct_int all -- anywhere anywhere acct_ext all -- anywhere anywhere

    Skus pastnut sem vypis

    ps aux | grep ssh netstat -nta | grep LIST iptables -nvL acct_int iptables -nvL acct_ext
    13.8.2008 08:06 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Pardon, tak to bude citatelne
    ps aux | grep ssh
    netstat -nta | grep LIST
    iptables -nvL acct_int
    iptables -nvL acct_ext
    13.8.2008 18:32 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    No sshd demon mi bezi,tomu som si na 100% isty,kedze sa na ssh bezne pripojim z LAN pripajam ale vypisy ....co sa tyka acct_int a acct_ext tak to su iba chainy na prenesene data pre jednotlive IP...Pozeral som aj konfigurak pre sshd demon,ci to nie je tam obmedzene ale je to vsetko v poriadku..Dokazom je aj to,ze ked zhodim firewall a dam default vsetko na ACCEPT tak sa na ssh pripojim z netu bez problemov..Nooo ssh na udp nebezi,ale uz som bol bezmocny a snazil som sa prehovorit sshd na udp :-)
    > netstat -nta | grep LIST 
    tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN     
    tcp        0      0 10.0.1.100:53           0.0.0.0:*               LISTEN     
    tcp        0      0 192.168.3.2:53          0.0.0.0:*               LISTEN     
    tcp        0      0 192.168.1.254:53        0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
    tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN     
    > iptables -nvL acct_int 
    Chain acct_int (4 references)
     pkts bytes target     prot opt in     out     source               destination         
     2237  157K            tcp  --  *      *       192.168.1.100        0.0.0.0/0           
     2279  332K            tcp  --  *      *       0.0.0.0/0            192.168.1.100       
    14343  949K            udp  --  *      *       192.168.1.100        0.0.0.0/0           
      434  119K            udp  --  *      *       0.0.0.0/0            192.168.1.100       
       96  9120            icmp --  *      *       192.168.1.100        0.0.0.0/0           
       60  4704            icmp --  *      *       0.0.0.0/0            192.168.1.100       
    16676 1115K            all  --  *      *       192.168.1.100        0.0.0.0/0           
     2773  456K            all  --  *      *       0.0.0.0/0            192.168.1.100       
     2177  152K            tcp  --  *      *       192.168.1.101        0.0.0.0/0           
     2218  328K            tcp  --  *      *       0.0.0.0/0            192.168.1.101       
    55196 3555K            udp  --  *      *       192.168.1.101        0.0.0.0/0           
      434  119K            udp  --  *      *       0.0.0.0/0            192.168.1.101       
       96  9120            icmp --  *      *       192.168.1.101        0.0.0.0/0           
      360 21504            icmp --  *      *       0.0.0.0/0            192.168.1.101       
    57469 3717K            all  --  *      *       192.168.1.101        0.0.0.0/0           
     3012  468K            all  --  *      *       0.0.0.0/0            192.168.1.101       
        0     0            tcp  --  *      *       192.168.1.102        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            udp  --  *      *       192.168.1.102        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            icmp --  *      *       192.168.1.102        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            all  --  *      *       192.168.1.102        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            tcp  --  *      *       192.168.1.103        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.103       
        0     0            udp  --  *      *       192.168.1.103        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.103       
        0     0            icmp --  *      *       192.168.1.103        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.103       
        0     0            all  --  *      *       192.168.1.103        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.103       
     2186  153K            tcp  --  *      *       192.168.1.104        0.0.0.0/0           
     2222  328K            tcp  --  *      *       0.0.0.0/0            192.168.1.104       
    78248 5139K            udp  --  *      *       192.168.1.104        0.0.0.0/0           
      434  119K            udp  --  *      *       0.0.0.0/0            192.168.1.104       
       96  9120            icmp --  *      *       192.168.1.104        0.0.0.0/0           
      163 10472            icmp --  *      *       0.0.0.0/0            192.168.1.104       
    80530 5301K            all  --  *      *       192.168.1.104        0.0.0.0/0           
     2819  458K            all  --  *      *       0.0.0.0/0            192.168.1.104       
        0     0            tcp  --  *      *       192.168.1.117        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.117       
        0     0            udp  --  *      *       192.168.1.117        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.117       
        0     0            icmp --  *      *       192.168.1.117        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.117       
        0     0            all  --  *      *       192.168.1.117        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.117       
    15034 2226K            tcp  --  *      *       192.168.1.118        0.0.0.0/0           
    23042   27M            tcp  --  *      *       0.0.0.0/0            192.168.1.118       
      814 84836            udp  --  *      *       192.168.1.118        0.0.0.0/0           
      385 90917            udp  --  *      *       0.0.0.0/0            192.168.1.118       
        2   168            icmp --  *      *       192.168.1.118        0.0.0.0/0           
       63  6506            icmp --  *      *       0.0.0.0/0            192.168.1.118       
    15850 2311K            all  --  *      *       192.168.1.118        0.0.0.0/0           
    23490   28M            all  --  *      *       0.0.0.0/0            192.168.1.118       
        0     0            tcp  --  *      *       192.168.1.119        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            udp  --  *      *       192.168.1.119        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            icmp --  *      *       192.168.1.119        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            all  --  *      *       192.168.1.119        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            tcp  --  *      *       192.168.1.120        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            udp  --  *      *       192.168.1.120        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            icmp --  *      *       192.168.1.120        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            all  --  *      *       192.168.1.120        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            tcp  --  *      *       192.168.1.121        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            udp  --  *      *       192.168.1.121        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            icmp --  *      *       192.168.1.121        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            all  --  *      *       192.168.1.121        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            tcp  --  *      *       192.168.1.122        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.122       
        0     0            udp  --  *      *       192.168.1.122        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.122       
        0     0            icmp --  *      *       192.168.1.122        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.122       
        0     0            all  --  *      *       192.168.1.122        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.122       
    87226   10M            tcp  --  *      *       192.168.1.123        0.0.0.0/0           
     109K  101M            tcp  --  *      *       0.0.0.0/0            192.168.1.123       
     1278  151K            udp  --  *      *       192.168.1.123        0.0.0.0/0           
      726  279K            udp  --  *      *       0.0.0.0/0            192.168.1.123       
       21  1708            icmp --  *      *       192.168.1.123        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.123       
    88525   11M            all  --  *      *       192.168.1.123        0.0.0.0/0           
     110K  101M            all  --  *      *       0.0.0.0/0            192.168.1.123       
        0     0            tcp  --  *      *       192.168.1.124        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.124       
        0     0            udp  --  *      *       192.168.1.124        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.124       
        0     0            icmp --  *      *       192.168.1.124        0.0.0.0/0           
       48  4032            icmp --  *      *       0.0.0.0/0            192.168.1.124       
        0     0            all  --  *      *       192.168.1.124        0.0.0.0/0           
       48  4032            all  --  *      *       0.0.0.0/0            192.168.1.124       
    > iptables -nvL acct_ext 
    Chain acct_ext (4 references)
     pkts bytes target     prot opt in     out     source               destination
    14.8.2008 13:54 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Este otazka - ked sa pripajaz cez VPN - na aku adresu? Lebo ak na adresu VPN iface tak to ti samozrejme nepojde kvoli pravidlu:
    DROP all -- anywhere !192.168.3.2
    Ak sa pripajas na 192.168.3.2 - mozes poslat sem lokalnu routovaciu tabulku? Este jedna vec - pls daj vystup
    iptables -nvL
    lebo nevidim rozhrania tabulkach na ktorych to filtruje.
    Cakaaaam.... :)
    15.8.2008 18:15 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Zdravim,takze ked sa pripajam na VPN skusal som ssh jak na 10.0.1.100,co je adresa tap0 rozhrania,skusal som i 192.168.3.2,co je adresa rozhrania eth0 a skusal som i 192.168.1.254,co je adresa rozhrania eth1, ale na vsetkych tie iste hlasky...Posielam teda vypis ;-)
    > iptables -nvL
    Chain INPUT (policy DROP 17098 packets, 1602K bytes)
     pkts bytes target     prot opt in     out     source               destination         
    24672 2070K acct_int   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    46374 4396K acct_ext   all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
        0     0 DROP       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           state INVALID 
     2755 77140 DROP       all  --  eth1   *       0.0.0.0/0           !192.168.3.2         
     3908  823K ACCEPT     all  --  tap0   *       0.0.0.0/0            0.0.0.0/0           
    22651 1742K ACCEPT     all  --  lo     *       127.0.0.1            0.0.0.0/0           
        0     0 ACCEPT     all  --  lo     *       192.168.3.2          0.0.0.0/0           
    51610 9430K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
       12   672 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:22 
      141  8156 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:80 
        1    48 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:53 
     1816  124K ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:445 
      362 16248 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:139 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:2049 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:111 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:831 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:761 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:946 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:1629 
        0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.3.2         tcp dpt:1194 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:22 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:80 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:53 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:445 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:139 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:2049 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:111 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:831 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:761 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:946 
        0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:1629 
        3   126 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.3.2         udp dpt:1194 
       81  3888 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
        1    52 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1194 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 
     2982  180K ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:22 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1194 
        0     0 ACCEPT     all  --  tap0   *       0.0.0.0/0            0.0.0.0/0           
    
    Chain FORWARD (policy DROP 69285 packets, 4551K bytes)
     pkts bytes target     prot opt in     out     source               destination         
     300K  299M acct_int   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
     495K   43M acct_int   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
        0     0 acct_ext   all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
        0     0 acct_ext   all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
     509K  326M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
     4000  513K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
      188 11245 ACCEPT     all  --  tap0   eth1    0.0.0.0/0            0.0.0.0/0           
      776 46560 ACCEPT     tcp  --  eth0   eth1    192.168.1.100        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.100        0.0.0.0/0           multiport dports 80 
      775 46500 ACCEPT     tcp  --  eth0   eth1    192.168.1.101        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.101        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.102        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.102        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.103        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.103        0.0.0.0/0           multiport dports 80 
      770 46200 ACCEPT     tcp  --  eth0   eth1    192.168.1.104        0.0.0.0/0           multiport dports 80 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.104        0.0.0.0/0           multiport dports 80 
     210K   14M ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     all  --  eth0   tap0    0.0.0.0/0            0.0.0.0/0           
       59  3588 ACCEPT     all  --  tap0   eth0    0.0.0.0/0            0.0.0.0/0           
        7   588 ACCEPT     all  --  eth1   tap0    0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 5222,5223 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.118        0.0.0.0/0           multiport dports 5222,5223 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 80,443,5190,22,110,995,143,993,25,465,1194,139 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 6669,21,20,990,989,873,5060,1194 
        0     0 ACCEPT     tcp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 5222,5223 
        0     0 ACCEPT     udp  --  eth0   eth1    192.168.1.123        0.0.0.0/0           multiport dports 5222,5223 
    
    Chain OUTPUT (policy ACCEPT 111K packets, 20M bytes)
     pkts bytes target     prot opt in     out     source               destination         
    35162 4740K acct_int   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    46374 4396K acct_ext   all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    
    Chain acct_ext (4 references)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain acct_int (4 references)
     pkts bytes target     prot opt in     out     source               destination         
     4448  311K            tcp  --  *      *       192.168.1.100        0.0.0.0/0           
     4524  663K            tcp  --  *      *       0.0.0.0/0            192.168.1.100       
    74635 4925K            udp  --  *      *       192.168.1.100        0.0.0.0/0           
      864  327K            udp  --  *      *       0.0.0.0/0            192.168.1.100       
      191 18134            icmp --  *      *       192.168.1.100        0.0.0.0/0           
      207 14280            icmp --  *      *       0.0.0.0/0            192.168.1.100       
    79274 5254K            all  --  *      *       192.168.1.100        0.0.0.0/0           
     5595 1004K            all  --  *      *       0.0.0.0/0            192.168.1.100       
     4345  304K            tcp  --  *      *       192.168.1.101        0.0.0.0/0           
     4421  655K            tcp  --  *      *       0.0.0.0/0            192.168.1.101       
    63342 4079K            udp  --  *      *       192.168.1.101        0.0.0.0/0           
      864  327K            udp  --  *      *       0.0.0.0/0            192.168.1.101       
      192 18240            icmp --  *      *       192.168.1.101        0.0.0.0/0           
      444 27552            icmp --  *      *       0.0.0.0/0            192.168.1.101       
    67879 4401K            all  --  *      *       192.168.1.101        0.0.0.0/0           
     5729 1009K            all  --  *      *       0.0.0.0/0            192.168.1.101       
        0     0            tcp  --  *      *       192.168.1.102        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            udp  --  *      *       192.168.1.102        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            icmp --  *      *       192.168.1.102        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            all  --  *      *       192.168.1.102        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.102       
        0     0            tcp  --  *      *       192.168.1.103        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.103       
        0     0            udp  --  *      *       192.168.1.103        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.103       
        0     0            icmp --  *      *       192.168.1.103        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.103       
        0     0            all  --  *      *       192.168.1.103        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.103       
     4341  304K            tcp  --  *      *       192.168.1.104        0.0.0.0/0           
     4422  655K            tcp  --  *      *       0.0.0.0/0            192.168.1.104       
     131K 8595K            udp  --  *      *       192.168.1.104        0.0.0.0/0           
      864  327K            udp  --  *      *       0.0.0.0/0            192.168.1.104       
      192 18240            icmp --  *      *       192.168.1.104        0.0.0.0/0           
      450 27888            icmp --  *      *       0.0.0.0/0            192.168.1.104       
     135K 8917K            all  --  *      *       192.168.1.104        0.0.0.0/0           
     5736 1010K            all  --  *      *       0.0.0.0/0            192.168.1.104       
        0     0            tcp  --  *      *       192.168.1.117        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.117       
        0     0            udp  --  *      *       192.168.1.117        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.117       
        0     0            icmp --  *      *       192.168.1.117        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.117       
        0     0            all  --  *      *       192.168.1.117        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.117       
    25861 3831K            tcp  --  *      *       192.168.1.118        0.0.0.0/0           
    40112   47M            tcp  --  *      *       0.0.0.0/0            192.168.1.118       
     3723  448K            udp  --  *      *       192.168.1.118        0.0.0.0/0           
     2571  412K            udp  --  *      *       0.0.0.0/0            192.168.1.118       
        3   252            icmp --  *      *       192.168.1.118        0.0.0.0/0           
      135 12534            icmp --  *      *       0.0.0.0/0            192.168.1.118       
    29587 4280K            all  --  *      *       192.168.1.118        0.0.0.0/0           
    42818   48M            all  --  *      *       0.0.0.0/0            192.168.1.118       
        0     0            tcp  --  *      *       192.168.1.119        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            udp  --  *      *       192.168.1.119        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            icmp --  *      *       192.168.1.119        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            all  --  *      *       192.168.1.119        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.119       
        0     0            tcp  --  *      *       192.168.1.120        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            udp  --  *      *       192.168.1.120        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            icmp --  *      *       192.168.1.120        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            all  --  *      *       192.168.1.120        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.120       
        0     0            tcp  --  *      *       192.168.1.121        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            udp  --  *      *       192.168.1.121        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            icmp --  *      *       192.168.1.121        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            all  --  *      *       192.168.1.121        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.121       
        0     0            tcp  --  *      *       192.168.1.122        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.122       
        0     0            udp  --  *      *       192.168.1.122        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.122       
        0     0            icmp --  *      *       192.168.1.122        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.122       
        0     0            all  --  *      *       192.168.1.122        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.122       
     188K   20M            tcp  --  *      *       192.168.1.123        0.0.0.0/0           
     245K  250M            tcp  --  *      *       0.0.0.0/0            192.168.1.123       
     2924  354K            udp  --  *      *       192.168.1.123        0.0.0.0/0           
     1614  671K            udp  --  *      *       0.0.0.0/0            192.168.1.123       
       42  3444            icmp --  *      *       192.168.1.123        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.123       
     191K   21M            all  --  *      *       192.168.1.123        0.0.0.0/0           
     247K  251M            all  --  *      *       0.0.0.0/0            192.168.1.123       
        0     0            tcp  --  *      *       192.168.1.124        0.0.0.0/0           
        0     0            tcp  --  *      *       0.0.0.0/0            192.168.1.124       
        0     0            udp  --  *      *       192.168.1.124        0.0.0.0/0           
        0     0            udp  --  *      *       0.0.0.0/0            192.168.1.124       
        0     0            icmp --  *      *       192.168.1.124        0.0.0.0/0           
       96  8064            icmp --  *      *       0.0.0.0/0            192.168.1.124       
        0     0            all  --  *      *       192.168.1.124        0.0.0.0/0           
       96  8064            all  --  *      *       0.0.0.0/0            192.168.1.124       
    

    a routrovacia tabulka
    
    > route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
    10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0
    192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
    127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
    0.0.0.0         192.168.3.1     0.0.0.0         UG    0      0        0 eth1
    0.0.0.0         192.168.1.1     0.0.0.0         UG    1      0        0 eth0
    
    16.8.2008 08:39 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Jee, uz som in.
    Hm, no pravidla vypadaju byt ok, skus spustit tcpdump -i tap0 -nv na smerovaci a skus sa pripoit na SSH cez VPN (asi budes musit to spravit z intranetu az mas pristup na ssh) - a pozri ake chodia pakety (mozes aj pastnut sem).
    BWT - som sa zle vyjadril v prechadzajucom poste - lokalnu routovaciu tabulku na VPN kliente ked si pripojeny na VPN.
    Este jedna vec - na konci tabuliek INPUT a FORWARD v firewalle docasne pridaj logovanie:
    $IPT -A INPUT -j LOG --log-prefix "IN DROP: "
    $IPT -A FORWARD -j LOG --log-prefix "FWD DROP: "
    - bude podstatne jednoduchsy troubleshooting. (tail -f /var/log/messages)
    17.8.2008 09:01 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Zdravim,takze posielam moju lokalnu routrovaciu tabulku
    
    >route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    91.127.61.32    10.0.0.138      255.255.255.255 UGH   0      0        0 eth1
    10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
    0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 tap0
    0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tap0 
    
    este dodam,ze pripajam sa z internetu,tak preto ta divna destinacia ( O2 ;-)

    Pridavam vypisy tcpdump,tie divne pripajania na port 10000 su na webmin ;-)
    
    07:50:08.995586 IP (tos 0x0, ttl  64, id 16636, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.43004 > 192.168.1.254.10000: F, cksum 0x2b40 (correct), 13315:13315(0) ack 17233 win 1347 nop,nop,timestamp 8863345 48110677
    07:50:08.995692 IP (tos 0x0, ttl  64, id 42488, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.254.10000 > 10.0.1.1.43004: ., cksum 0x9f80 (correct), ack 13316 win 37100 nop,nop,timestamp 48110699 8863345
    07:50:25.096541 IP (tos 0x0, ttl  64, id 27071, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.37890 > 192.168.1.254.22: S, cksum 0x00da (correct), 1512908695:1512908695(0) win 5488 mss 1337,sackOK,timestamp 8867368 0,nop,wscale 5
    07:50:25.096645 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.254.22 > 10.0.1.1.37890: S, cksum 0x92dc (correct), 1356723669:1356723669(0) ack 1512908696 win 5792 mss 1460,sackOK,timestamp 48112309 8867368,nop,wscale 0
    07:50:25.185012 IP (tos 0x0, ttl  64, id 27072, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.37890 > 192.168.1.254.22: ., cksum 0xd77f (correct), ack 1 win 172 nop,nop,timestamp 8867390 48112309
    07:50:30.661216 IP (tos 0x0, ttl  64, id 55144, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.254.22 > 10.0.1.1.37890: F, cksum 0xbf5d (correct), 1:1(0) ack 1 win 5792 nop,nop,timestamp 48112866 8867390
    07:50:30.750848 IP (tos 0x0, ttl  64, id 27073, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.37890 > 192.168.1.254.22: F, cksum 0xcfe2 (correct), 1:1(0) ack 2 win 172 nop,nop,timestamp 8868780 48112866
    07:50:30.750963 IP (tos 0x0, ttl  64, id 55145, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.254.22 > 10.0.1.1.37890: ., cksum 0xb9e5 (correct), ack 2 win 5792 nop,nop,timestamp 48112875 8868780
    07:50:37.346161 IP (tos 0x0, ttl  64, id 7346, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.46011 > 192.168.3.2.22: S, cksum 0xa998 (correct), 1705395886:1705395886(0) win 5488 mss 1337,sackOK,timestamp 8870428 0,nop,wscale 5
    07:50:37.346321 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.3.2.22 > 10.0.1.1.46011: S, cksum 0xa891 (correct), 1361937350:1361937350(0) ack 1705395887 win 5792 mss 1460,sackOK,timestamp 48113534 8870428,nop,wscale 0
    07:50:37.435479 IP (tos 0x0, ttl  64, id 7347, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.46011 > 192.168.3.2.22: ., cksum 0xed33 (correct), ack 1 win 172 nop,nop,timestamp 8870451 48113534
    07:50:42.471158 IP (tos 0x0, ttl  64, id 42048, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.3.2.22 > 10.0.1.1.46011: F, cksum 0xd53d (correct), 1:1(0) ack 1 win 5792 nop,nop,timestamp 48114047 8870451
    07:50:42.563147 IP (tos 0x0, ttl  64, id 7348, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.46011 > 192.168.3.2.22: F, cksum 0xe62f (correct), 1:1(0) ack 2 win 172 nop,nop,timestamp 8871732 48114047
    07:50:42.563230 IP (tos 0x0, ttl  64, id 42049, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.3.2.22 > 10.0.1.1.46011: ., cksum 0xd032 (correct), ack 2 win 5792 nop,nop,timestamp 48114056 8871732
    07:50:48.033087 IP (tos 0x0, ttl  64, id 27329, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.38552 > 10.0.1.100.22: S, cksum 0xa3a7 (correct), 1861619275:1861619275(0) win 5488 mss 1337,sackOK,timestamp 8873098 0,nop,wscale 5
    07:50:48.033232 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.100.22 > 10.0.1.1.38552: S, cksum 0xb49f (correct), 1371958529:1371958529(0) ack 1861619276 win 5792 mss 1460,sackOK,timestamp 48114603 8873098,nop,wscale 0
    07:50:48.122791 IP (tos 0x0, ttl  64, id 27330, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.38552 > 10.0.1.100.22: ., cksum 0xf941 (correct), ack 1 win 172 nop,nop,timestamp 8873121 48114603
    07:50:53.151075 IP (tos 0x0, ttl  64, id 18102, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.100.22 > 10.0.1.1.38552: F, cksum 0xe14c (correct), 1:1(0) ack 1 win 5792 nop,nop,timestamp 48115115 8873121
    07:50:53.241263 IP (tos 0x0, ttl  64, id 27331, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.1.38552 > 10.0.1.100.22: F, cksum 0xf240 (correct), 1:1(0) ack 2 win 172 nop,nop,timestamp 8874400 48115115
    07:50:53.241316 IP (tos 0x0, ttl  64, id 18103, offset 0, flags [DF], proto: TCP (6), length: 52) 10.0.1.100.22 > 10.0.1.1.38552: ., cksum 0xdc43 (correct), ack 2 win 5792 nop,nop,timestamp 48115124 8874400
    07:51:06.637279 IP (tos 0x0, ttl  64, id 30388, offset 0, flags [DF], proto: UDP (17), length: 58) 10.0.1.1.36934 > 10.0.1.100.53:  394+ A? www.danet.sk. (30)
    07:51:06.638095 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 108) 10.0.1.100.53 > 10.0.1.1.36934:  394* 2/1/0 www.danet.sk. CNAME horus.danet.sk., horus.danet.sk. (80)
    07:51:06.726574 IP (tos 0x0, ttl  64, id 52135, offset 0, flags [DF], proto: TCP (6), length: 60) 10.0.1.1.43008 > 192.168.1.254.10000: S, cksum 0xe0c8 (correct), 2160967021:2160967021(0) win 5488 mss 1337,sackOK,timestamp 8877770 0,nop,wscale 5
    07:51:06.726683 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.254.10000 > 10.0.1.1.43008: S, cksum 0x3df1 (correct), 1414600441:1414600441(0) ack 2160967022 win 5792 mss 1460,sackOK,timestamp 48116472 8877770,nop,wscale 0
    
    a nakoniec log z firewallu
    
    Aug 17 07:49:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19198 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:50:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19199 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:50:25 horus sshd[8927]: refused connect from 10.0.1.1 (10.0.1.1)
    Aug 17 07:50:37 horus sshd[8952]: refused connect from 10.0.1.1 (10.0.1.1)
    Aug 17 07:50:37 horus kernel: FWD DROP: IN=eth1 OUT=eth0 SRC=87.197.246.186 DST=192.168.1.104 LEN=56 TOS=0x00 PREC=0xC0 TTL=249 ID=2696 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.104 DST=172.16.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=57 ID=52077 DF PROTO=UDP SPT=3111 DPT=28007 LEN=52 ] 
    Aug 17 07:50:48 horus sshd[8971]: refused connect from 10.0.1.1 (10.0.1.1)
    Aug 17 07:50:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19200 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:51:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19201 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:51:27 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=1011 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
    Aug 17 07:51:34 horus kernel: IN DROP: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.1.254 DST=192.168.1.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=27683 SEQ=1 
    Aug 17 07:51:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19202 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:51:58 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=39024 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
    Aug 17 07:51:58 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=50677 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
    Aug 17 07:52:22 horus kernel: IN DROP: IN=eth1 OUT= MAC=08:00:09:a9:2e:76:00:0e:f4:05:c4:9c:08:00 SRC=125.76.244.134 DST=192.168.3.2 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=7767 PROTO=TCP SPT=5222 DPT=16174 WINDOW=0 RES=0x00 ACK RST URGP=0 
    Aug 17 07:52:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19203 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:52:34 horus kernel: FWD DROP: IN=eth1 OUT=eth0 SRC=87.197.246.186 DST=192.168.1.101 LEN=56 TOS=0x00 PREC=0xC0 TTL=249 ID=2931 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.101 DST=172.16.1.1 LEN=77 TOS=0x00 PREC=0x00 TTL=57 ID=44894 DF PROTO=UDP SPT=3075 DPT=28007 LEN=57 ] 
    Aug 17 07:52:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19204 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:53:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19205 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:53:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19206 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:54:20 horus kernel: IN DROP: IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=192.168.1.255 LEN=242 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=222 
    Aug 17 07:54:20 horus kernel: IN DROP: IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=192.168.1.255 LEN=234 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=214 
    Aug 17 07:54:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19207 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:54:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19208 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:55:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19209 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:55:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19210 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:56:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19211 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:56:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19212 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:57:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19213 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:57:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19214 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:58:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19215 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:58:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19216 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:59:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19217 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 07:59:54 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19218 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 08:00:24 horus kernel: IN DROP: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:72:60:5e:08:00 SRC=192.168.1.3 DST=192.168.1.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=19219 PROTO=UDP SPT=520 DPT=520 LEN=52 
    Aug 17 08:00:48 horus kernel: FWD DROP: IN=eth1 OUT=eth0 SRC=87.197.246.186 DST=192.168.1.104 LEN=56 TOS=0x00 PREC=0xC0 TTL=249 ID=3924 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.104 DST=172.16.1.1 LEN=65 TOS=0x00 PREC=0x00 TTL=57 ID=52506 DF PROTO=UDP SPT=3111 DPT=28007 LEN=45 ] 
    17.8.2008 09:38 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Ahoj, neideme sem postit kopu dumpov, 261837062
    17.8.2008 10:43 deejay | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    Ahoj,nechapem tvojej odpovedi
    17.8.2008 14:38 devicebusy | skóre: 2
    Rozbalit Rozbalit vše Re: Problem s Firewallom
    No to je moje ICQ, potom sem pastneme uz hotove riesenie, lebo uz to zacina byt necitatelne :)

    Založit nové vláknoNahoru

    Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

    ISSN 1214-1267   www.czech-server.cz
    © 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.