From: "Половников Денис" <fox@transbank.ru>
To: Dmitry Lebkov <community@altlinux.ru>
Subject: Re[6]: [Comm] IPtables
Date: Thu, 27 Feb 2003 14:34:19 +0300
Message-ID: <97168612484.20030227143419@transbank.ru> (raw)
In-Reply-To: <20030227200544.29667880.dima@sakhalin.ru>
Здравствуйте, Dmitry.
Вы писали 27 февраля 2003 г., 13:05:44:
DL> Я так понимаю, что это уже после ручной правки. Сделай
DL> резервную копию и всетаки сделай service iptables save
DL> (just note: не из спортивного же интереса я просил результат
DL> save -- результаты ручной правки тяжко парсить глазами).
DL> И вот то, что получится - покажи.
DL> Хотя вот, только что заметил ... У тебя отсутствует правило:
DL> FORWARD -d 10.0.1.124 --dport 5122 -j ACCEPT
DL> Вот это оно самое и есть.
Вот вывод команды service iptables save
# Generated by iptables-save v1.2.4 on Thu Feb 27 14:13:05 2003
*filter
:INPUT ACCEPT [15:1688]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:droplog - [0:0]
[0:0] -A INPUT -i lo -j ACCEPT
[23502:2893709] -A INPUT -i eth1 -j ACCEPT
[3:111] -A INPUT -p icmp -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A INPUT -d 217.69.198.30 -i eth0 -p tcp -m tcp --dport 60179 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A INPUT -d 217.69.198.58 -i eth0 -p tcp -m tcp --dport 2900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A INPUT -d 217.69.198.58 -i eth0 -p tcp -m tcp --dport 2847 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A INPUT -d 217.69.198.30 -i eth0 -p tcp -m tcp --dport 24554 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[6:288] -A INPUT -i eth0 -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --sport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[27259:30913801] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
[439:190184] -A INPUT -d 217.69.198.30 -p udp -m udp --dport 55777 -j ACCEPT
[0:0] -A INPUT -d 217.69.198.58 -p udp -m udp --dport 5122 -j ACCEPT
[435:180037] -A INPUT -d 217.69.198.30 -p udp -m udp --dport 55778 -j ACCEPT
[23:18512] -A INPUT -i eth0 -j droplog
[2:112] -A FORWARD -p icmp -j ACCEPT
[133:6556] -A FORWARD -o eth0 -p tcp -m tcp --dport 110 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -o eth0 -p tcp -m tcp --dport 995 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[2:96] -A FORWARD -o eth0 -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -o eth0 -p tcp -m tcp --dport 465 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -o eth0 -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -o eth0 -p tcp -m tcp --dport 20 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[3:144] -A FORWARD -o eth0 -p tcp -m tcp --dport 5190 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -o eth0 -p tcp -m tcp --dport 55 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.4 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.6 -p tcp -m tcp --dport 7001 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.6 -p tcp -m tcp --dport 2900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.7 -p tcp -m tcp --dport 7001 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.7 -p tcp -m tcp --dport 7777 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.7 -p tcp -m tcp --dport 7090:7110 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.7 -p tcp -m tcp --dport 2900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[390:47883] -A FORWARD -s 10.0.1.7 -p udp -m udp --dport 55777 -j ACCEPT
[383:46829] -A FORWARD -s 10.0.1.8 -p udp -m udp --dport 55777 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.8 -p tcp -m tcp --dport 7001 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[40:1920] -A FORWARD -s 10.0.1.9 -p tcp -m tcp --dport 12801 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p tcp -m tcp --dport 4661 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p tcp -m tcp --dport 4662 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 4661 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 4662 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[12:420] -A FORWARD -d 10.0.1.124 -p udp -m udp --dport 5122 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27530 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 4665 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p tcp -m tcp --dport 3306 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27005 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27010 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27011 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27012 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27015 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27025 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 27017 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p udp -m udp --dport 5122 -j ACCEPT
[314:12560] -A FORWARD -s 10.0.1.124 -p udp -m udp --dport 5122 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p udp -m udp --dport 1716 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p udp -m udp --dport 1717 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p udp -m udp --dport 1718 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p udp -m udp --dport 8777 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p udp -m udp --dport 27900 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p udp -m udp --dport 5122 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p udp -m udp --dport 21000 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p udp -m udp --dport 21001 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p udp -m udp --dport 21002 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p udp -m udp --dport 21003 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 7002 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 6003 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 20045 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 28900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p tcp -m tcp --dport 7002 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.115 -p tcp -m tcp --dport 6003 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 6667 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.124 -p tcp -m tcp --dport 6666 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p tcp -m tcp --dport 6667 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.161 -p tcp -m tcp --dport 6666 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 21000 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 21001 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 21002 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 21003 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 2847 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 2848 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 7002 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p tcp -m tcp --dport 6003 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 5122 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27005 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27010 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27011 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27012 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27015 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27025 -j ACCEPT
[0:0] -A FORWARD -s 10.0.1.10 -p udp -m udp --dport 27017 -j ACCEPT
[106:17111] -A FORWARD -i eth0 -p udp -m udp --sport 53 -j ACCEPT
[150:9655] -A FORWARD -o eth0 -p udp -m udp --dport 53 -j ACCEPT
[11401:2572468] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[30:1668] -A FORWARD -j droplog
[0:0] -A OUTPUT -o lo -j ACCEPT
[31890:30458697] -A OUTPUT -o eth1 -j ACCEPT
[3:111] -A OUTPUT -p icmp -j ACCEPT
[1380:82800] -A OUTPUT -o eth0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[23353:1905478] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
[0:0] -A OUTPUT -d 217.69.198.30 -p udp -m udp --dport 55777 -j ACCEPT
[0:0] -A OUTPUT -d 217.69.198.58 -p udp -m udp --dport 5122 -j ACCEPT
[0:0] -A OUTPUT -d 217.69.198.30 -p udp -m udp --dport 55778 -j ACCEPT
[0:0] -A OUTPUT -o eth0 -j droplog
[53:20180] -A droplog -j LOG
[53:20180] -A droplog -j DROP
COMMIT
# Completed on Thu Feb 27 14:13:05 2003
# Generated by iptables-save v1.2.4 on Thu Feb 27 14:13:05 2003
*nat
:PREROUTING ACCEPT [1424:99393]
:POSTROUTING ACCEPT [1305:78250]
:OUTPUT ACCEPT [1303:78180]
[2:70] -A PREROUTING -d 217.69.198.58 -p udp -m udp --dport 5122 -j DNAT --to-destination 10.0.1.124
[297:17999] -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -s 217.69.198.0/255.255.255.224 -o eth0 -j MASQUERADE
[0:0] -A OUTPUT -d 217.69.198.58 -p udp -m udp --dport 5122 -j DNAT --to-destination 10.0.1.124
COMMIT
# Completed on Thu Feb 27 14:13:05 2003
С уважением,
Половников Денис
next prev parent reply other threads:[~2003-02-27 11:34 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-26 12:31 Половников Денис
2003-02-26 12:46 ` Alexey I. Froloff
2003-02-27 6:12 ` Re[2]: " Половников Денис
2003-02-27 6:55 ` Alexey I. Froloff
2003-02-27 8:10 ` Re[2]: " Половников Денис
2003-02-27 8:24 ` Maxim.Savrilov
2003-02-27 9:02 ` Vitaly Ostanin
2003-02-27 9:04 ` Dmitry Lebkov
2003-02-27 10:50 ` Re[2]: [Comm] [JT] IPtables Maxim.Savrilov
2003-02-27 8:35 ` Re[2]: [Comm] IPtables Dmitry Lebkov
2003-02-27 9:36 ` Re[4]: " Половников Денис
2003-02-27 10:05 ` Dmitry Lebkov
2003-02-27 11:34 ` Половников Денис [this message]
2003-02-27 12:17 ` Re[6]: " Dmitry Lebkov
2003-02-28 6:17 ` Re[8]: " Половников Денис
2003-02-28 12:53 ` Dmitry Lebkov
2003-02-28 13:31 ` Владимир
2003-02-27 10:25 ` Alexey I. Froloff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=97168612484.20030227143419@transbank.ru \
--to=fox@transbank.ru \
--cc=community@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git