* Re: [Sarlug] squid СРОЧНО
@ 2008-03-26 9:27 linderoxxx
2008-03-26 9:35 ` Aleksei Sinitsyn
0 siblings, 1 reply; 2+ messages in thread
From: linderoxxx @ 2008-03-26 9:27 UTC (permalink / raw)
To: Saratov Linux User Group Maillist
iptables -L
master@local ~ $ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:45689
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.0.3.0/24 anywhere tcp dpt:20003
ACCEPT all -- 10.0.3.0/24 anywhere
ACCEPT all -- 10.0.3.3 anywhere
ACCEPT all -- anywhere 10.0.3.0/24 state
RELATED,ESTABLISHED
ACCEPT icmp -- 10.0.3.0/24 anywhere
ACCEPT tcp -- 10.0.3.0/24 anywhere tcp dpt:https
ACCEPT tcp -- 10.0.3.0/24 anywhere tcp dpt:aol
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg
3/min burst 3 LOG level info prefix `ACC_IN:'
ACCEPT tcp -- 10.0.3.0/24 anywhere tcp spt:http
master@local ~ $ sudo cat /fw/iptables
#!/bin/sh
#clear all chains
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level 6 --log-prefix "ACC_IN:"
iptables -A OUTPUT -o ppp0 -s 10.0.3.0/255.255.255.0 -p tcp --sport 80
-j ACCEPT
#iptables -A OUTPUT -p tcp -s 10.0.3.0/24
iptables -t nat -A PREROUTING -s 10.0.3.1/24 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 4000
#
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port smtp -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port ssh -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port http -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port 45689 -j ACCEPT
iptables -P INPUT DROP
# ati
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port 20003 -j ACCEPT
iptables -A FORWARD -s 10.0.3.2/24 -j ACCEPT
iptables -A FORWARD -s 10.0.3.3 -j ACCEPT
iptables -A FORWARD -d 10.0.3.0/24 -m state --state ESTABLISHED,RELATED
-j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p icmp -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port https -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port 5190 -j ACCEPT
iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o ppp0 -j MASQUERADE
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Sarlug] squid СРОЧНО
2008-03-26 9:27 [Sarlug] squid СРОЧНО linderoxxx
@ 2008-03-26 9:35 ` Aleksei Sinitsyn
0 siblings, 0 replies; 2+ messages in thread
From: Aleksei Sinitsyn @ 2008-03-26 9:35 UTC (permalink / raw)
To: Saratov Linux User Group Maillist
2008/3/26, linderoxxx <linderoxxx@mail.ru>:
> iptables -L
<skip>
Если "вчера" "все работало", и изменения были только в пересборке
сквида, то в изменениях и надо искать. Как выше сказано, проверить
расположение PID файла, сообщения при старте или в логах...
--
WBR, sinaps. http://saratov.lug.ru JID:sinaps@jabber.org
--
Все женщины знают, что ритм как солнце
А мы вокруг него как планеты.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-03-26 9:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-26 9:27 [Sarlug] squid СРОЧНО linderoxxx
2008-03-26 9:35 ` Aleksei Sinitsyn
Saratov Linux User Group
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sarlug/0 sarlug/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sarlug sarlug/ http://lore.altlinux.org/sarlug \
sarlug@lists.lug.ru sarlug@lug.ru
public-inbox-index sarlug
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sarlug
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git