From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_PASS autolearn=ham version=3.2.5 Message-ID: <49246D59.9070802@rambler.ru> Date: Wed, 19 Nov 2008 22:47:37 +0300 From: "Kharitonov A. Dmitry" User-Agent: Thunderbird 2.0.0.17 (X11/20080929) MIME-Version: 1.0 To: Sysadmins@lists.altlinux.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: [Sysadmins] =?utf-8?b?aXB0YWJsZXMg0LggZnRwIC0tLSDRhNC40YfQsCA=?= =?utf-8?b?0LjQu9C4INCx0LDQsz8=?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.10b3 Precedence: list Reply-To: ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2008 19:46:51 -0000 Archived-At: List-Archive: [user@SERVER ~]$ sudo lsmod | egrep "ftp|ipt" ipt_MASQUERADE 7808 1 ipt_REJECT 9472 705 iptable_mangle 7040 0 iptable_nat 11652 1 iptable_filter 7168 1 ip_tables 17604 3 iptable_mangle,iptable_nat,iptable_filter ipt_REDIRECT 6272 0 ipt_LOG 10496 0 x_tables 18180 8 xt_state,xt_tcpudp,ipt_MASQUERADE,ipt_REJECT,iptable_nat,ip_tables,ipt_REDIRECT,ipt_LOG ip_nat_ftp 7680 0 ip_nat 22060 4 ipt_MASQUERADE,iptable_nat,ipt_REDIRECT,ip_nat_ftp ip_conntrack_ftp 12016 1 ip_nat_ftp ip_conntrack 56800 6 xt_state,ipt_MASQUERADE,iptable_nat,ip_nat_ftp,ip_nat,ip_conntrack_ftp делаю -A INPUT -i wan -p tcp -m tcp --sport 20 ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i wan -p tcp -m tcp --sport 21 ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o wan -p tcp -m tcp --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o wan -p tcp -m tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT запускаю firefox ERROR The requested URL could not be retrieved An FTP protocol error occurred while trying to retrieve the URL: ftp://ftp.altlinux.org/pub/distributions/ Squid sent the following FTP command:* *NLST **and then received this reply* *Use PORT or PASV first. Your cache administrator is webmaster . Generated Wed, 19 Nov 2008 23:35:09 GMT by server.dimahost (squid/2.6.STABLE13) делаю -A INPUT -i wan -p tcp -m tcp --sport 20 ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i wan -p tcp -m tcp --sport 21 ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i wan -p tcp -m tcp --sport 1024:65535 ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o wan -p tcp -m tcp --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o wan -p tcp -m tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o wan -p tcp -m tcp --dport 1024:65535 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT запускаю firefox Всё нормально. Я, так понимаю, не работают ip_nat_ftp 7680 0 ip_conntrack_ftp 12016 1 ip_nat_ftp Кто мне разъеснит: это фича или баг?