From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.5 Message-ID: <4B59A916.70608@tversu.ru> Date: Fri, 22 Jan 2010 16:33:10 +0300 From: Mike Grozak User-Agent: Thunderbird 2.0.0.21 (X11/20090323) MIME-Version: 1.0 To: ALT Linux sysadmins' discussion References: <4B59A61D.8060103@tversu.ru> In-Reply-To: Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0278], KAS30/Release X-SpamTest-Info: Not protected Subject: Re: [Sysadmins] =?koi8-r?b?UFBUUGQg1yDLz87UxcrOxdLF?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux sysadmins' discussion List-Id: ALT Linux sysadmins' discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 13:33:32 -0000 Archived-At: List-Archive: Руслан Писарев wrote: > быть может iptables перемудрил? >> Такое ощущение, что я не понимаю/упускаю из вида >> какой-то мелочи! Прошу направить ход моих мыслей. :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [180701:7759288] :ALT-Firewall-1-INPUT - [0:0] -A INPUT -j ALT-Firewall-1-INPUT -A FORWARD -j ALT-Firewall-1-INPUT -A ALT-Firewall-1-INPUT -i lo -j ACCEPT -A ALT-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A ALT-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A ALT-Firewall-1-INPUT -s 10.10.0.0/24 -j ACCEPT -A ALT-Firewall-1-INPUT -d 10.10.0.0/24 -j ACCEPT Трафик из FORWARD завёрнут в цепочку ALT-Firewall-1-INPUT и в ней "с" и "на" 10.10.0.0/24 он разрешён. Ни натов, ничего нет. --- WBR, Mike Grozak, TvSU IC Dep