Re: [lmn] Langsamer CoovaChilli

Mathias Rettich Wed, 23 Dec 2015 14:44:58 -0800

Hallo Jonny,

am besten schaust du dir das ganze mittels iptables-save an.
das zeigt dann auch verwertbares :)

hab ich gemacht. Leider werde ich daraus nicht schlau...
Vielleicht siehst du da was.


Gruß,

Mathias

# Generated by iptables-save v1.4.12 on Wed Dec 23 23:32:47 2015
*nat
:PREROUTING ACCEPT [466:40857]
:INPUT ACCEPT [82:4920]
:OUTPUT ACCEPT [251:16014]
:POSTROUTING ACCEPT [141:9354]
-A PREROUTING -s 192.168.0.0/16 ! -d 192.168.0.1/32 -i tun0 -p tcp -m tcp 
--dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Dec 23 23:32:47 2015
# Generated by iptables-save v1.4.12 on Wed Dec 23 23:32:47 2015
*mangle
:PREROUTING ACCEPT [5318:1542971]
:INPUT ACCEPT [3495:1263977]
:FORWARD ACCEPT [411:90805]
:OUTPUT ACCEPT [3450:1465118]
:POSTROUTING ACCEPT [3861:1555923]
-A PREROUTING -s 192.168.0.0/16 -d 192.168.0.1/32 -p tcp -m tcp --dport 8080 -j 
DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Dec 23 23:32:47 2015
# Generated by iptables-save v1.4.12 on Wed Dec 23 23:32:47 2015
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3450:1465118]
-A INPUT -i eth1 -j DROP
-A INPUT -d 192.168.0.1/32 -i tun0 -p icmp -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j 
ACCEPT
-A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -j DROP
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3990 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i tun0 ! -o eth0 -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -o eth1 -j DROP
-A FORWARD -i eth1 -j DROP
-A FORWARD -i eth1 -j DROP
-A FORWARD -o eth1 -j DROP
COMMIT
# Completed on Wed Dec 23 23:32:47 2015

# Generated by iptables-save v1.4.12 on Wed Dec 23 23:31:58 2015
*nat
:PREROUTING ACCEPT [109:17056]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [26:1644]
:POSTROUTING ACCEPT [22:1366]
-A PREROUTING -s 192.168.0.0/16 ! -d 192.168.0.1/32 -i tun0 -p tcp -m tcp 
--dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Dec 23 23:31:58 2015
# Generated by iptables-save v1.4.12 on Wed Dec 23 23:31:58 2015
*mangle
:PREROUTING ACCEPT [1279:99633]
:INPUT ACCEPT [1238:93936]
:FORWARD ACCEPT [4:354]
:OUTPUT ACCEPT [1350:317745]
:POSTROUTING ACCEPT [1354:318099]
-A PREROUTING -s 192.168.0.0/16 -d 192.168.0.1/32 -p tcp -m tcp --dport 8080 -j 
DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Dec 23 23:31:58 2015
# Generated by iptables-save v1.4.12 on Wed Dec 23 23:31:58 2015
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1350:317745]
-A INPUT -i eth1 -j DROP
-A INPUT -d 192.168.0.1/32 -i tun0 -p icmp -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j 
ACCEPT
-A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -j DROP
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3990 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i tun0 ! -o eth0 -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -o eth1 -j DROP
-A FORWARD -i eth1 -j DROP
-A FORWARD -i eth1 -j DROP
-A FORWARD -o eth1 -j DROP
COMMIT
# Completed on Wed Dec 23 23:31:58 2015

# Generated by iptables-save v1.4.12 on Wed Dec 23 23:27:22 2015
*nat
:PREROUTING ACCEPT [53:8155]
:INPUT ACCEPT [1:60]
:OUTPUT ACCEPT [11:714]
:POSTROUTING ACCEPT [7:436]
-A PREROUTING -s 192.168.0.0/16 ! -d 192.168.0.1/32 -i tun0 -p tcp -m tcp 
--dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Dec 23 23:27:22 2015
# Generated by iptables-save v1.4.12 on Wed Dec 23 23:27:22 2015
*mangle
:PREROUTING ACCEPT [324:27642]
:INPUT ACCEPT [324:27642]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [327:54969]
:POSTROUTING ACCEPT [327:54969]
-A PREROUTING -s 192.168.0.0/16 -d 192.168.0.1/32 -p tcp -m tcp --dport 8080 -j 
DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Dec 23 23:27:22 2015
# Generated by iptables-save v1.4.12 on Wed Dec 23 23:27:22 2015
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [327:54969]
-A INPUT -i eth1 -j DROP
-A INPUT -d 192.168.0.1/32 -i tun0 -p icmp -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -d 192.168.0.1/32 -i tun0 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j 
ACCEPT
-A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -j DROP
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3990 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i tun0 ! -o eth0 -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -o eth1 -j DROP
-A FORWARD -i eth1 -j DROP
-A FORWARD -i eth1 -j DROP
-A FORWARD -o eth1 -j DROP
COMMIT
# Completed on Wed Dec 23 23:27:22 2015

_______________________________________________
linuxmuster-user mailing list
[email protected]
https://mail.lehrerpost.de/mailman/listinfo/linuxmuster-user

Re: [lmn] Langsamer CoovaChilli

Antwort per Email an