lug-bg: =?koi8-r?B?UkU6IGx1Zy1iZzogZXRoLdTBySDe1cTF08nJ?=

Boyan Krosnov Mon, 31 Mar 2003 06:51:56 -0800

> 192.168.0.3 e windows-ka машина и gw и е 192.168.0.1
ok


> а иначе
> # iptables -L -t nat -nvx
> Chain PREROUTING (policy ACCEPT 351 packets, 27382 bytes)
>     pkts      bytes target     prot opt in     out     source 
>               destination
> 
> Chain POSTROUTING (policy ACCEPT 36 packets, 3024 bytes)
>     pkts      bytes target     prot opt in     out     source 
>               destination
>       87     6101 MASQUERADE  all  --  *      eth0    
> 0.0.0.0/0            0.0.0.0/0

tova izglejda dobre

> 
> Chain OUTPUT (policy ACCEPT 41 packets, 3403 bytes)
>     pkts      bytes target     prot opt in     out     source 
>               destination
>        7      520 ACCEPT     all  --  *      *       
> 62.176.85.190        0.0.0.0/0
>        0        0 ACCEPT     all  --  *      *       
> 62.176.85.190        0.0.0.0/0

tova pravi tochno nishto, sys ili bez nego, vse taq

> #
> 
> # iptables -L -nvx
> Chain INPUT (policy ACCEPT 1739 packets, 144245 bytes)
>     pkts      bytes target     prot opt in     out     source 
>               destination
>        0        0 ACCEPT     all  --  *      *       
> 192.168.0.1          62.176.85.190
>        0        0 ACCEPT     all  --  *      *       
> 192.168.2.1          62.176.85.190

tochnoto znachenie na tova ne mi e osobenno qsno, mojesh li da mi go razqsnish?

> 
> Chain FORWARD (policy ACCEPT 558 packets, 71144 bytes)
>     pkts      bytes target     prot opt in     out     source 
>               destination
>       78     4540 ACCEPT     all  --  eth0   eth1    
> 0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED

statefull firewall, ok

>      628    44391 ACCEPT     all  --  eth1   eth0    
> 0.0.0.0/0            0.0.0.0/0
ACCEPT na obratnata posoka, ok

>      558    71144 LOG        all  --  *      *       
> 0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4

Log na vsichko koeto se opitva da ni premine bez da e v pravilnata posoka ili da e 
prieto ot statefull firewall-a, ok

>        0        0 ACCEPT     all  --  *      *       
> 192.168.0.1          62.176.85.190

tochnata prichina za tova e dosta mytna

>        0        0 ACCEPT     all  --  *      *       
> 192.168.2.1          62.176.85.190

za tova syshto!

> 
> Chain OUTPUT (policy ACCEPT 1600 packets, 284592 bytes)
>     pkts      bytes target     prot opt in     out     source 
>               destination
> #

Ta ima chetiri malko izlishni reda ot chainovete. Inache konfiguraciqta izglejda 
dostatychna za da raboti.

Ostava samo da razberesh kakvo tochno ne srabotva
Windowskoto pc li ne si prashta paketite na pravilnata mashina
Razmeneni sa ti interfeisite?
Providera ti te e hvanal che pravish nat i e otfiltriral paketi sys source port >32000
i izobshto mnogo razlichni mesta kydeto moje neshto da e narochno ili sluchajno 
schupeno.

Otnovo iskam da te podkanq da izpolzvash instrumenti za nabljudenie na nisko nivo za 
da vidish kakvo tochno se sluchva, preminavat li prez teb paketite s pravilnite mac 
adresi li sa, translirat li se, vryshtat li se otgovori ot providera ti i t.n. i t.n.

BR,
Boyan
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

lug-bg: =?koi8-r?B?UkU6IGx1Zy1iZzogZXRoLdTBySDe1cTF08nJ?=

Reply via email to