Salutări, Am o problemă foarte ciudată cu calculatorul fratelui meu. Anumite situri merg fără problemă:
,----[ wget www.google.com ] | --2010-01-05 22:18:18-- http://www.google.com/ | Resolving www.google.com... 74.125.87.103, 74.125.87.99, 74.125.87.105, ... | Connecting to www.google.com|74.125.87.103|:80... connected. | HTTP request sent, awaiting response... 302 Found | Location: http://www.google.ro/ [following] | --2010-01-05 22:18:18-- http://www.google.ro/ | Resolving www.google.ro... 74.125.87.103, 74.125.87.99, 74.125.87.105, ... | Reusing existing connection to www.google.com:80. | HTTP request sent, awaiting response... 200 OK | Length: unspecified [text/html] | Saving to: “index.html.3” | | [ <=> ] 6,618 --.-K/s in 0.001s | | 2010-01-05 22:18:18 (10.7 MB/s) - “index.html.3” saved [6618] `---- dar altele: ,----[ wget www.livecdlist.com ] | --2010-01-05 22:19:37-- http://www.livecdlist.com/ | Resolving www.livecdlist.com... 74.81.93.114 | Connecting to www.livecdlist.com|74.81.93.114|:80... connected. | HTTP request sent, awaiting response... `---- și stă așa la nesfârșit. mtr în schimb nu dă nici o eroare: ,----[ mtr www.livecdlist.com ] | My traceroute [v0.75] | terra (0.0.0.0) Tue Jan 5 22:30:58 2010 | Keys: Help Display mode Restart statistics Order of fields quit | Packets Pings | Host Loss% Snt Last Avg Best Wrst StDev | 1. 192.168.0.1 0.0% 5 0.2 0.2 0.2 0.3 0.1 | 2. 10.0.0.1 0.0% 5 1.5 1.2 0.6 2.1 0.6 | 3. 10.128.4.97 0.0% 5 4.5 3.4 2.0 4.5 1.1 | 4. cr01.timisoara.rdsnet.ro 0.0% 5 5.8 4.7 3.9 5.8 0.7 | 5. br01.budapesta.rdsnet.ro 0.0% 5 10.1 10.1 8.5 10.8 1.0 | 6. 204.245.38.5 0.0% 5 26.1 65.4 24.3 163.2 61.0 | 7. as3549.xe-5-1-0.cr1.dfw1.us.nlay 0.0% 4 149.7 158.4 149.0 184.9 17.6 | 8. po3-30g.ar1.dfw1.us.nlayer.net 0.0% 4 149.4 149.3 148.3 150.7 1.0 | 9. as27413.te5-1-105.ar1.dfw1.us.nl 0.0% 4 156.7 158.4 156.7 159.6 1.2 | 10. dal-l3-1.gnax.net 0.0% 4 156.3 157.9 156.3 159.7 1.7 | 11. quadfrozen.com 0.0% 4 159.5 158.1 157.2 159.5 1.2 `---- Pe același sistem mai este instalat Win7 și am încercat și un CD live Debian stable/lenny, dar toate au aceiași problemă. Până de curând sistemul era legat direct la internet pe o conexiune RDS PPPoE și nu a avut nici o problemă. Acum este configurat: ,----[ /etc/network/interfaces ] | iface eth0 inet static | address 192.168.0.7 | netmask 255.255.255.0 | gateway 192.168.0.1 | #dns-nameservers 192.168.0.1 | dns-nameservers 213.154.124.1 193.231.252.1 `---- Gateway este acum un Debian stable/lenny proaspăt instalat, legat prin PPPoE la aceiași conexiune pe eth0 și pe eth1 legat la client: ,----[ /etc/network/interfaces ] | # PPPoE connection | auto provider | iface provider inet ppp | pre-up /sbin/ifconfig eth0 up | provider provider | | # rețeaua internă | auto eth1 | iface eth1 inet static | address 192.168.77.1 | netmask 255.255.255.0 `---- ,----[ grep -v ^# /etc/ppp/peers/provider ] | user "tmXXXXX" | | plugin rp-pppoe.so | eth0 | | noipdefault | usepeerdns | defaultroute | | hide-password | | lcp-echo-interval 20 | lcp-echo-failure 3 | | persist | | noauth | | noaccomp | default-asyncmap | | nopcomp | noccp | novj `---- Firewall și ip forwarding este făcut cu shorewall, pe baza exemplului cu 2 interfețe (iptables -L atașat). Până acum am încercat: - 'mtu 1454' în 'provider' pe gateway - dezactivare ipv6 pe ambele sisteme - am încercat să reproduc problema la mine acasă, cu un sistem lenny și un Debian sid (deși eu sunt legat la RTC prin VDSL), dar fără "succes" Pe gateway am instalat și tshark, dar nu știu la ce să mă uit și nici cum să filtrez "zgomotul" de pe ppp0. Scuze că a ieșit așa lung și mulțumesc pentru orice sugestie, Andrei -- http://yetanotherpersonal.blogspot.com/2009/09/neticheta-in-vremurile-noastre.html
Chain INPUT (policy DROP)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2fw all -- anywhere anywhere
loc2fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere [goto]
Chain FORWARD (policy DROP)
target prot opt source destination
dynamic all -- anywhere anywhere state INVALID,NEW
net2loc all -- anywhere anywhere
loc2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info
prefix `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere [goto]
Chain OUTPUT (policy DROP)
target prot opt source destination
fw2net all -- anywhere anywhere
fw2loc all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain Drop (2 references)
target prot opt source destination
all -- anywhere anywhere
reject tcp -- anywhere anywhere tcp dpt:auth /*
Auth */
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp
fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
/* Needed ICMP types */
dropInvalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports
loc-srv,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn /* SMB */
DROP udp -- anywhere anywhere udp spt:netbios-ns
dpts:1024:65535 /* SMB */
DROP tcp -- anywhere anywhere multiport dports
loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:1900 /*
UPnP */
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain /*
Late DNS Replies */
Chain Reject (2 references)
target prot opt source destination
all -- anywhere anywhere
reject tcp -- anywhere anywhere tcp dpt:auth /*
Auth */
dropBcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp
fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
/* Needed ICMP types */
dropInvalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports
loc-srv,microsoft-ds /* SMB */
reject udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn /* SMB */
reject udp -- anywhere anywhere udp spt:netbios-ns
dpts:1024:65535 /* SMB */
reject tcp -- anywhere anywhere multiport dports
loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:1900 /*
UPnP */
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain /*
Late DNS Replies */
Chain dropBcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match
dst-type BROADCAST
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
Chain dropInvalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp
flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (2 references)
target prot opt source destination
Chain fw2loc (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain loc2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level info
prefix `Shorewall:loc2fw:ACCEPT:'
ACCEPT all -- anywhere anywhere
Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level info
prefix `Shorewall:loc2net:ACCEPT:'
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ctorigdstport 50007
Drop all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain net2loc (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.77.7 tcp dpt:ssh
ctorigdstport 57001
Drop all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain reject (9 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match
src-type BROADCAST
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with
tcp-reset
REJECT udp -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with
icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
RETURN all -- default anywhere
LOG all -- anywhere anywhere ADDRTYPE match
src-type BROADCAST LOG level info prefix `Shorewall:smurfs:DROP:'
DROP all -- anywhere anywhere ADDRTYPE match
src-type BROADCAST
LOG all -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level
info prefix `Shorewall:smurfs:DROP:'
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
signature.asc
Description: Digital signature
_______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
