OpenForum RSS: iptables ��

iptables �� (Andrey Mitrofanov)

Mon, 19 Jul 2010 07:47:13 GMT

>*> � ESTABLISHED �� FORWARD � ��
>� �� , � �� ...

�� _�� , �� "��" �� , � ��, �� "��" _��. "�� ESTABLISHED" � "�� FORWARD" �� :

-A FORWARD -d 10.1.1.2 -j in_prtfwd
-A in_prtfwd -j in_prtfwd_eserver_s1
-A in_prtfwd -m state --state RELATED -j ACCEPT
-A in_prtfwd_eserver_s1 -p tcp --dport 4662 -m state --state NEW,ESTABLISHED -j ACCEPT

-A FORWARD -s 10.1.1.2 -j out_prtfwd
-A out_prtfwd -j out_prtfwd_eserver_s1
-A out_prtfwd -m state --state RELATED -j ACCEPT
-A out_prtfwd_eserver_s1 -p tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT

�� _�� . �� "��" ��-�� NEW,ESTABLISHED vs ESTABLISHED (� ��, �� ݣ � RELATED...)? ��, ��ݣ�� , �� : http://www.opennet.ru/openforum/vsluhforumID1/82167.html#2

...� ��, ��

iptables �� (reader)

Thu, 15 Jul 2010 13:50:40 GMT

>[�� ]
>>0
>>parport
>> 44621 2 parport_pc,lp
>>
>>�� ݣ ��, � �� ?
>>
>>�� ?
>
>��-��, �� POSTROUTING ... SNAT �� , �.�. DNAT ��
>�� . �� ?

��

iptables �� (nucleo)

Thu, 15 Jul 2010 11:57:19 GMT

>[�� ]
> 29569 0
>lp
> 15345
>0
>parport
> 44621 2 parport_pc,lp
>
>�� ݣ ��, � �� ?
>
>�� ?

��-��, �� POSTROUTING ... SNAT �� , �.�. DNAT �� . �� ?

iptables �� (reader)

Thu, 15 Jul 2010 07:54:44 GMT

>[�� ]
>>�� iptables-save
>
>iptables-save
># Generated by iptables-save v1.2.11 on Thu Jul 15 10:40:43 2010
>*filter
>:INPUT ACCEPT [133889756:33103591113]
>:FORWARD ACCEPT [0:0]
>:OUTPUT ACCEPT [133706573:84002194515]
>-A FORWARD -d 192.168.2.1 -p tcp -m tcp --dport 443 -m state
>--state NEW -j ACCEPT

��

>[�� ]
># Completed on Thu Jul 15 10:40:43 2010
># Generated by iptables-save v1.2.11 on Thu Jul 15 10:40:43 2010
>*nat
>:PREROUTING ACCEPT [84008:8610341]
>:POSTROUTING ACCEPT [11107:690543]
>:OUTPUT ACCEPT [11076:688999]
>-A PREROUTING -d XXX.XXX.XXX.XXX -i eth1 -p tcp -m tcp --dport 443
>-j DNAT --to-destination 192.168.2.1:443
>-A POSTROUTING -s 192.168.2.1 -o eth1 -p tcp -m tcp --dport 443
>-j SNAT --to-source XXX.XXX.XXX.XXX

-A POSTROUTING -s 192.168.2.1 -o eth1 -p tcp -m tcp --sport 443
-j SNAT --to-source XXX.XXX.XXX.XXX

�� eth1, � ��

iptables �� (mg)

Thu, 15 Jul 2010 07:43:29 GMT

>[�� ]
>>>> 44621 2 parport_pc,lp
>>>>
>>>>�� ݣ ��, � �� ?
>>>>
>>>>�� ?
>>
>>� �� , � ��
>>�� ...
>
>�� iptables-save

iptables-save
# Generated by iptables-save v1.2.11 on Thu Jul 15 10:40:43 2010
*filter
:INPUT ACCEPT [133889756:33103591113]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [133706573:84002194515]
-A FORWARD -d 192.168.2.1 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
COMMIT
# Completed on Thu Jul 15 10:40:43 2010
# Generated by iptables-save v1.2.11 on Thu Jul 15 10:40:43 2010
*nat
:PREROUTING ACCEPT [84008:8610341]
:POSTROUTING ACCEPT [11107:690543]
:OUTPUT ACCEPT [11076:688999]
-A PREROUTING -d XXX.XXX.XXX.XXX -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.2.1:443
-A POSTROUTING -s 192.168.2.1 -o eth1 -p tcp -m tcp --dport 443 -j SNAT --to-source XXX.XXX.XXX.XXX
COMMIT
# Comp

iptables �� (�� )

Thu, 15 Jul 2010 04:41:09 GMT

>�� tcpdump � �� ?

��. "� ��", ��. ��

iptables �� (�� )

Thu, 15 Jul 2010 04:40:15 GMT

�� tcpdump � �� ?

iptables �� (reader)

Wed, 14 Jul 2010 19:14:32 GMT

>[�� ]
>>>0
>>>parport
>>> 44621 2 parport_pc,lp
>>>
>>>�� ݣ ��, � �� ?
>>>
>>>�� ?
>
>� �� , � ��
>�� ...

�� iptables-save

iptables �� (mg)

Wed, 14 Jul 2010 19:03:49 GMT

>[�� ]
>> 29569 0
>>lp
>> 15345
>>0
>>parport
>> 44621 2 parport_pc,lp
>>
>>�� ݣ ��, � �� ?
>>
>>�� ?

� �� , � �� ...

OpenForum RSS: iptables ����������� �����

iptables ����������� ����� (Andrey Mitrofanov)

iptables ����������� ����� (reader)

iptables ����������� ����� (nucleo)

iptables ����������� ����� (reader)

iptables ����������� ����� (mg)

iptables ����������� ����� (���� �����)

iptables ����������� ����� (���� �����)

iptables ����������� ����� (reader)

iptables ����������� ����� (mg)

OpenForum RSS: iptables ��

iptables �� (Andrey Mitrofanov)

iptables �� (reader)

iptables �� (nucleo)

iptables �� (reader)

iptables �� (mg)

iptables �� (�� )

iptables �� (�� )

iptables �� (reader)

iptables �� (mg)