Перейти к содержанию

Проброс p2p трафика...


Maksys

Рекомендуемые сообщения

Здрасте братишки, подскажите пожалуйста...

Пытаюсь настроить проброс трафика, точнее разобраться почему не сатл работать.Ситуация такая сервер на opensuse. И комп перестал качать файлы хотя вроди бы все нормально...

Взял логи с iptables:

Apr 12 11:25:01 Binet kernel: SFW2-FWDext-DROP-DEFLT IN=eth1 OUT=eth0 SRC=10.1.110.23 DST=192.168.10.10 LEN=52 TOS=0x00 PREC=0x00 TTL=61 ID=10978 DF PROTO=T

CP SPT=1731 DPT=16002 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402)

по логике говорит что типа все заблокированно.. но почему??

вот логи от правил:

Chain INPUT (policy DROP)

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

input_ext all -- anywhere anywhere policy match dir in pol ipsec proto esp

input_int all -- anywhere anywhere

input_int all -- anywhere anywhere

input_ext all -- anywhere anywhere

input_ext all -- anywhere anywhere

input_ext all -- anywhere anywhere

LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '

DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)

target prot opt source destination

TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

forward_ext all -- anywhere anywhere policy match dir in pol ipsec proto esp

forward_ext all -- anywhere anywhere policy match dir out pol ipsec proto esp

forward_int all -- anywhere anywhere

forward_int all -- anywhere anywhere

forward_ext all -- anywhere anywhere

forward_ext all -- anywhere anywhere

forward_ext all -- anywhere anywhere

LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '

DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (5 references)

target prot opt source destination

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect

LOG all -- 192.168.10.0/24 10.0.0.0/8 limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-FORW '

ACCEPT all -- 192.168.10.0/24 10.0.0.0/8 state NEW,RELATED,ESTABLISHED

ACCEPT all -- 10.0.0.0/8 192.168.10.0/24 state RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '

DROP all -- anywhere anywhere PKTTYPE = multicast

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '

LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '

LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '

LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '

DROP all -- anywhere anywhere

Chain forward_int (2 references)

target prot opt source destination

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect

LOG all -- 192.168.10.0/24 10.0.0.0/8 limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-FORW '

ACCEPT all -- 192.168.10.0/24 10.0.0.0/8 state NEW,RELATED,ESTABLISHED

ACCEPT all -- 10.0.0.0/8 192.168.10.0/24 state RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '

DROP all -- anywhere anywhere PKTTYPE = multicast

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '

LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '

LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '

LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '

DROP all -- anywhere anywhere

Chain input_ext (4 references)

target prot opt source destination

DROP all -- anywhere anywhere PKTTYPE = broadcast

ACCEPT icmp -- anywhere anywhere icmp source-quench

ACCEPT icmp -- anywhere anywhere icmp echo-request

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '

ACCEPT tcp -- anywhere anywhere tcp dpt:ftp

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5801 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '

ACCEPT tcp -- anywhere anywhere tcp dpt:5801

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5901 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '

ACCEPT tcp -- anywhere anywhere tcp dpt:5901

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '

ACCEPT tcp -- anywhere anywhere tcp dpt:http

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '

ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW

LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '

DROP all -- anywhere anywhere PKTTYPE = multicast

LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '

LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '

LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '

LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '

DROP all -- anywhere anywhere

Chain input_int (2 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere

Chain reject_func (1 references)

target prot opt source destination

REJECT tcp -- anywhere anywhere reject-with tcp-reset

REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable

REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable

Ничего не понял... может тут что нить блокирует трафик?

вот логи с таблицы nat:

Chain PREROUTING (policy ACCEPT)

target prot opt source destination

DNAT tcp -- 10.0.0.0/8 anywhere tcp dpt:16002 to:192.168.10.10

DNAT udp -- 10.0.0.0/8 anywhere udp dpt:16002 to:192.168.10.10

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

MASQUERADE all -- anywhere anywhere

MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Помогите разобраться... пожалуйста.

Ссылка на комментарий
Поделиться на другие сайты

Присоединяйтесь к обсуждению

Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.

Гость
Ответить в этой теме...

×   Вставлено с форматированием.   Вставить как обычный текст

  Разрешено использовать не более 75 эмодзи.

×   Ваша ссылка была автоматически встроена.   Отображать как обычную ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставлять изображения напрямую. Загружайте или вставляйте изображения по ссылке.

Загрузка...
×
×
  • Создать...