Maksys Опубликовано 12 апреля, 2008 Жалоба Опубликовано 12 апреля, 2008 Здрасте братишки, подскажите пожалуйста... Пытаюсь настроить проброс трафика, точнее разобраться почему не сатл работать.Ситуация такая сервер на opensuse. И комп перестал качать файлы хотя вроди бы все нормально... Взял логи с iptables: Apr 12 11:25:01 Binet kernel: SFW2-FWDext-DROP-DEFLT IN=eth1 OUT=eth0 SRC=10.1.110.23 DST=192.168.10.10 LEN=52 TOS=0x00 PREC=0x00 TTL=61 ID=10978 DF PROTO=T CP SPT=1731 DPT=16002 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) по логике говорит что типа все заблокированно.. но почему?? вот логи от правил: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED input_ext all -- anywhere anywhere policy match dir in pol ipsec proto esp input_int all -- anywhere anywhere input_int all -- anywhere anywhere input_ext all -- anywhere anywhere input_ext all -- anywhere anywhere input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU forward_ext all -- anywhere anywhere policy match dir in pol ipsec proto esp forward_ext all -- anywhere anywhere policy match dir out pol ipsec proto esp forward_int all -- anywhere anywhere forward_int all -- anywhere anywhere forward_ext all -- anywhere anywhere forward_ext all -- anywhere anywhere forward_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' Chain forward_ext (5 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG all -- 192.168.10.0/24 10.0.0.0/8 limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDext-ACC-FORW ' ACCEPT all -- 192.168.10.0/24 10.0.0.0/8 state NEW,RELATED,ESTABLISHED ACCEPT all -- 10.0.0.0/8 192.168.10.0/24 state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' DROP all -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain forward_int (2 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG all -- 192.168.10.0/24 10.0.0.0/8 limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-FWDint-ACC-FORW ' ACCEPT all -- 192.168.10.0/24 10.0.0.0/8 state NEW,RELATED,ESTABLISHED ACCEPT all -- 10.0.0.0/8 192.168.10.0/24 state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' DROP all -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain input_ext (4 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ftp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5801 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:5801 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5901 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:5901 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:http LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' DROP all -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain input_int (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain reject_func (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable Ничего не понял... может тут что нить блокирует трафик? вот логи с таблицы nat: Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- 10.0.0.0/8 anywhere tcp dpt:16002 to:192.168.10.10 DNAT udp -- 10.0.0.0/8 anywhere udp dpt:16002 to:192.168.10.10 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Помогите разобраться... пожалуйста. Цитата
Maksys Опубликовано 13 апреля, 2008 Автор Жалоба Опубликовано 13 апреля, 2008 http://ru.opensuse.org/BitTorrent_%D0%B8_openSUSE#BitTorrent _.D0.B8_SuSEfirewall2 Нашел ответ... Цитата
Legalizer Опубликовано 13 апреля, 2008 Жалоба Опубликовано 13 апреля, 2008 Да, это хороший сайт Цитата
Рекомендуемые сообщения
Присоединяйтесь к обсуждению
Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.