forum.opennet.ru

Составление сообщения

Исходное сообщение

"IPFW отбрасывает пакеты для которых есть разрешающие правила"
Отправлено Isuaven, 10-Июн-12 22:04

> А ipfw show что показывает?
Показывает такое:
00010 1486 376555 allow ip from any to any via xl0
00020    8    760 allow ip from any to any via lo0
00030  508 168327 nat 1 ip from any to any in via bfe0
00040    0      0 check-state
00050    0      0 skipto 65000 tcp from any to any dst-port 53 out via bfe0 setup keep-state
00060   32   2447 skipto 65000 udp from any to any dst-port 53 out via bfe0 keep-state
00070  272  84666 skipto 65000 tcp from any to any dst-port 80 out via bfe0 setup keep-state
00080   44   9875 skipto 65000 tcp from any to any dst-port 443 out via bfe0 setup keep-state
00090    0      0 skipto 65000 tcp from any to any dst-port 25 out via bfe0 setup keep-state
00100    0      0 skipto 65000 tcp from any to any dst-port 110 out via bfe0 setup keep-state
00110    0      0 skipto 65000 tcp from me to any out via bfe0 setup uid root keep-state
00120    0      0 skipto 65000 icmp from any to any out via bfe0 keep-state
00130    0      0 skipto 65000 tcp from any to any dst-port 37 out via bfe0 setup keep-state
00140    0      0 skipto 65000 tcp from any to any dst-port 119 out via bfe0 setup keep-state
00150    0      0 skipto 65000 tcp from any to any dst-port 22 out via bfe0 setup keep-state
00160    0      0 skipto 65000 udp from any to any dst-port 123 out via bfe0 keep-state
00170    0      0 skipto 65000 tcp from any to any dst-port 43 out via bfe0 setup keep-state
00180   21   2352 skipto 65000 udp from any to any dst-port 27000-27030 out via bfe0 keep-state
00190    3    132 skipto 65000 tcp from any to any dst-port 27014-27050 out via bfe0 setup keep-state
00200    0      0 skipto 65000 tcp from any to any dst-port 5938 out via bfe0 setup keep-state
00210    2    248 skipto 65000 udp from any to any dst-port 5938 out via bfe0 keep-state
00220   15    930 skipto 65000 udp from any to any dst-port 7024,7022 out via bfe0 keep-state
00230    0      0 skipto 65000 tcp from any to any dst-port 61620 out via bfe0 setup keep-state
00260    0      0 deny ip from 192.168.0.0/16 to any in via bfe0
00270    0      0 deny ip from 172.16.0.0/12 to any in via bfe0
00280    0      0 deny ip from 10.0.0.0/8 to any in via bfe0
00290    0      0 deny ip from 127.0.0.0/8 to any in via bfe0
00300    0      0 deny ip from 0.0.0.0/8 to any in via bfe0
00310    0      0 deny ip from 169.254.0.0/16 to any in via bfe0
00320    0      0 deny ip from 192.0.2.0/24 to any in via bfe0
00330    0      0 deny ip from 204.152.64.0/23 to any in via bfe0
00340    0      0 deny ip from 224.0.0.0/3 to any in via bfe0
00350    0      0 deny icmp from any to any in via bfe0
00360    0      0 deny tcp from any to any dst-port 113 in via bfe0
00370    0      0 deny tcp from any to any dst-port 137 in via bfe0
00380    0      0 deny tcp from any to any dst-port 138 in via bfe0
00390    0      0 deny tcp from any to any dst-port 139 in via bfe0
00400    0      0 deny tcp from any to any dst-port 81 in via bfe0
00410    0      0 deny ip from any to any frag in via bfe0
00420    0      0 deny tcp from any to any established in via bfe0
00430    0      0 allow tcp from any to me dst-port 22 in via bfe0 setup limit src-addr 2
00440    0      0 allow tcp from any to me dst-port 21 in via bfe0 setup limit src-addr 2
00450    0      0 deny log logamount 100 ip from any to any in via bfe0
60000  272  37522 deny log logamount 10000 ip from any to any out via bfe0
64000    0      0 deny log logamount 100 ip from any to any
65000  389 100650 nat 1 ip from any to any out via bfe0
65010    0      0 allow ip from any to any
65535    3    304 allow ip from any to any
## Dynamic rules (84):
00070    3    662 (15s) STATE tcp 10.12.12.5 60985 <-> 178.33.227.102 80
00180    7    736 (3s) STATE udp 10.12.12.5 56491 <-> 146.66.152.15 27019

Исходное сообщение
"IPFW отбрасывает пакеты для которых есть разрешающие правила" Отправлено Isuaven, 10-Июн-12 22:04
> А ipfw show что показывает? Показывает такое: 00010 1486 376555 allow ip from any to any via xl0 00020 8 760 allow ip from any to any via lo0 00030 508 168327 nat 1 ip from any to any in via bfe0 00040 0 0 check-state 00050 0 0 skipto 65000 tcp from any to any dst-port 53 out via bfe0 setup keep-state 00060 32 2447 skipto 65000 udp from any to any dst-port 53 out via bfe0 keep-state 00070 272 84666 skipto 65000 tcp from any to any dst-port 80 out via bfe0 setup keep-state 00080 44 9875 skipto 65000 tcp from any to any dst-port 443 out via bfe0 setup keep-state 00090 0 0 skipto 65000 tcp from any to any dst-port 25 out via bfe0 setup keep-state 00100 0 0 skipto 65000 tcp from any to any dst-port 110 out via bfe0 setup keep-state 00110 0 0 skipto 65000 tcp from me to any out via bfe0 setup uid root keep-state 00120 0 0 skipto 65000 icmp from any to any out via bfe0 keep-state 00130 0 0 skipto 65000 tcp from any to any dst-port 37 out via bfe0 setup keep-state 00140 0 0 skipto 65000 tcp from any to any dst-port 119 out via bfe0 setup keep-state 00150 0 0 skipto 65000 tcp from any to any dst-port 22 out via bfe0 setup keep-state 00160 0 0 skipto 65000 udp from any to any dst-port 123 out via bfe0 keep-state 00170 0 0 skipto 65000 tcp from any to any dst-port 43 out via bfe0 setup keep-state 00180 21 2352 skipto 65000 udp from any to any dst-port 27000-27030 out via bfe0 keep-state 00190 3 132 skipto 65000 tcp from any to any dst-port 27014-27050 out via bfe0 setup keep-state 00200 0 0 skipto 65000 tcp from any to any dst-port 5938 out via bfe0 setup keep-state 00210 2 248 skipto 65000 udp from any to any dst-port 5938 out via bfe0 keep-state 00220 15 930 skipto 65000 udp from any to any dst-port 7024,7022 out via bfe0 keep-state 00230 0 0 skipto 65000 tcp from any to any dst-port 61620 out via bfe0 setup keep-state 00260 0 0 deny ip from 192.168.0.0/16 to any in via bfe0 00270 0 0 deny ip from 172.16.0.0/12 to any in via bfe0 00280 0 0 deny ip from 10.0.0.0/8 to any in via bfe0 00290 0 0 deny ip from 127.0.0.0/8 to any in via bfe0 00300 0 0 deny ip from 0.0.0.0/8 to any in via bfe0 00310 0 0 deny ip from 169.254.0.0/16 to any in via bfe0 00320 0 0 deny ip from 192.0.2.0/24 to any in via bfe0 00330 0 0 deny ip from 204.152.64.0/23 to any in via bfe0 00340 0 0 deny ip from 224.0.0.0/3 to any in via bfe0 00350 0 0 deny icmp from any to any in via bfe0 00360 0 0 deny tcp from any to any dst-port 113 in via bfe0 00370 0 0 deny tcp from any to any dst-port 137 in via bfe0 00380 0 0 deny tcp from any to any dst-port 138 in via bfe0 00390 0 0 deny tcp from any to any dst-port 139 in via bfe0 00400 0 0 deny tcp from any to any dst-port 81 in via bfe0 00410 0 0 deny ip from any to any frag in via bfe0 00420 0 0 deny tcp from any to any established in via bfe0 00430 0 0 allow tcp from any to me dst-port 22 in via bfe0 setup limit src-addr 2 00440 0 0 allow tcp from any to me dst-port 21 in via bfe0 setup limit src-addr 2 00450 0 0 deny log logamount 100 ip from any to any in via bfe0 60000 272 37522 deny log logamount 10000 ip from any to any out via bfe0 64000 0 0 deny log logamount 100 ip from any to any 65000 389 100650 nat 1 ip from any to any out via bfe0 65010 0 0 allow ip from any to any 65535 3 304 allow ip from any to any ## Dynamic rules (84): 00070 3 662 (15s) STATE tcp 10.12.12.5 60985 <-> 178.33.227.102 80 00180 7 736 (3s) STATE udp 10.12.12.5 56491 <-> 146.66.152.15 27019

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

>> А ipfw show что показывает?

> Показывает такое:

> 00010 1486 376555 allow ip from any to any via xl0 
> 00020    8    760 allow ip from 
> any to any via lo0 
> 00030  508 168327 nat 1 ip from any to any in 
> via bfe0 
> 00040    0      0 check-state 
 
> 00050    0      0 skipto 
> 65000 tcp from any to any dst-port 53 out via bfe0 
> setup keep-state 
> 00060   32   2447 skipto 65000 udp from any 
> to any dst-port 53 out via bfe0 keep-state 
> 00070  272  84666 skipto 65000 tcp from any to any 
> dst-port 80 out via bfe0 setup keep-state 
> 00080   44   9875 skipto 65000 tcp from any 
> to any dst-port 443 out via bfe0 setup keep-state 
> 00090    0      0 skipto 
> 65000 tcp from any to any dst-port 25 out via bfe0 
> setup keep-state 
> 00100    0      0 skipto 
> 65000 tcp from any to any dst-port 110 out via bfe0 
> setup keep-state 
> 00110    0      0 skipto 
> 65000 tcp from me to any out via bfe0 setup uid 
> root keep-state 
> 00120    0      0 skipto 
> 65000 icmp from any to any out via bfe0 keep-state 
> 00130    0      0 skipto 
> 65000 tcp from any to any dst-port 37 out via bfe0 
> setup keep-state 
> 00140    0      0 skipto 
> 65000 tcp from any to any dst-port 119 out via bfe0 
> setup keep-state 
> 00150    0      0 skipto 
> 65000 tcp from any to any dst-port 22 out via bfe0 
> setup keep-state 
> 00160    0      0 skipto 
> 65000 udp from any to any dst-port 123 out via bfe0 
> keep-state 
> 00170    0      0 skipto 
> 65000 tcp from any to any dst-port 43 out via bfe0 
> setup keep-state 
> 00180   21   2352 skipto 65000 udp from any 
> to any dst-port 27000-27030 out via bfe0 keep-state 
> 00190    3    132 skipto 65000 tcp 
> from any to any dst-port 27014-27050 out via bfe0 setup keep-state 
 
> 00200    0      0 skipto 
> 65000 tcp from any to any dst-port 5938 out via bfe0 
> setup keep-state 
> 00210    2    248 skipto 65000 udp 
> from any to any dst-port 5938 out via bfe0 keep-state 
> 00220   15    930 skipto 65000 udp from 
> any to any dst-port 7024,7022 out via bfe0 keep-state 
> 00230    0      0 skipto 
> 65000 tcp from any to any dst-port 61620 out via bfe0 
> setup keep-state 
> 00260    0      0 deny 
> ip from 192.168.0.0/16 to any in via bfe0 
> 00270    0      0 deny 
> ip from 172.16.0.0/12 to any in via bfe0 
> 00280    0      0 deny 
> ip from 10.0.0.0/8 to any in via bfe0 
> 00290    0      0 deny 
> ip from 127.0.0.0/8 to any in via bfe0 
> 00300    0      0 deny 
> ip from 0.0.0.0/8 to any in via bfe0 
> 00310    0      0 deny 
> ip from 169.254.0.0/16 to any in via bfe0 
> 00320    0      0 deny 
> ip from 192.0.2.0/24 to any in via bfe0 
> 00330    0      0 deny 
> ip from 204.152.64.0/23 to any in via bfe0 
> 00340    0      0 deny 
> ip from 224.0.0.0/3 to any in via bfe0 
> 00350    0      0 deny 
> icmp from any to any in via bfe0 
> 00360    0      0 deny 
> tcp from any to any dst-port 113 in via bfe0 
> 00370    0      0 deny 
> tcp from any to any dst-port 137 in via bfe0 
> 00380    0      0 deny 
> tcp from any to any dst-port 138 in via bfe0 
> 00390    0      0 deny 
> tcp from any to any dst-port 139 in via bfe0 
> 00400    0      0 deny 
> tcp from any to any dst-port 81 in via bfe0 
> 00410    0      0 deny 
> ip from any to any frag in via bfe0 
> 00420    0      0 deny 
> tcp from any to any established in via bfe0 
> 00430    0      0 allow 
> tcp from any to me dst-port 22 in via bfe0 setup 
> limit src-addr 2 
> 00440    0      0 allow 
> tcp from any to me dst-port 21 in via bfe0 setup 
> limit src-addr 2 
> 00450    0      0 deny 
> log logamount 100 ip from any to any in via bfe0 
 
> 60000  272  37522 deny log logamount 10000 ip from any 
> to any out via bfe0 
> 64000    0      0 deny 
> log logamount 100 ip from any to any 
> 65000  389 100650 nat 1 ip from any to any out 
> via bfe0 
> 65010    0      0 allow 
> ip from any to any 
> 65535    3    304 allow ip from 
> any to any 
> ## Dynamic rules (84): 
> 00070    3    662 (15s) STATE tcp 
> 10.12.12.5 60985 <-> 178.33.227.102 80 
> 00180    7    736 (3s) STATE udp 
> 10.12.12.5 56491 <-> 146.66.152.15 27019

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру