Исходное сообщение
"Настройки iptables или squid?" Отправлено sdi, 16-Апр-13 05:33
Здравствуйте! У меня следующая проблема. Есть сервер Ubuntu 12.04, squid3+sams2, сделаны настройки iptables. Все работает, пользователи выходят в инет через proxy, собирается статистика и т.п. Но как выяснилось, при попытке с любого рабочего места сделать ping до какого либо ресурса - пинга нет. nslookup так же не определяет имя. На рабочих местах шлюзом прописан прокси, DNS - полученные от провайдера. На прокси: eth0 - смотрит в инет и получает сетевые настройки по DHCP eth1 - смотрит в локалку 192.168.2.0 /24 и имеет ip 192.168.2.222 С самого proxy все пингуется и по имени и по ip Подскажите, как и где на proxy открыть пинги для клиентских компьютеров? Вот мои настройки iptables: #!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -t nat -F iptables -X iptables -A INPUT -i lo -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j REJECT iptables -A INPUT -p tcp -i eth0 -m tcp --dport 22 -j DROP iptables -A INPUT -p tcp -i eth0 -m tcp --dport 80 -j DROP iptables -A INPUT -p tcp -i eth0 -m tcp --dport 8080 -j DROP iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j DROP А вот конфиг squid3: #    WELCOME TO SQUID 3.1.19 #    ---------------------------- #     #  TAG: dns_testnames #    Remove this line. DNS is no longer tested on startup. #Default: # none # OPTIONS FOR AUTHENTICATION # ----------------------------------------------------------------------------- ## auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/sams2.ncsa auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours # Recommended minimum configuration: # #acl all src all acl Sams2Time1 time MTWHFAS 00:00-23:59 acl Sams2Template5 proxy_auth 8567pak_am acl Sams2Template5 proxy_auth 8567shakin_sa acl Sams2Template8 proxy_auth 8567sadykov_di acl Sams2Template11 proxy_auth dr_update acl Sams2Template11 proxy_auth win_update acl manager proto cache_object acl localhost src 127.0.0.1/32 #::1 acl to_localhost dst 127.0.0.0/8 #0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8    # RFC1918 possible internal network #acl localnet src 172.16.0.0/12    # RFC1918 possible internal network acl localnet src 192.168.2.0/24    # RFC1918 possible internal network #acl localnet src fc00::/7       # RFC 4193 local private network range #acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines acl ip_disable src "/etc/squid3/ip_disable" http_access deny ip_disable acl SSL_ports port 443        # https acl SSL_ports port 563        # snews acl SSL_ports port 873        # rsync acl Safe_ports port 80        # http acl Safe_ports port 21        # ftp acl Safe_ports port 443        # https acl Safe_ports port 70        # gopher acl Safe_ports port 210        # wais acl Safe_ports port 1025-65535    # unregistered ports acl Safe_ports port 280        # http-mgmt acl Safe_ports port 488        # gss-http acl Safe_ports port 591        # filemaker acl Safe_ports port 777        # multiling http acl Safe_ports port 631        # cups acl Safe_ports port 873        # rsync acl Safe_ports port 901        # SWAT acl Safe_ports port 87        # UDP acl CONNECT method CONNECT #  TAG: http_access #    Allowing or Denying access based on defined access lists # #    Access to the HTTP port: #    http_access allow|deny [!]aclname ... # #    NOTE on default values: # #    If there are no "access" lines present, the default is to deny #    the request. # #    If none of the "access" lines cause a match, the default is the #    opposite of the last line in the list.  If the last line was #    deny, the default is allow.  Conversely, if the last line #    is allow, the default will be deny.  For these reasons, it is a #    good idea to have an "deny all" entry at the end of your access #    lists to avoid potential confusion. # #    This clause supports both fast and slow acl types. #    See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. # #Default: # http_access deny all # # Setup Sams2 HTTP Access here http_access allow Sams2Template5 http_access allow Sams2Template8 http_access allow Sams2Template11 # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager #http_access allow purge localhost #http_access deny purge # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all #  TAG: icp_access #    Allowing or Denying access to the ICP port based on defined #    access lists # #    icp_access  allow|deny [!]aclname ... # #    See http_access for details # #    This clause only supports fast acl types. #    See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. # ## Allow ICP queries from local networks only ##icp_access allow localnet ##icp_access deny all #Default: icp_access allow localnet icp_access deny all # # Squid normally listens to port 3128 http_port 192.168.2.222:3128 #  TAG: hierarchy_stoplist #    A list of words which, if found in a URL, cause the object to #    be handled directly by this cache.  In other words, use this #    to not query neighbor caches for certain objects.  You may #    list this option multiple times. # #    Example: #        hierarchy_stoplist cgi-bin ? # #    Note: never_direct overrides this option. #Default: hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY #Default: cache_mem 64 MB #  TAG: maximum_object_size_in_memory    (bytes) #    Objects greater than this size will not be attempted to kept in #    the memory cache. This should be set high enough to keep objects #    accessed frequently in memory to improve performance whilst low #    enough to keep larger objects from hoarding cache_mem. #Default: maximum_object_size_in_memory 5000 KB #  TAG: memory_replacement_policy #    The memory replacement policy parameter determines which #    objects are purged from memory when memory space is needed. # #    See cache_replacement_policy for details. #Default: memory_replacement_policy lru #Default: cache_replacement_policy heap LRU # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /var/spool/squid3 4096 16 256 #  TAG: store_dir_select_algorithm #    Set this to 'round-robin' as an alternative. #Default: store_dir_select_algorithm least-load #Default: maximum_object_size 10240 KB #  TAG: cache_swap_low    (percent, 0-100) #Default: cache_swap_low 90 #  TAG: cache_swap_high    (percent, 0-100) # #    The low- and high-water marks for cache object replacement. #    Replacement begins when the swap (disk) usage is above the #    low-water mark and attempts to maintain utilization near the #    low-water mark.  As swap utilization gets close to high-water #    mark object eviction becomes more aggressive.  If utilization is #    close to the low-water mark less replacement is done each time. # #    Defaults are 90% and 95%. If you have a large cache, 5% could be #    hundreds of MB. If this is the case you may wish to set these #    numbers closer together. #Default: cache_swap_high 95 #Default: logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt #    Default: #        access_log /var/log/squid3/access.log squid #Default: access_log /var/log/squid3/access.log squid #    Example: #        cache_store_log /var/log/squid3/store.log #Default: cache_store_log /var/log/squid3/store.log #     zero, since it includes external logfile-rotation methods. #Default: logfile_rotate 0 #    A filename to write the process-id to.  To disable, enter "none". #Default: pid_filename /var/run/squid3.pid #  TAG: buffered_logs    on|off #    cache.log log file is written with stdio functions, and as such #    it can be buffered or unbuffered. By default it will be unbuffered. #    Buffering it can speed up the writing slightly (though you are #    unlikely to need to worry unless you run with tons of debugging #    enabled in which case performance will suffer badly anyway..). #Default: buffered_logs on #Default: cache_log /var/log/squid3/cache.log #Default: coredump_dir /var/spool/squid3 # # Leave coredumps in the first cache dir coredump_dir /var/spool/squid3 #Default: url_rewrite_program /usr/local/bin/samsredir #  TAG: url_rewrite_children #    The number of redirector processes to spawn. If you start #    too few Squid will have to wait for them to process a backlog of #    URLs, slowing it down. If you start too many they will use RAM #    and other system resources. #Default: url_rewrite_children 5 #Default: # none acl Sams2Proxy dst 192.168.2.222 url_rewrite_access deny Sams2Proxy #  TAG: url_rewrite_bypass #    When this is 'on', a request will not go through the #    redirector if all redirectors are busy.  If this is 'off' #    and the redirector queue grows too large, Squid will exit #    with a FATAL error and ask you to increase the number of #    redirectors.  You should only enable this if the redirectors #    are not critical to your caching system.  If you use #    redirectors for access control, and you enable this option, #    users may have access to pages they should not #    be allowed to request. #Default: # url_rewrite_bypass off # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp:        1440    20%    10080 refresh_pattern ^gopher:    1440    0%    1440 refresh_pattern -i (/cgi-bin/|\?) 0    0%    0 refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880 # example lin deb packages #refresh_pattern (\.deb|\.udeb)$   129600 100% 129600 refresh_pattern .        0    20%    4320 #Default: half_closed_clients off #Example: #ecap_service service_1 reqmod_precache 0 ecap://filters-R-us/leakDetector?on_error=block #ecap_service service_2 respmod_precache 1 icap://filters-R-us/virusFilter?config=/etc/vf.cfg #Default: # cache_dns_program /usr/lib/squid3/dnsserver #  TAG: dns_children # Note: This option is only available if Squid is rebuilt with the #       --disable-internal-dns option # #    The number of processes spawn to service DNS name lookups. #    For heavily loaded caches on large servers, you should #    probably increase this value to at least 10.  The maximum #    is 32.  The default is 5. # #    You must have at least one dnsserver process. #Default: # dns_children 5 #  TAG: dns_retransmit_interval #    Initial retransmit interval for DNS queries. The interval is #    doubled each time all configured DNS servers have been tried. # #Default: # dns_retransmit_interval 5 seconds #  TAG: dns_timeout #    DNS Query timeout. If no response is received to a DNS query #    within this time all DNS servers for the queried domain #    are assumed to be unavailable. #Default: # dns_timeout 2 minutes #  TAG: dns_defnames    on|off #    Normally the RES_DEFNAMES resolver option is disabled #    (see res_init(3)).  This prevents caches in a hierarchy #    from interpreting single-component hostnames locally.  To allow #    Squid to handle single-component names, enable this option. #Default: # dns_defnames off #  TAG: dns_nameservers #    Use this if you want to specify a list of DNS name servers #    (IP addresses) to use instead of those given in your #    /etc/resolv.conf file. #    On Windows platforms, if no value is specified here or in #    the /etc/resolv.conf file, the list of DNS name servers are #    taken from the Windows registry, both static and dynamic DHCP #    configurations are supported. # #    Example: dns_nameservers 10.0.0.1 192.172.0.4 #Default: #dns_nameservers 217.148.193.18 217.148.195.1 188.168.64.254 188.168.65.254 #Default: hosts_file /etc/hosts

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> Здравствуйте! > У меня следующая проблема. Есть сервер Ubuntu 12.04, squid3+sams2, сделаны настройки iptables. > Все работает, пользователи выходят в инет через proxy, собирается статистика и > т.п. > Но как выяснилось, при попытке с любого рабочего места сделать ping до > какого либо ресурса - пинга нет. nslookup так же не определяет > имя. На рабочих местах шлюзом прописан прокси, DNS - полученные от > провайдера. > На прокси: > eth0 - смотрит в инет и получает сетевые настройки по DHCP > eth1 - смотрит в локалку 192.168.2.0 /24 и имеет ip 192.168.2.222 > С самого proxy все пингуется и по имени и по ip > Подскажите, как и где на proxy открыть пинги для клиентских компьютеров? > Вот мои настройки iptables: > #!/bin/sh > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables -F > iptables -t nat -F > iptables -X > iptables -A INPUT -i lo -j ACCEPT > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth1 -j REJECT > iptables -A INPUT -p tcp -i eth0 -m tcp --dport 22 -j > DROP > iptables -A INPUT -p tcp -i eth0 -m tcp --dport 80 -j > DROP > iptables -A INPUT -p tcp -i eth0 -m tcp --dport 8080 -j > DROP > iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j DROP > А вот конфиг squid3: > # WELCOME TO SQUID 3.1.19 > # ---------------------------- > # > # TAG: dns_testnames > # Remove this line. DNS is no longer tested on startup. > #Default: > # none > # OPTIONS FOR AUTHENTICATION > # ----------------------------------------------------------------------------- > ## > auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/sams2.ncsa > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > # Recommended minimum configuration: > # > #acl all src all > acl Sams2Time1 time MTWHFAS 00:00-23:59 > acl Sams2Template5 proxy_auth 8567pak_am > acl Sams2Template5 proxy_auth 8567shakin_sa > acl Sams2Template8 proxy_auth 8567sadykov_di > acl Sams2Template11 proxy_auth dr_update > acl Sams2Template11 proxy_auth win_update > acl manager proto cache_object > acl localhost src 127.0.0.1/32 #::1 > acl to_localhost dst 127.0.0.0/8 #0.0.0.0/32 ::1 > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > acl localnet src 192.168.2.0/24 # RFC1918 possible internal network > #acl localnet src fc00::/7 # RFC > 4193 local private network range > #acl localnet src fe80::/10 # RFC 4291 > link-local (directly plugged) machines > acl ip_disable src "/etc/squid3/ip_disable" > http_access deny ip_disable > acl SSL_ports port 443 # https > acl SSL_ports port 563 # snews > acl SSL_ports port 873 # rsync > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 631 # cups > acl Safe_ports port 873 # rsync > acl Safe_ports port 901 # SWAT > acl Safe_ports port 87 # UDP > acl CONNECT method CONNECT > # TAG: http_access > # Allowing or Denying access based on defined access lists > # > # Access to the HTTP port: > # http_access allow|deny [!]aclname ... > # > # NOTE on default values: > # > # If there are no "access" lines present, the default is to > deny > # the request. > # > # If none of the "access" lines cause a match, the default > is the > # opposite of the last line in the list. If the > last line was > # deny, the default is allow. Conversely, if the last line > # is allow, the default will be deny. For these reasons, > it is a > # good idea to have an "deny all" entry at the end > of your access > # lists to avoid potential confusion. > # > # This clause supports both fast and slow acl types. > # See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. > # > #Default: > # http_access deny all > # > # Setup Sams2 HTTP Access here > http_access allow Sams2Template5 > http_access allow Sams2Template8 > http_access allow Sams2Template11 > # > # Recommended minimum Access Permission configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > #http_access allow purge localhost > #http_access deny purge > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP > networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > # And finally deny all other access to this proxy > http_access deny all > # TAG: icp_access > # Allowing or Denying access to the ICP port based on defined > # access lists > # > # icp_access allow|deny [!]aclname ... > # > # See http_access for details > # > # This clause only supports fast acl types. > # See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. > # > ## Allow ICP queries from local networks only > ##icp_access allow localnet > ##icp_access deny all > #Default: > icp_access allow localnet > icp_access deny all > # > # Squid normally listens to port 3128 > http_port 192.168.2.222:3128 > # TAG: hierarchy_stoplist > # A list of words which, if found in a URL, cause > the object to > # be handled directly by this cache. In other words, use > this > # to not query neighbor caches for certain objects. You may > # list this option multiple times. > # > # Example: > # hierarchy_stoplist cgi-bin ? > # > # Note: never_direct overrides this option. > #Default: > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > #Default: > cache_mem 64 MB > # TAG: maximum_object_size_in_memory (bytes) > # Objects greater than this size will not be attempted to kept > in > # the memory cache. This should be set high enough to keep > objects > # accessed frequently in memory to improve performance whilst low > # enough to keep larger objects from hoarding cache_mem. > #Default: > maximum_object_size_in_memory 5000 KB > # TAG: memory_replacement_policy > # The memory replacement policy parameter determines which > # objects are purged from memory when memory space is needed. > # > # See cache_replacement_policy for details. > #Default: > memory_replacement_policy lru > #Default: > cache_replacement_policy heap LRU > # Uncomment and adjust the following to add a disk cache directory. > cache_dir ufs /var/spool/squid3 4096 16 256 > # TAG: store_dir_select_algorithm > # Set this to 'round-robin' as an alternative. > #Default: > store_dir_select_algorithm least-load > #Default: > maximum_object_size 10240 KB > # TAG: cache_swap_low (percent, 0-100) > #Default: > cache_swap_low 90 > # TAG: cache_swap_high (percent, 0-100) > # > # The low- and high-water marks for cache object replacement. > # Replacement begins when the swap (disk) usage is above the > # low-water mark and attempts to maintain utilization near the > # low-water mark. As swap utilization gets close to high-water > # mark object eviction becomes more aggressive. If utilization is > # close to the low-water mark less replacement is done each time. > # > # Defaults are 90% and 95%. If you have a large cache, > 5% could be > # hundreds of MB. If this is the case you may wish > to set these > # numbers closer together. > #Default: > cache_swap_high 95 > #Default: > logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt > # Default: > # access_log /var/log/squid3/access.log squid > #Default: > access_log /var/log/squid3/access.log squid > # Example: > # cache_store_log /var/log/squid3/store.log > #Default: > cache_store_log /var/log/squid3/store.log > # zero, since it includes external logfile-rotation methods. > #Default: > logfile_rotate 0 > # A filename to write the process-id to. To disable, enter > "none". > #Default: > pid_filename /var/run/squid3.pid > # TAG: buffered_logs on|off > # cache.log log file is written with stdio functions, and as such > # it can be buffered or unbuffered. By default it will be > unbuffered. > # Buffering it can speed up the writing slightly (though you are > # unlikely to need to worry unless you run with tons of > debugging > # enabled in which case performance will suffer badly anyway..). > #Default: > buffered_logs on > #Default: > cache_log /var/log/squid3/cache.log > #Default: > coredump_dir /var/spool/squid3 > # > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid3 > #Default: > url_rewrite_program /usr/local/bin/samsredir > # TAG: url_rewrite_children > # The number of redirector processes to spawn. If you start > # too few Squid will have to wait for them to process > a backlog of > # URLs, slowing it down. If you start too many they will > use RAM > # and other system resources. > #Default: > url_rewrite_children 5 > #Default: > # none > acl Sams2Proxy dst 192.168.2.222 > url_rewrite_access deny Sams2Proxy > # TAG: url_rewrite_bypass > # When this is 'on', a request will not go through the > # redirector if all redirectors are busy. If this is 'off' > # and the redirector queue grows too large, Squid will exit > # with a FATAL error and ask you to increase the number > of > # redirectors. You should only enable this if the redirectors > # are not critical to your caching system. If you use > # redirectors for access control, and you enable this option, > # users may have access to pages they should not > # be allowed to request. > #Default: > # url_rewrite_bypass off > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern (Release|Packages(.gz)*)$ 0 > 20% 2880 > # example lin deb packages > #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 > refresh_pattern . 0 20% 4320 > #Default: > half_closed_clients off > #Example: > #ecap_service service_1 reqmod_precache 0 ecap://filters-R-us/leakDetector?on_error=block > #ecap_service service_2 respmod_precache 1 icap://filters-R-us/virusFilter?config=/etc/vf.cfg > #Default: > # cache_dns_program /usr/lib/squid3/dnsserver > # TAG: dns_children > # Note: This option is only available if Squid is rebuilt with > the > # --disable-internal-dns option > # > # The number of processes spawn to service DNS name lookups. > # For heavily loaded caches on large servers, you should > # probably increase this value to at least 10. The maximum > # is 32. The default is 5. > # > # You must have at least one dnsserver process. > #Default: > # dns_children 5 > # TAG: dns_retransmit_interval > # Initial retransmit interval for DNS queries. The interval is > # doubled each time all configured DNS servers have been tried. > # > #Default: > # dns_retransmit_interval 5 seconds > # TAG: dns_timeout > # DNS Query timeout. If no response is received to a DNS > query > # within this time all DNS servers for the queried domain > # are assumed to be unavailable. > #Default: > # dns_timeout 2 minutes > # TAG: dns_defnames on|off > # Normally the RES_DEFNAMES resolver option is disabled > # (see res_init(3)). This prevents caches in a hierarchy > # from interpreting single-component hostnames locally. To allow > # Squid to handle single-component names, enable this option. > #Default: > # dns_defnames off > # TAG: dns_nameservers > # Use this if you want to specify a list of DNS > name servers > # (IP addresses) to use instead of those given in your > # /etc/resolv.conf file. > # On Windows platforms, if no value is specified here or in > # the /etc/resolv.conf file, the list of DNS name servers are > # taken from the Windows registry, both static and dynamic DHCP > # configurations are supported. > # > # Example: dns_nameservers 10.0.0.1 192.172.0.4 > #Default: > #dns_nameservers 217.148.193.18 217.148.195.1 188.168.64.254 188.168.65.254 > #Default: > hosts_file /etc/hosts
	Введите код, изображенный на картинке: