>[оверквотинг удален]
>>iptables -A INPUT -s 192.168.5.0/24 -p tcp --dport 80 -j ACCEPT
>>не работает, и так тоже
>>iptables -A INPUT -s 192.168.5.5 -p tcp --dport 80 -j ACCEPT
>>
>>а так почему-то работает
>>iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>>
>>фигня однако )
>
>Покажите все правила iptables ? # Generated by iptables-save v1.3.5 on Thu Jul 8 17:05:38 2010
*filter
:INPUT DROP [77225:28729232]
:FORWARD DROP [327410:15801517]
:OUTPUT ACCEPT [2584573:1391401326]
:SSH - [0:0]
:bad_pcp_pakets - [0:0]
-A INPUT -p tcp -j bad_tcp_pakets
-A INPUT -p tcp -m tcp --dport 22 -j SSH
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5000:5050 -j ACCEPT
-A INPUT -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A FORWARD -s 192.168.5.20 -p tcp -m tcp --dport 20 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -p tcp -m tcp --dport 4890 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 4081 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 44333 -j ACCEPT
-A FORWARD -p udp -m udp --dport 44333 -j ACCEPT
-A FORWARD -s 192.168.5.9 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 5190 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 465 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 995 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -p tcp -m tcp --dport 993 -j ACCEPT
-A FORWARD -s 192.168.5.20 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -s 192.168.5.20 -p udp -m udp --dport 87 -j ACCEPT
-A FORWARD -s 192.168.5.26 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.5.5 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -s 192.168.5.5 -p tcp -m tcp --dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 4081 -j LOG --log-prefix "port 4081"
-A SSH -s 192.168.5.5 -j ACCEPT
-A bad_pcp_pakets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A bad_pcp_pakets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "New not syn:"
-A bad_pcp_pakets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
COMMIT
# Completed on Thu Jul 8 17:05:38 2010
# Generated by iptables-save v1.3.5 on Thu Jul 8 17:05:38 2010
*nat
:PREROUTING ACCEPT [691864:58561202]
:POSTROUTING ACCEPT [59699:3658853]
:OUTPUT ACCEPT [60334:3931073]
-A PREROUTING -p tcp -m tcp --dport 4890 -j DNAT --to-destination 192.168.5.9
-A PREROUTING -s 83.167.114.179 -p tcp -m tcp --dport 4081 -j DNAT --to-destination 192.168.5.1
-A PREROUTING -s 83.167.114.199 -p tcp -m tcp --dport 4081 -j DNAT --to-destination 192.168.5.1
-A PREROUTING -s 83.167.114.179 -p udp -m udp --dport 44333 -j DNAT --to-destination 192.168.5.1
-A PREROUTING -s 83.167.114.179 -p tcp -m tcp --dport 44333 -j DNAT --to-destination 192.168.5.1
-A POSTROUTING -s 192.168.5.0/255.255.255.0 -j SNAT --to-source 81.195.xx.xxx
COMMIT
# Completed on Thu Jul 8 17:05:38 2010
воть
Вариант для распечатки
(ok) on 08-Июл-10, 16:03 
