forum.opennet.ru

Составление сообщения

Исходное сообщение

"natd & alias IP"
Отправлено Wowa, 16-Июн-05 12:28

>ipfw l
>ps -ax
bash-2.05b# ipfw l
00005 allow tcp from any to me 22
00006 allow tcp from me 22 to any
00050 divert 8668 tcp from any to 212.7.224.10 25 via fxp1
00051 divert 8668 ip from 192.168.1.101 to any via fxp1
00052 allow ip from any to 212.7.224.10 via any
00100 divert 8668 ip from any to any in recv fxp1
00101 divert 8668 ip from 192.168.1.16 to any out xmit fxp1
00102 divert 8668 ip from 192.168.1.19 to any out xmit fxp1
00103 divert 8668 ip from 192.168.1.23 to any out xmit fxp1
00104 divert 8668 ip from 192.168.1.26 to any out xmit fxp1
00105 divert 8668 ip from 192.168.1.27 to any out xmit fxp1
00106 divert 8668 ip from 192.168.1.34 to any out xmit fxp1
00107 divert 8668 ip from 192.168.4.16/28 to any out xmit fxp1
00109 divert 8668 ip from 192.168.1.25 to any out xmit fxp1
00110 divert 8668 ip from 192.168.1.97 to any out xmit fxp1
00115 divert 8668 ip from 192.168.1.48/28 to any out xmit fxp1
00120 divert 8668 ip from 192.168.4.16/28 to any out xmit fxp1
01000 allow ip from any to any via lo0
01001 deny ip from any to 127.0.0.0/8
01002 deny ip from 127.0.0.0/8 to any
01100 skipto 10000 ip from 192.168.1.0/24 to any in recv fxp0
01101 deny ip from 192.168.1.0/24 to any in
01102 skipto 10000 ip from 192.168.6.0/24 to any in recv fxp0
01103 deny ip from 192.168.6.0/24 to any in
01199 deny ip from any to any in recv fxp0
01299 deny ip from any to any in recv vlan5
01399 deny ip from any to any in recv vlan3
10000 skipto 20000 ip from 192.168.2.0/24 to 192.168.2.0/24
10010 deny ip from any to any via vlan3
10020 skipto 20000 ip from 192.168.1.0/24 to 192.168.1.0/24
10030 skipto 20000 ip from 192.168.1.0/24 to 192.168.3.0/29
10040 skipto 20000 ip from 192.168.1.0/24 to 192.168.6.0/24
10050 skipto 20000 ip from 192.168.1.0/24 to 192.168.7.0/24
10060 skipto 20000 ip from 192.168.1.0/24 to 192.168.8.0/24
10080 skipto 20000 ip from 192.168.3.0/29 to 192.168.1.0/24
10090 skipto 20000 ip from 192.168.6.0/24 to 192.168.1.0/24
10100 skipto 20000 ip from 192.168.7.0/24 to 192.168.1.0/24
10110 skipto 20000 ip from 192.168.8.0/24 to 192.168.1.0/24
10130 skipto 20000 ip from any to 192.168.1.16
10131 skipto 20000 ip from 192.168.1.16 to any
10140 skipto 20000 ip from any to 192.168.1.19
10141 skipto 20000 ip from 192.168.1.19 to any
10150 skipto 20000 ip from any to 192.168.1.23
10151 skipto 20000 ip from 192.168.1.23 to any
10152 skipto 20000 ip from any to 192.168.1.26
10153 skipto 20000 ip from 192.168.1.26 to any
10154 skipto 20000 ip from any to 192.168.1.45
10155 skipto 20000 ip from 192.168.1.45 to any
10160 skipto 20000 ip from any to 192.168.1.26
10160 skipto 20000 ip from any to 192.168.1.27
10161 skipto 20000 ip from 192.168.1.26 to any
10161 skipto 20000 ip from 192.168.1.27 to any
10170 skipto 20000 ip from any to 192.168.1.27
10170 skipto 20000 ip from any to 192.168.1.34
10171 skipto 20000 ip from 192.168.1.27 to any
10171 skipto 20000 ip from 192.168.1.34 to any
10172 skipto 20000 ip from 192.168.1.25 to any
10173 skipto 20000 ip from any to 192.168.1.25
10174 skipto 20000 ip from 192.168.1.97 to any
10175 skipto 20000 ip from any to 192.168.1.97
10180 skipto 20000 ip from any to 192.168.1.34
10181 skipto 20000 ip from 192.168.1.34 to any
10182 skipto 20000 ip from any to 192.168.1.48/28
10183 skipto 20000 ip from 192.168.1.48/28 to any
10190 deny ip from any to 192.168.1.0/24
10191 deny ip from 192.168.1.0/24 to any
15016 deny ip from any to 192.168.4.24
15017 deny ip from 192.168.4.24 to any
20000 count ip from any to 192.168.2.0/24 out
Дальше count-ы и pipe-ы
bash-2.05b# ps ax
  PID  TT  STAT      TIME COMMAND
    0  ??  DLs    0:00.00  (swapper)
    1  ??  ILs    0:00.24 /sbin/init --
    2  ??  DL     0:01.54  (pagedaemon)
    3  ??  DL     0:00.00  (vmdaemon)
    4  ??  DL     0:05.53  (bufdaemon)
    5  ??  DL     6:05.17  (syncer)
    6  ??  DL     0:04.28  (vnlru)
   12  ??  DLs    0:00.00 vinum: vinum daemon (vinum)
   30  ??  Is     0:00.00 adjkerntz -i
  518  ??  Ss     0:51.35 /usr/sbin/syslogd -a x.x.x.1/32:* -a x.x.x.2/32:* -a x.x.x.227/32:*
  521  ??  Ss     8:09.63 /usr/sbin/named -u bind -g bind -t /usr/named
  523  ??  Ss     0:33.56 /usr/sbin/ntpd -p /var/run/ntpd.pid
  525  ??  Is     0:00.01 /usr/sbin/portmap
  527  ??  Is     0:00.01 mountd -r
  530  ??  Is     0:00.00 nfsd: master (nfsd)
  532  ??  I      0:01.47 nfsd: server (nfsd)
  533  ??  I      0:00.01 nfsd: server (nfsd)
  534  ??  I      0:00.00 nfsd: server (nfsd)
  535  ??  I      0:00.00 nfsd: server (nfsd)
  539  ??  I      0:00.00 nfsiod -n 4
  540  ??  I      0:00.00 nfsiod -n 4
  541  ??  I      0:00.00 nfsiod -n 4
  542  ??  I      0:00.00 nfsiod -n 4
  548  ??  Ss     0:01.80 /usr/sbin/inetd -wW
  550  ??  Is     0:03.03 /usr/sbin/cron
  552  ??  Is     0:07.03 /usr/sbin/sshd
  555  ??  Ss     0:29.75 sendmail: accepting connections (sendmail)
  558  ??  Is     0:00.33 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
  610  ??  Ss     0:17.16 /usr/local/sbin/httpd
  614  ??  Ss     1:08.11 /usr/local/sbin/cdr_read -t md110 -s 9600 -D /var/log/pbx/md110 -L /var/log/pbx
  622  ??  Is     0:01.96 /usr/local/sbin/dhcpd fxp0 rl0 vlan5
  659  ??  Ss    19:10.69 /usr/local/libexec/netams -lf /usr/local/etc/netams.cfg
  687  ??  Ss   246:16.48 /usr/local/sbin/trafd -m 0 -pri fxp1
  697  ??  Is     0:01.14 (unlinkd) (unlinkd)
36017  ??  I      0:00.05 sshd: wowa [priv] (sshd)
36019  ??  I      0:01.12 sshd: wowa@ttyp0 (sshd)
38644  ??  I      0:00.05 sshd: wowa [priv] (sshd)
38646  ??  S      0:00.51 sshd: wowa@ttyp1 (sshd)
45860  ??  Ss     0:04.12 /sbin/natd -u -dynamic -n fxp1 -redirect_port tcp 192.168.1.101:25 x.x.x.10
47828  ??  I      0:01.82 sendmail: ./j5EKY0Lw077697 .: user open (sendmail)
51739  ??  S      0:00.77 sendmail: ./j5FH45M4037138 .: user open (sendmail)
54316  ??  I      0:00.01 sendmail: ./j5G8LwLr054315 .: user open (sendmail)
59833  ??  I      0:00.01 /usr/local/sbin/httpd
59834  ??  I      0:00.01 /usr/local/sbin/httpd
59835  ??  I      0:00.01 /usr/local/sbin/httpd
59836  ??  I      0:00.01 /usr/local/sbin/httpd
59837  ??  I      0:00.01 /usr/local/sbin/httpd
60470  ??  I      0:00.01 /usr/local/sbin/httpd
60471  ??  I      0:00.00 /usr/local/sbin/httpd
60472  ??  I      0:00.01 /usr/local/sbin/httpd
36020  p0  Is     0:00.04 -bash (bash)
46530  p0  S+     0:02.27 licq
38647  p1  Is     0:00.01 -bash (bash)
38650  p1  I      0:00.03 -su (csh)
38655  p1  S      0:00.23 bash
54319  p1  R+     0:00.00 ps ax
  694  v1  Is+    0:00.00 /usr/libexec/getty Pc ttyv1
  695  v2  Is+    0:00.00 /usr/libexec/getty Pc ttyv2
  696  v3  Is+    0:00.00 /usr/libexec/getty Pc ttyv3
  626 con- I      0:00.01 /bin/sh /usr/local/bin/mysqld_safe --user=mysql --datadir=/var/db/mysql --pid-f
  650 con- S     21:42.03 /usr/local/libexec/mysqld --basedir=/usr/local --datadir=/var/db/mysql --user=m
  676 con- I      0:00.00 /bin/sh /usr/local/sbin/RunCache
  682 con- S      4:27.36 squid -NsY
bash-2.05b#

Исходное сообщение
"natd & alias IP" Отправлено Wowa, 16-Июн-05 12:28
>ipfw l >ps -ax bash-2.05b# ipfw l 00005 allow tcp from any to me 22 00006 allow tcp from me 22 to any 00050 divert 8668 tcp from any to 212.7.224.10 25 via fxp1 00051 divert 8668 ip from 192.168.1.101 to any via fxp1 00052 allow ip from any to 212.7.224.10 via any 00100 divert 8668 ip from any to any in recv fxp1 00101 divert 8668 ip from 192.168.1.16 to any out xmit fxp1 00102 divert 8668 ip from 192.168.1.19 to any out xmit fxp1 00103 divert 8668 ip from 192.168.1.23 to any out xmit fxp1 00104 divert 8668 ip from 192.168.1.26 to any out xmit fxp1 00105 divert 8668 ip from 192.168.1.27 to any out xmit fxp1 00106 divert 8668 ip from 192.168.1.34 to any out xmit fxp1 00107 divert 8668 ip from 192.168.4.16/28 to any out xmit fxp1 00109 divert 8668 ip from 192.168.1.25 to any out xmit fxp1 00110 divert 8668 ip from 192.168.1.97 to any out xmit fxp1 00115 divert 8668 ip from 192.168.1.48/28 to any out xmit fxp1 00120 divert 8668 ip from 192.168.4.16/28 to any out xmit fxp1 01000 allow ip from any to any via lo0 01001 deny ip from any to 127.0.0.0/8 01002 deny ip from 127.0.0.0/8 to any 01100 skipto 10000 ip from 192.168.1.0/24 to any in recv fxp0 01101 deny ip from 192.168.1.0/24 to any in 01102 skipto 10000 ip from 192.168.6.0/24 to any in recv fxp0 01103 deny ip from 192.168.6.0/24 to any in 01199 deny ip from any to any in recv fxp0 01299 deny ip from any to any in recv vlan5 01399 deny ip from any to any in recv vlan3 10000 skipto 20000 ip from 192.168.2.0/24 to 192.168.2.0/24 10010 deny ip from any to any via vlan3 10020 skipto 20000 ip from 192.168.1.0/24 to 192.168.1.0/24 10030 skipto 20000 ip from 192.168.1.0/24 to 192.168.3.0/29 10040 skipto 20000 ip from 192.168.1.0/24 to 192.168.6.0/24 10050 skipto 20000 ip from 192.168.1.0/24 to 192.168.7.0/24 10060 skipto 20000 ip from 192.168.1.0/24 to 192.168.8.0/24 10080 skipto 20000 ip from 192.168.3.0/29 to 192.168.1.0/24 10090 skipto 20000 ip from 192.168.6.0/24 to 192.168.1.0/24 10100 skipto 20000 ip from 192.168.7.0/24 to 192.168.1.0/24 10110 skipto 20000 ip from 192.168.8.0/24 to 192.168.1.0/24 10130 skipto 20000 ip from any to 192.168.1.16 10131 skipto 20000 ip from 192.168.1.16 to any 10140 skipto 20000 ip from any to 192.168.1.19 10141 skipto 20000 ip from 192.168.1.19 to any 10150 skipto 20000 ip from any to 192.168.1.23 10151 skipto 20000 ip from 192.168.1.23 to any 10152 skipto 20000 ip from any to 192.168.1.26 10153 skipto 20000 ip from 192.168.1.26 to any 10154 skipto 20000 ip from any to 192.168.1.45 10155 skipto 20000 ip from 192.168.1.45 to any 10160 skipto 20000 ip from any to 192.168.1.26 10160 skipto 20000 ip from any to 192.168.1.27 10161 skipto 20000 ip from 192.168.1.26 to any 10161 skipto 20000 ip from 192.168.1.27 to any 10170 skipto 20000 ip from any to 192.168.1.27 10170 skipto 20000 ip from any to 192.168.1.34 10171 skipto 20000 ip from 192.168.1.27 to any 10171 skipto 20000 ip from 192.168.1.34 to any 10172 skipto 20000 ip from 192.168.1.25 to any 10173 skipto 20000 ip from any to 192.168.1.25 10174 skipto 20000 ip from 192.168.1.97 to any 10175 skipto 20000 ip from any to 192.168.1.97 10180 skipto 20000 ip from any to 192.168.1.34 10181 skipto 20000 ip from 192.168.1.34 to any 10182 skipto 20000 ip from any to 192.168.1.48/28 10183 skipto 20000 ip from 192.168.1.48/28 to any 10190 deny ip from any to 192.168.1.0/24 10191 deny ip from 192.168.1.0/24 to any 15016 deny ip from any to 192.168.4.24 15017 deny ip from 192.168.4.24 to any 20000 count ip from any to 192.168.2.0/24 out Дальше count-ы и pipe-ы bash-2.05b# ps ax PID TT STAT TIME COMMAND 0 ?? DLs 0:00.00 (swapper) 1 ?? ILs 0:00.24 /sbin/init -- 2 ?? DL 0:01.54 (pagedaemon) 3 ?? DL 0:00.00 (vmdaemon) 4 ?? DL 0:05.53 (bufdaemon) 5 ?? DL 6:05.17 (syncer) 6 ?? DL 0:04.28 (vnlru) 12 ?? DLs 0:00.00 vinum: vinum daemon (vinum) 30 ?? Is 0:00.00 adjkerntz -i 518 ?? Ss 0:51.35 /usr/sbin/syslogd -a x.x.x.1/32:* -a x.x.x.2/32:* -a x.x.x.227/32:* 521 ?? Ss 8:09.63 /usr/sbin/named -u bind -g bind -t /usr/named 523 ?? Ss 0:33.56 /usr/sbin/ntpd -p /var/run/ntpd.pid 525 ?? Is 0:00.01 /usr/sbin/portmap 527 ?? Is 0:00.01 mountd -r 530 ?? Is 0:00.00 nfsd: master (nfsd) 532 ?? I 0:01.47 nfsd: server (nfsd) 533 ?? I 0:00.01 nfsd: server (nfsd) 534 ?? I 0:00.00 nfsd: server (nfsd) 535 ?? I 0:00.00 nfsd: server (nfsd) 539 ?? I 0:00.00 nfsiod -n 4 540 ?? I 0:00.00 nfsiod -n 4 541 ?? I 0:00.00 nfsiod -n 4 542 ?? I 0:00.00 nfsiod -n 4 548 ?? Ss 0:01.80 /usr/sbin/inetd -wW 550 ?? Is 0:03.03 /usr/sbin/cron 552 ?? Is 0:07.03 /usr/sbin/sshd 555 ?? Ss 0:29.75 sendmail: accepting connections (sendmail) 558 ?? Is 0:00.33 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 610 ?? Ss 0:17.16 /usr/local/sbin/httpd 614 ?? Ss 1:08.11 /usr/local/sbin/cdr_read -t md110 -s 9600 -D /var/log/pbx/md110 -L /var/log/pbx 622 ?? Is 0:01.96 /usr/local/sbin/dhcpd fxp0 rl0 vlan5 659 ?? Ss 19:10.69 /usr/local/libexec/netams -lf /usr/local/etc/netams.cfg 687 ?? Ss 246:16.48 /usr/local/sbin/trafd -m 0 -pri fxp1 697 ?? Is 0:01.14 (unlinkd) (unlinkd) 36017 ?? I 0:00.05 sshd: wowa [priv] (sshd) 36019 ?? I 0:01.12 sshd: wowa@ttyp0 (sshd) 38644 ?? I 0:00.05 sshd: wowa [priv] (sshd) 38646 ?? S 0:00.51 sshd: wowa@ttyp1 (sshd) 45860 ?? Ss 0:04.12 /sbin/natd -u -dynamic -n fxp1 -redirect_port tcp 192.168.1.101:25 x.x.x.10 47828 ?? I 0:01.82 sendmail: ./j5EKY0Lw077697 .: user open (sendmail) 51739 ?? S 0:00.77 sendmail: ./j5FH45M4037138 .: user open (sendmail) 54316 ?? I 0:00.01 sendmail: ./j5G8LwLr054315 .: user open (sendmail) 59833 ?? I 0:00.01 /usr/local/sbin/httpd 59834 ?? I 0:00.01 /usr/local/sbin/httpd 59835 ?? I 0:00.01 /usr/local/sbin/httpd 59836 ?? I 0:00.01 /usr/local/sbin/httpd 59837 ?? I 0:00.01 /usr/local/sbin/httpd 60470 ?? I 0:00.01 /usr/local/sbin/httpd 60471 ?? I 0:00.00 /usr/local/sbin/httpd 60472 ?? I 0:00.01 /usr/local/sbin/httpd 36020 p0 Is 0:00.04 -bash (bash) 46530 p0 S+ 0:02.27 licq 38647 p1 Is 0:00.01 -bash (bash) 38650 p1 I 0:00.03 -su (csh) 38655 p1 S 0:00.23 bash 54319 p1 R+ 0:00.00 ps ax 694 v1 Is+ 0:00.00 /usr/libexec/getty Pc ttyv1 695 v2 Is+ 0:00.00 /usr/libexec/getty Pc ttyv2 696 v3 Is+ 0:00.00 /usr/libexec/getty Pc ttyv3 626 con- I 0:00.01 /bin/sh /usr/local/bin/mysqld_safe --user=mysql --datadir=/var/db/mysql --pid-f 650 con- S 21:42.03 /usr/local/libexec/mysqld --basedir=/usr/local --datadir=/var/db/mysql --user=m 676 con- I 0:00.00 /bin/sh /usr/local/sbin/RunCache 682 con- S 4:27.36 squid -NsY bash-2.05b#

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру