Forum 3Dnews Tech - Показать сообщение отдельно

Vladisl@v · 07.08.2008, 09:20

Эрфеа netstat отображает запущенные процессы, и октрытые порты...
ip route show
8x.2x.14x.12x/29 dev eth2 proto kernel scope link src 8x.2x.14x.13x
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2 metric 5
10.23.0.0/24 dev eth0 proto kernel scope link src 10.23.0.5 metric 1
169.254.0.0/16 dev eth0 scope link metric 1
169.254.0.0/16 dev eth1 scope link metric 5
default via 8x.2x.14x.12y dev eth2

eth2 - реальный адрес инет
eth1 - идет через adsl модем на нем реальный адрес...

ifconfig
eth0 Link encap: Ethernet HWaddr 00:04:75:CB:74: DB
inet addr:10.23.0.5 Bcast:10.23.0.255 Mask:255.255.255.0
inet6 addr: fe80::204:75ff:fecb:74db/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1340255 errors:0 dropped:0 overruns:1 frame:0
TX packets:1410871 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:303841256 (289.7 MiB) TX bytes:716982511 (683.7 MiB)
Interrupt:20 Base address:0xe000

eth1 Link encap: Ethernet HWaddr 00:1D:7D:99:2A:28
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21d:7dff:fe99:2a28/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1279 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:76896 (75.0 KiB) TX bytes:1128 (1.1 KiB)
Interrupt:21 Base address:0xe000

eth2 Link encap: Ethernet HWaddr 0x:0x:Bx:2x:1x:9x
inet addr:8x.2x.14x.13x Bcast:81.26.140.135 Mask:255.255.255.248
inet6 addr: fe80::202:b3ff:fe24:169a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1371185 errors:0 dropped:0 overruns:0 frame:0
TX packets:1289336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:704605811 (671.9 MiB) TX bytes:299139239 (285.2 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:202 errors:0 dropped:0 overruns:0 frame:0
TX packets:202 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17300 (16.8 KiB) TX bytes:17300 (16.8 KiB)

iptables -L FORWARD
Chain FORWARD (policy DROP)
target prot opt source destination
bad_tcp_packets tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
allowed tcp -- anywhere 10.23.0.241 tcp dpt:jetdirect
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level info prefix `IPT FORWARD packet died:'

скорее всего что надо в форвард тож прописать eth1, iptables его видимо блокирует...

конфиг сквида:

#NETWORK OPTIONS
http_port 3128
icp_port 0

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 100 MB
cache_swap_low 97
cache_swap_high 98
maximum_object_size 64355 KB
#16384

refresh_pattern -i \.gif$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.png$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.pdf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.zip$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tar$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.gz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.tgz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.exe$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.prz$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.ppt$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.inf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.swf$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mid$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.wav$ 43200 100% 43200 override-lastmod override-expire
refresh_pattern -i \.mp3$ 43200 100% 43200 override-lastmod override-expire

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
cache_dir ufs /var/spool/squid 500 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
debug_options ALL,1
client_netmask 255.255.255.255

# kill the banners
#redirect_program /squid/redirector

#redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGard/squidGuard.conf
#redirect_children 10
#authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/squidpass

# OPTIONS FOR TUNING THE CACHE
#reference_age 1 month
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
negative_ttl 1 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes

# TIMEOUTS
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
#siteselect_timeout 4 seconds
read_timeout 5 minutes
request_timeout 60 seconds
client_lifetime 4 hours
half_closed_clients on

# ACCESS CONTROLS
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl office src 10.23.0.0/255.255.255.0

acl SSL_ports port 443 563
#acl Safe_ports port 80 # http
#acl Safe_ports port 20 # ftp
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl Sites1 dstdomain "/etc/squid/deny_url.xx1"
acl Sites2 dstdomain "/etc/squid/deny_url.xx2"
acl stop_list url_regex "/etc/squid/stop_list.xx"
acl media urlpath_regex -i \.mp3$ \.asf$ \.wma$ \.mov$ \.mp4$ \.avi$ \.ogg$ \.jpg$ \.3gp$ \.wmv$

http_access deny stop_list
http_access deny all Sites1
http_access deny all Sites2

http_access allow office
http_access allow manager
http_access allow media
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

# ADMINISTRATIVE PARAMETERS

# MISCELLANEOUS
logfile_rotate 1
store_avg_object_size 13 KB
client_db on
error_directory /etc/squid/errors

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)

delay_pools 2
delay_class 1 1
delay_access 1 allow media
delay_access 1 deny all
delay_parameters 1 3000/3000
#
delay_class 2 2
delay_access 2 allow office
delay_access 2 deny all
delay_parameters 2 -1/-1 16000/32000

07.08.2008, 09:20	Вверх #7
Vladisl@v Умудрённый Автор темы Регистрация: 16.04.2003 Адрес: Краснодар	Эрфеа netstat отображает запущенные процессы, и октрытые порты... ip route show 8x.2x.14x.12x/29 dev eth2 proto kernel scope link src 8x.2x.14x.13x 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2 metric 5 10.23.0.0/24 dev eth0 proto kernel scope link src 10.23.0.5 metric 1 169.254.0.0/16 dev eth0 scope link metric 1 169.254.0.0/16 dev eth1 scope link metric 5 default via 8x.2x.14x.12y dev eth2 eth2 - реальный адрес инет eth1 - идет через adsl модем на нем реальный адрес... ifconfig eth0 Link encap: Ethernet HWaddr 00:04:75:CB:74: DB inet addr:10.23.0.5 Bcast:10.23.0.255 Mask:255.255.255.0 inet6 addr: fe80::204:75ff:fecb:74db/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1340255 errors:0 dropped:0 overruns:1 frame:0 TX packets:1410871 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:303841256 (289.7 MiB) TX bytes:716982511 (683.7 MiB) Interrupt:20 Base address:0xe000 eth1 Link encap: Ethernet HWaddr 00:1D:7D:99:2A:28 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21d:7dff:fe99:2a28/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1279 errors:0 dropped:0 overruns:0 frame:0 TX packets:17 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:76896 (75.0 KiB) TX bytes:1128 (1.1 KiB) Interrupt:21 Base address:0xe000 eth2 Link encap: Ethernet HWaddr 0x:0x:Bx:2x:1x:9x inet addr:8x.2x.14x.13x Bcast:81.26.140.135 Mask:255.255.255.248 inet6 addr: fe80::202:b3ff:fe24:169a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1371185 errors:0 dropped:0 overruns:0 frame:0 TX packets:1289336 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:704605811 (671.9 MiB) TX bytes:299139239 (285.2 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:202 errors:0 dropped:0 overruns:0 frame:0 TX packets:202 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:17300 (16.8 KiB) TX bytes:17300 (16.8 KiB) iptables -L FORWARD Chain FORWARD (policy DROP) target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere ACCEPT all -- anywhere anywhere allowed tcp -- anywhere 10.23.0.241 tcp dpt:jetdirect ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level info prefix `IPT FORWARD packet died:' скорее всего что надо в форвард тож прописать eth1, iptables его видимо блокирует... конфиг сквида: #NETWORK OPTIONS http_port 3128 icp_port 0 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # OPTIONS WHICH AFFECT THE CACHE SIZE cache_mem 100 MB cache_swap_low 97 cache_swap_high 98 maximum_object_size 64355 KB #16384 refresh_pattern -i \.gif$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.png$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.jpg$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.pdf$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.zip$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.tar$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.gz$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.tgz$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.exe$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.prz$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.ppt$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.inf$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.swf$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.mid$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.wav$ 43200 100% 43200 override-lastmod override-expire refresh_pattern -i \.mp3$ 43200 100% 43200 override-lastmod override-expire # LOGFILE PATHNAMES AND CACHE DIRECTORIES cache_dir ufs /var/spool/squid 500 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log mime_table /etc/squid/mime.conf pid_filename /var/run/squid.pid debug_options ALL,1 client_netmask 255.255.255.255 # kill the banners #redirect_program /squid/redirector #redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGard/squidGuard.conf #redirect_children 10 #authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/squidpass # OPTIONS FOR TUNING THE CACHE #reference_age 1 month # quick_abort_min 16 KB # quick_abort_max 16 KB # quick_abort_pct 95 negative_ttl 1 minutes positive_dns_ttl 6 hours negative_dns_ttl 5 minutes # TIMEOUTS connect_timeout 2 minutes peer_connect_timeout 30 seconds #siteselect_timeout 4 seconds read_timeout 5 minutes request_timeout 60 seconds client_lifetime 4 hours half_closed_clients on # ACCESS CONTROLS #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl office src 10.23.0.0/255.255.255.0 acl SSL_ports port 443 563 #acl Safe_ports port 80 # http #acl Safe_ports port 20 # ftp #acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl Sites1 dstdomain "/etc/squid/deny_url.xx1" acl Sites2 dstdomain "/etc/squid/deny_url.xx2" acl stop_list url_regex "/etc/squid/stop_list.xx" acl media urlpath_regex -i \.mp3$ \.asf$ \.wma$ \.mov$ \.mp4$ \.avi$ \.ogg$ \.jpg$ \.3gp$ \.wmv$ http_access deny stop_list http_access deny all Sites1 http_access deny all Sites2 http_access allow office http_access allow manager http_access allow media http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all # ADMINISTRATIVE PARAMETERS # MISCELLANEOUS logfile_rotate 1 store_avg_object_size 13 KB client_db on error_directory /etc/squid/errors # DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) delay_pools 2 delay_class 1 1 delay_access 1 allow media delay_access 1 deny all delay_parameters 1 3000/3000 # delay_class 2 2 delay_access 2 allow office delay_access 2 deny all delay_parameters 2 -1/-1 16000/32000 Последний раз редактировалось Vladisl@v; 07.08.2008 в 09:33.