Fórum Ubuntu CZ/SK
Ubuntu pro osobní počítače => Internet a sítě => Téma založeno: romciiik 02 Listopadu 2008, 10:27:06
-
je mi to az trapne takuto vec sa pytat, ale nepodarilo sa mi zdielat internet do win xp
PC je pripojene k internetu cez wlan0, k providerovy sa pripajam cez:
ip: 192.168.15.195
maska: 255.255.255.0
brana: 192.168.15.1
dns1: 62.168.96.4
dns2: 195.146.132.59
druha sietovka je eth0
konfiguraciu som spravil podla wiki => http://wiki.ubuntu.cz/Sd%C3%ADlen%C3%AD%20internetov%C3%A9ho%20p%C5%99ipojen%C3%AD
sudo iptables -A FORWARD -i eth0 -o wlan0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
na notebooku mam XP profesional, neviem ako ho mam konfigurovat, skusil som nastavit branu: 192.168.0.1 ale neslo mi to.
poradte prosim;)
vdaka
-
Na notebooku nastavte ip adresu 192.168.15.196 masku 255.255.255.0 a branu 192.168.15.195 dns muzete dat stejne jako na prvnim stroji.
-
>> romciiik
1) Zkus http://forum.ubuntu.cz/index.php/topic,14901.msg107518.html#msg107518
2) Možná by ti pomohli další postupy:
http://forum.ubuntu.cz/index.php/topic,22728.msg167091.html#msg167091
http://forum.ubuntu.cz/index.php/topic,10300.msg73456.html#msg73456
-
hejhej v scripte som spravil chybu, neslo to ani po oprave.
precital som si aj tie fora na ktore tu padol link, skusal som a aj tak mi to neide.. niekde robim chybu a neviem prist na to ze kde :(
v konfiguracii sietovky bolo defaultne nastavene automaticke ziskavanie ip cez dhcp, dal som pevnu ip 192.168.0.1 (eth0)
teraz som docielil aspon tolko ze sa mi da pingnut z windowsu (na laptope) 192.168.0.1 zial ping na google neprejde
ono asi treba dako nastavit aj masku, dns a branu na eth0 ale neviem ako
prosim.. HELP
inak, pouzivam xubuntu 8.10 a dako mi po upgrade zmizla polozka network manazeru z hornej listy a neviem ako by som sa k tomu teraz mal normalne dostat.
-
A co
ping 209.85.129.104Ten projde? Poslete vypis ipconfig /all z windows.
-
no, skusil som to napisat do cmd vo windowse, pls ako dal? kde robim chybu?
inak, vpravo hore mi xubuntu hlasi taku ikonku s dvomi PC a taky maly cerveny krizik je tam.
[attachment deleted by admin]
-
Zkus jeste pingnout tu branu respektive Ubunti masinu
ping 192.168.0.1 pokud tyhle pingy projdou tak je chyba nekde v nastaveni Ubuntu v presmerovani netu. Tak si zkus projit jeste jednou ten clanek na wiki a postupne zadat vsechny prikazy plus sem kdyztak poslat cely postup, abysme videli jestli to nevypisuje nejake chyby.
Co nejakej firewall nemas instalovanej? Co ping z Ubuntu na widle?
-
ten ping nefunguje (Uplynula doba..) a neni som si isty ako sa pinguje z ubuntu ale v terminali som to skusil rovnako ako z windowsu a pingol som IP notebootu (nevypisalo asi za hodinu ziadny vysledok)
-
Nejak se v tom ztracim tak abysme si to schrunuli:
Windows:
ip - 192.168.0.2
maska - 255.255.255.0
brana - 192.168.0.1
DNS - 192.168.0.1
Ubuntu (sitovka spojena s windows)
ip - 192.168.0.1
maska - 255.255.255.0
(druha sitovka)
ip: 192.168.15.195
maska: 255.255.255.0
(a nakonec v Ubuntu)
brana: 192.168.15.1
dns1: 62.168.96.4
dns2: 195.146.132.59
Dale ping z win -> ubuntu projde, ale ping z ubuntu -> win neprojde ? Je to vsechno takhle spravne jak si myslim? Co ten firewall na windows, vypnul jste ho?
-
SORRY
toto vyzera ako keby sme boli spat na zaciatku ale: (asi) po upgrade na 8.10 mi zmizla ikonka network managera z pravej hornej listy v XUBUNTU.
nasiel som nastroje
Applications > System > Sieťové nástroje - vyzera ze cez to moc toho nenastavim
po pripojeni notebooku(win) k PC(xubuntu) sa mi na pravej hornej liste zobrazi ikonka dakeho nastavenia VPN spojenia. vyzera ze sa cez to daju nastavovat drotove a bezdrotove siete ale napriklad nastavenie mojej wifiny tam nevidim.
naposledy som konfiguroval svoju wifi na 8.04 a tam to nebol problem, podobny nastroj dako neviem najst. google mi dako moc nepomohol a v PC to tez dako neviem najst. asi to prehliadam :(
pllls help
vdaka
-
A co Aplikace -> System -> Sit neni to tam?
Pokud nemas NM tak si ho muzes doinstalovat, ale stejne radeji na staticke nastaveni site radeji edituji /etc/network/interfaces
Napovedu dostanes bud na internetu, neboman interfaces
-
v Aplikace -> System "Sit" nemam
/etc/network/interfaces obsahuje toto:
auto lo
iface lo inet loopback
iface wlan0 inet static
address 192.168.15.195
netmask 255.255.255.0
gateway 192.168.15.1
wireless-essid KONFER _net31
auto wlan0
bol by moc velky problem aby si mi napisal ako ten subor ma vyzerat? nerad by som neco pokazil. po ang. toho az tak moc nevim takze.. pls. zaklad je aby tam boli udaje od providera ake mam v prvom prispevku. inak.. akoto ze tam nie su DNS?
thx
-
Tak takhle vypada ten soubor dobre. Akorat by tam chtelo jeste pridat to nastaveni pro rozhrani eth0.
auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
PS: DNSka jsou uvedeny v /etc/resolv.conf
-
win:
ip: 192.168.0.2
maska: 255.255.255.0
brana: 192.168.0.1
dns: 192.168.0.1
/etc/resolv.conf
nameserver 62.168.96.4
nameserver 195.146.132.59
/etc/network/interfaces
auto lo
iface lo inet loopback
iface wlan0 inet static
address 192.168.15.195
netmask 255.255.255.0
gateway 192.168.15.1
wireless-essid KONFER _net31
auto wlan0
auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
je tam neco zle???? ja uz fakt nechapem
-
Takhle to vypada spravne. S timhle nastavenim to nejde, predpokladam.
Nema cenu resit sdileni netu dokud neprojdou pingy.
Takze nejdriv z win -> ubuntu ping 192.168.0.1Pote ubuntu -> win ping 192.168.0.2Doporucuju zkontrolovat jestli neni nekde zapnuty firewall, pripadne ho vypnout.(zvlast ten windowsi defaultni je zakernej :) )
1) Pokud neprojdou pingy tak je neco spatne a poslete vypis z ubuntu
ifconfig
ethtool eth0
a z windowsipconfig /allTo abysme overili jestli se nastaveni spravne provedli.
Nevim jestli je pro widle nejaka podobna utilitka jako ethtool. Nevi nekdo?
2) Pokud pingy projdou tak mame dobre nastavenou sit a muzem resit sdileni netu. Viz. clanek na wiki.
PS: Mas tam krizeny kabel?
-
ping prejde aj z ubuntu do win, aj opacne ;)
ALE
ping www.google.comz windowsu (notebook) mi zial stale neprejde (logicky, ani stranka sa nenacita)
ten script
sudo iptables -A FORWARD -i eth0 -o wlan0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
musim zpustit znovu?
neviem co presne znamena tak nerad by som to tim pokazil.
VDAKA
ps: +1
-
Parada takze mame dobre vytvorenou sit. To je zaklad uspechu.
Ano ten skript musis spoustet vzdy po zapnuti systemu. Da se to ulozit do souboru a dat aby se spoustel automaticky po startu. Hledej na foru automaticke spousteni skriptu po startu systemu.
Tak abys tomu rozumel tak iptables je vlastne takovy firewall. A tema prikazama mu reknes aby sdilel internet.
K tomu pingu na google. Zkus kdyztak potom co spustis ten skript:
ping 209.85.129.147Jestli neni chyba v DNS.
-
spustil som na ubuntu:
sudo iptables -A FORWARD -i wlan0 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
ping z win:
Ping www.google.com
Testovanie dostupnosti www.l.google.com [74.125.79.99] s 32 bajtov údajov:
Čas požiadavky uplynul.
Čas požiadavky uplynul.
Čas požiadavky uplynul.
Čas požiadavky uplynul.
Ping 209.85.129.147
Testovanie dostupnosti 209.85.129.147 s 32 bajtov údajov:
Čas požiadavky uplynul.
Čas požiadavky uplynul.
Čas požiadavky uplynul.
Čas požiadavky uplynul.
:( ??? precooo? pls help
-
Co ty prikazy nevypsalo to nejakou chybu? Mate dobre vstupni a vystupni rozhrani?
-
nie, nenaskocila absolutne ziadna chybova hlaska ani nic take, vsetko sa tvarilo ze prebehlo OK.
co znamena vstupne/vystupne rozhranie?
napadlo mi ze nieco predsalen musi tim pingom prejst kedze ping vrati, aspon, IP adresu servra na ktory sa pytam ( ??? )
-
To je divny no. Ze obdrzel jakoby ipcko serveru. Jestli nema nejaky vlastni cache. Co firewall, mate?
Vstupni rozhrani - sitovka prez kterou jsi pripojen k internetu - parametr -i
Vystupni rozhrani - sitovka prez kterou jsi pripojen do vlastni site - parametr -o
Zkus jeste kdyztak traceroute na tu ip googlu.
-
PC je pripojene k internetu cez wlan0, druha sietovka je eth0
Vstupni rozhrani - sitovka prez kterou jsi pripojen k internetu - parametr -i
Vystupni rozhrani - sitovka prez kterou jsi pripojen do vlastni site - parametr -o
Síťovky máš ve skriptu přehozené!
podla popisu na wiki http://wiki.ubuntu.cz/Sd%C3%ADlen%C3%AD%20internetov%C3%A9ho%20p%C5%99ipojen%C3%AD mam script dobre:
Jedna síťová karta je připojena k vaší vlastní síti, nazveme ji eth0. Druhá karta, či PPP rozhraní, které je připojeno k internetu nazveme eth1 či ppp0.
sudo iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
takze moj script
sudo iptables -A FORWARD -i wlan0 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPTje podla mna spravny. napiste teda ako to ma byt bo som z toho uz dopleteny. niekde vo zvysnych 3 riadkoch scriptu nic nie je treba menit?
neslo to ani po prehodeni, stale pingy na lokalne stroje presli ale von nie. pakety pri pingovani xubuntu z win prichadzali aj odchadzali ale pri pingu googlu boli iba odoslane!
firewall na windowse je totalne vypnuty a v xubuntu som nikdy s nim nic nerobil, je taky ako bol nainstalovany. neviem ani ako presne by som ho mal konfigurovat.
vlastny cache? ze by command line vo windowse mala cashe? ako to mam zistit?
kedze som nevedel co je traceroute, googlel som a postupoval podla http://cs.wikipedia.org/wiki/Traceroute
win:
tracert google.com
Smerovanie sledovania k google.com [209.85.171.99]
prekročilo maximum 30 skokov:
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Čas požiadavky uplynul.
3 * * * Čas požiadavky uplynul.
...
23 * * * Čas požiadavky uplynul.
25 * Cieľový hostiteľ je nedosiahnuteľný.
Sledovanie sa dokončilo.
xubuntu:
roman@roman-desktop:~$ traceroute google.com
traceroute to google.com (72.14.207.99), 30 hops max, 40 byte packets
1 192.168.15.1 (192.168.15.1) 504.736 ms 536.484 ms 621.449 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 eh-in-f99.google.com (72.14.207.99) 153.639 ms 152.584 ms 172.006 ms
subor /proc/sys/net/ipv4/ip_forward ma obsahovat iba:
1
??
Už viac informacii a možnosti mi nenapada :(
-
Bohuzel me uz taky ne. Pokud pingy odesli ven a neprisli dovnitr tak to proste vypada na chybu v preposilani paketu v Ubuntu. Bohuzel zde me nepatrne vedomosti konci. Hodte sem jeste:
sudo iptables -L
-
sudo iptables -L
tu to je
roman@roman-desktop:~$ sudo iptables -L
[sudo] password for roman:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- 192.168.0.0/24 anywhere LOG level warning
DROP all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.15.195
ACCEPT all -- anywhere 192.168.15.255
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere 192.168.0.0/24 LOG level warning
DROP all -- anywhere 192.168.0.0/24
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.0/24 anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.0/24 anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.0.0/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere 192.168.0.0/24 LOG level warning
DROP all -- anywhere 192.168.0.0/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.15.195 anywhere
ACCEPT all -- 192.168.15.255 anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
-
To vypada ne nejakej firewall. Opravdu tam neco nemas? Firehol, firestarter, ufw ?
No helet rebootni a jeste pred tim nez zadas tyhle prikazy na forwardovani paketu, tak mi posli ten vypis sudo iptables -LDale zkontroluj jestli nemas nejaky program z vyse zminenych.
-
cisty restart (vypnutie bez ulozenia sedenia a nasledne zapnutie)
hned po restarte:
roman@roman-desktop:~$ sudo iptables -L
[sudo] password for roman:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- 192.168.0.0/24 anywhere LOG level warning
DROP all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.15.195
ACCEPT all -- anywhere 192.168.15.255
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere 192.168.0.0/24 LOG level warning
DROP all -- anywhere 192.168.0.0/24
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.0.0/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere 192.168.0.0/24 LOG level warning
DROP all -- anywhere 192.168.0.0/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.15.195 anywhere
ACCEPT all -- 192.168.15.255 anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
firehol - nemam
firestarter - nemam
ufw - MAM ale:
roman@roman-desktop:~$ sudo ufw status
Status: not loaded
takze asi aj tak nepracuje :-[
what next??
-
Evidetne tam spoustite neco co saha do iptables. Otazkou zustava co a jak se toho zbavit.
Zvlast tohohle v sekci FORWARD:
DROP all -- anywhere 192.168.0.0/24
Donutil jste me studovat man iptables :), vy se zatim podivejte na neco co se spousti automaticky samo po startu a mohlo by to sahat na iptables = firewall. Prostudujte /etc/rc.2/* /etc/rc.local
Ale obavam se, ze budem muset pockat na nekoho chytrejsiho.
-
sudo geany /etc/rc.local#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
##připojení k internetu
pppd &
##sdílení připojení
sudo iptables -A FORWARD -i eth0 -o wlan0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
exit 0
opravil som to na:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
##připojení k internetu
pppd &
##sdílení připojení
sudo iptables -A FORWARD -i wlan0 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
exit 0
ping z win presiel (192.168.0.1 aj 192.168.0.2)
ale na google nie, zaujimave ze ted to vypisalo inu ip googlu ako predtim - 64.233.187.99, takze asi zadny cashe.
s /etc/rc.2/* nevim co mam robit
nettezzaumana by s tim nevedel nahodou pohnut?
fakt vdaka za snahu ;)
-
V tom rc.local mas ty prikazy na sdileni toho internetu, takze kdyz jsem chtel abys restartoval a nespoustel ty prikazy tak se spustily.
Ntz by vedel, ale nekde se flaka. :)
PS: Uz tu neco chystam, tak snad to dochystam... ;)
-
mam to od tial vyhodit, restartnut a spustit?
sudo iptables -L.. a poslat sem?
mozno by bolo rychlejsie riesit to cez ICQ a hodit sem iba vysledok.. (?)
-
Je zbytečné mít v rc.local před všemi příkazy prefixované sudo. Plus sem tedy hoď výpis z iptables -L.
-
pred spustenim firestarteru:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
DROP all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 192.168.15.195
ACCEPT all -- anywhere 192.168.15.255
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere 192.168.0.0/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.0.0/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
DROP all -- anywhere 192.168.0.0/24
ACCEPT all -- 192.168.15.195 anywhere
ACCEPT all -- 192.168.15.255 anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
po spusteni konfiguracie a vypnuti firestarteru:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INBOUND (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.2 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
po opatovnom spusteni firestarteru:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ns.gtsi.sk anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns.gtsi.sk anywhere
ACCEPT tcp -- ns2.telecom.sk anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns2.telecom.sk anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.15.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 192.168.0.1
INBOUND all -- anywhere 192.168.15.195
INBOUND all -- anywhere 192.168.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.15.195 ns.gtsi.sk tcp dpt:domain
ACCEPT udp -- 192.168.15.195 ns.gtsi.sk udp dpt:domain
ACCEPT tcp -- 192.168.15.195 ns2.telecom.sk tcp dpt:domain
ACCEPT udp -- 192.168.15.195 ns2.telecom.sk udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.2 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
-
Nějak jsi upravoval nastavení firewallu?
-
nastavoval som co je spomenute na fore + uprava iptables + nastavenia ktore si spravil firestarter + nastavenie na obrazku (nemohol som dat do prilohy, vraj je plny adresar na servry)
http://rapidshare.com/files/167683517/Screenshot.png