Пак пиша с проблем:
Имам следния firewall script:
#basic defs(deny all)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#basic defs(flush all)
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat
#forward all IN -> OUT
iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -j ACCEPT
#allowed connections (ports)
iptables -A INPUT -p tcp -i eth1 --dport 25 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 106 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 110 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 465 --syn -j ACCEPT
#iptables -A INPUT -p tcp -i eth1 --dport 783 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 993 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 995 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 80 --syn -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 1023 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 8080 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 443 --syn -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport 22 --syn -j ACCEPT
А NMAP-а ми показва:
root@slack1:~# nmap 83.228.56.113
Starting Nmap 4.60 (
http://nmap.org ) at 2009-02-17 15:54 EET
Interesting ports on 113-56-228-83.btc-net.bg (83.228.56.113):
Not shown: 1702 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
106/tcp open pop3pw
110/tcp open pop3
443/tcp closed https
465/tcp closed smtps
995/tcp closed pop3s
1023/tcp closed netvenuechat
5800/tcp open vnc-http
5900/tcp open vnc
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 69.725 seconds
Като променя INPUT на ACCEPT:
root@slack1:~# nmap 83.228.56.113
Starting Nmap 4.60 (
http://nmap.org ) at 2009-02-17 15:50 EET
Interesting ports on 113-56-228-83.btc-net.bg (83.228.56.113):
Not shown: 1675 closed ports, 26 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
37/tcp open time
53/tcp open domain
80/tcp open http
106/tcp open pop3pw
110/tcp open pop3
113/tcp open auth
143/tcp open imap
993/tcp open imaps
5800/tcp open vnc-http
5900/tcp open vnc
8009/tcp open ajp13
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 54.956 seconds
....
Някой може ли да ми каже как подяволите се получава тоя номер? Верно е, че съм n00b ама в това няма логика!