Ta, napravo zapochvam s problema. Na ROUTER i WEBSERVER polzvam SuSEfirewall2 (SuSE9.0 - kernel 2.4.21), poradi prostata prichina che nikakuv drug firewall s iptables ne iska da raboti kakto trqbva. Samo che i vuprosniq SuSEfirewall2 ima edna glupost narechena SPOOF PROTECTION, koqto pravi slednoto:
nito edno ot vutreshnite PC-ta (192.168.0.0/24) ne moje da otvori WEBSERVER-a kato go zaqvi chrez domain-a (resp. vunshnoto IP). Za cqlata vutreshna mreja WEBSERVER-a e dostupen samo po vutreshnoto IP (
http://192.168.0.101). Prichinata nai veroqtno e v tova che vutreshnite PC-ta se maskirat s realnoto IP na samiq WEBSERVER i firewall-a gi reje. Nqkoi moje li da okaje malko pomosht. Kak da mahna vuprosniq SPOOF PROTECTION na firewall-a. Eto malko poveche info:
Chain INPUT (policy DROP)
target prot opt source destination
------------------------------------------------------------------------------------------
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:137:138
LOG all -- 127.0.0.0/8 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
LOG all -- 0.0.0.0/0 127.0.0.0/8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- 127.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 127.0.0.0/8
LOG all -- 192.168.0.101 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- 192.168.0.101 0.0.0.0/0
LOG all -- 213.82.215.68 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- 213.82.215.68 0.0.0.0/0
input_ext all -- 0.0.0.0/0 213.82.215.68
input_int all -- 0.0.0.0/0 192.168.0.101
DROP all -- 0.0.0.0/0 192.168.0.255
DROP all -- 0.0.0.0/0 255.255.255.255
LOG all -- 0.0.0.0/0 213.82.215.68 LOG flags 6 level 4 prefix `SuSE-FW-ACCESS_DENIED_INT '
DROP all -- 0.0.0.0/0 213.82.215.68
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ILLEGAL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0
blagodarq predvaritelno.
|rabbeat|