Kernet
06.07.2012, 03:08
Доброго времени суток, есть сервер, с него закрыты все соединение во внешку, т.ч IP доменов он резолвит, но пинга до них нету.
iptables выглядит так:
# Generated by iptables-save v1.3.5 on Thu Jul 5 16:07:03 2012
*filter
:INPUT DROP [261607:16694420]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4707344:994553133]
:WSU-ALL - [0:0]
:WSU-DNS - [0:0]
:WSU-F5 - [0:0]
:WSU-Log-packet - [0:0]
:WSU-NFS - [0:0]
:WSU-NTP - [0:0]
:WSU-Netops - [0:0]
:WSU-Print - [0:0]
:WSU-Syslogger - [0:0]
:WSU-TSM - [0:0]
:WSU-Wireless - [0:0]
:WSU-Zabbix - [0:0]
:WSU-admin-gateway - [0:0]
:WSU-utility8-f5u - [0:0]
-A INPUT -s 212.117.160.123 -j DROP
-A INPUT -s 212.117.162.218 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j WSU-F5
-A INPUT -p icmp -m icmp --icmp-type 8 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j WSU-admin-gateway
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8001 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8181 -j WSU-Wireless
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1501 -j WSU-TSM
-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2301 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2381 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5989 -j WSU-utility8-f5u
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 10050 -j WSU-Zabbix
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 10051 -j WSU-Zabbix
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j WSU-DNS
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 111 -j WSU-NFS
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 1048 -j WSU-NFS
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 111 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 1048 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 2049 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 123 -j WSU-NTP
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 515 -j WSU-Print
-A OUTPUT -p udp -m state --state NEW -m udp --dport 514 -j WSU-Syslogger
-A WSU-ALL -j ACCEPT
-A WSU-DNS -d 134.121.80.36 -j ACCEPT
-A WSU-DNS -d 134.121.139.10 -j ACCEPT
-A WSU-F5 -s 10.8.137.28 -j ACCEPT
-A WSU-F5 -s 10.8.137.29 -j ACCEPT
-A WSU-F5 -s 10.8.137.30 -j ACCEPT
-A WSU-Log-packet -j LOG --log-prefix "Debug - ACCEPT : " --log-ip-options
-A WSU-NFS -d 134.121.0.103 -j ACCEPT
-A WSU-NTP -d 134.121.80.36 -j ACCEPT
-A WSU-NTP -d 134.121.143.108 -j ACCEPT
-A WSU-NTP -d 134.121.241.12 -j ACCEPT
-A WSU-Netops -s 10.8.137.16 -j ACCEPT
-A WSU-Netops -s 10.8.137.17 -j ACCEPT
-A WSU-Netops -s 134.121.137.16 -j ACCEPT
-A WSU-Netops -s 134.121.137.17 -j ACCEPT
-A WSU-Print -d 134.121.0.20 -j ACCEPT
-A WSU-Syslogger -d 134.121.143.66 -j ACCEPT
-A WSU-TSM -s 134.121.143.60 -j ACCEPT
-A WSU-Wireless -j WSU-F5
-A WSU-Wireless -s 172.16.0.0/255.255.0.0 -j ACCEPT
-A WSU-Zabbix -s 134.121.141.34 -j ACCEPT
-A WSU-admin-gateway -s 134.121.138.6 -j ACCEPT
-A WSU-utility8-f5u -s 10.8.137.16 -j ACCEPT
COMMIT
# Completed on Thu Jul 5 16:07:03 2012
И судя по нему, коннекты закрыты на роутере, как быть, как обойти, и сделать коннект к нему? На сервере рут.
iptables выглядит так:
# Generated by iptables-save v1.3.5 on Thu Jul 5 16:07:03 2012
*filter
:INPUT DROP [261607:16694420]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4707344:994553133]
:WSU-ALL - [0:0]
:WSU-DNS - [0:0]
:WSU-F5 - [0:0]
:WSU-Log-packet - [0:0]
:WSU-NFS - [0:0]
:WSU-NTP - [0:0]
:WSU-Netops - [0:0]
:WSU-Print - [0:0]
:WSU-Syslogger - [0:0]
:WSU-TSM - [0:0]
:WSU-Wireless - [0:0]
:WSU-Zabbix - [0:0]
:WSU-admin-gateway - [0:0]
:WSU-utility8-f5u - [0:0]
-A INPUT -s 212.117.160.123 -j DROP
-A INPUT -s 212.117.162.218 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j WSU-F5
-A INPUT -p icmp -m icmp --icmp-type 8 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j WSU-admin-gateway
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8001 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j WSU-ALL
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8181 -j WSU-Wireless
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1501 -j WSU-TSM
-A INPUT -p udp -m state --state NEW -m udp --dport 161 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2301 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2381 -j WSU-Netops
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5989 -j WSU-utility8-f5u
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 10050 -j WSU-Zabbix
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 10051 -j WSU-Zabbix
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j WSU-DNS
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 111 -j WSU-NFS
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 1048 -j WSU-NFS
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 111 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 1048 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 2049 -j WSU-NFS
-A OUTPUT -p udp -m state --state NEW -m udp --dport 123 -j WSU-NTP
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 515 -j WSU-Print
-A OUTPUT -p udp -m state --state NEW -m udp --dport 514 -j WSU-Syslogger
-A WSU-ALL -j ACCEPT
-A WSU-DNS -d 134.121.80.36 -j ACCEPT
-A WSU-DNS -d 134.121.139.10 -j ACCEPT
-A WSU-F5 -s 10.8.137.28 -j ACCEPT
-A WSU-F5 -s 10.8.137.29 -j ACCEPT
-A WSU-F5 -s 10.8.137.30 -j ACCEPT
-A WSU-Log-packet -j LOG --log-prefix "Debug - ACCEPT : " --log-ip-options
-A WSU-NFS -d 134.121.0.103 -j ACCEPT
-A WSU-NTP -d 134.121.80.36 -j ACCEPT
-A WSU-NTP -d 134.121.143.108 -j ACCEPT
-A WSU-NTP -d 134.121.241.12 -j ACCEPT
-A WSU-Netops -s 10.8.137.16 -j ACCEPT
-A WSU-Netops -s 10.8.137.17 -j ACCEPT
-A WSU-Netops -s 134.121.137.16 -j ACCEPT
-A WSU-Netops -s 134.121.137.17 -j ACCEPT
-A WSU-Print -d 134.121.0.20 -j ACCEPT
-A WSU-Syslogger -d 134.121.143.66 -j ACCEPT
-A WSU-TSM -s 134.121.143.60 -j ACCEPT
-A WSU-Wireless -j WSU-F5
-A WSU-Wireless -s 172.16.0.0/255.255.0.0 -j ACCEPT
-A WSU-Zabbix -s 134.121.141.34 -j ACCEPT
-A WSU-admin-gateway -s 134.121.138.6 -j ACCEPT
-A WSU-utility8-f5u -s 10.8.137.16 -j ACCEPT
COMMIT
# Completed on Thu Jul 5 16:07:03 2012
И судя по нему, коннекты закрыты на роутере, как быть, как обойти, и сделать коннект к нему? На сервере рут.