|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Gurinovich 2:5020/1653 14 Apr 2003 16:22:02
To : All
Subject : Iptables log
--------------------------------------------------------------------------------
-=> Привет /All/ <=-
сегодня прислали счет на использование интернета и общий трафик в нем на 2Gb
меньше подсчитанного в этот же промежуток времени с помощью iptables. немогли бы
Вы мне подсказать кто ошибся?
зы счет пришел на ~1600Mb, провайдер - "точка ру", линукс mandrake 8.2 со
стандартным ядром и iptables
ззы в прошлий раз статистику естетственно сбрасывал и ее явно меньше 2Gb
зззы ответ желательно продублировать нетмайлом
правила фаирвола:
=== Hачало firewall ===
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p TCP --dport 22 -j ULOG --ulog-prefix "SSH connection
attempt: "
iptables -A FORWARD -p TCP --dport 22 -j ULOG --ulog-prefix "SSH connection
attempt: "
iptables -A INPUT -i eth0 -p tcp -m multiport --port 22,25,53,80,110,10000 -j
ACCEPT
#iptables -A FORWARD -o eth0 -p tcp -m multiport --dport 22,25,53,80,110,10000
-j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.23.3 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.23.3 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.23.3 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.23.3 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.21.5 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.21.5 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.21.9 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.21.9 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.21.23 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.21.23 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.21.5 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.21.5 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.21.9 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.21.9 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.21.23 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.21.23 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.2 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.2 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.4 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.4 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.5 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.5 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.45 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.45 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.57 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.57 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.200 -s 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.200 -d 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.2 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.2 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.4 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.4 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.5 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.5 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.45 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.45 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.57 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.57 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.22.200 -s ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.22.200 -d ! 62.118.167.0/24 -j ACCEPT
iptables -A FORWARD -i! eth0 -o! eth0 -j ACCEPT
#iptables -A FORWARD -i eth3 -o eth0 -j ACCEPT
#iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT
iptables -A INPUT -i! eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.22.2 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.22.4 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.22.5 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.22.45 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.22.57 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.22.200 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.21.5 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.21.9 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.21.23 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.23.3 -o eth0 -j MASQUERADE
=== Конец firewall ===
статистика собранная мной:
=== Hачало 01.04.03 ===
Chain PREROUTING (policy ACCEPT 1042K packets, 58M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 124K packets, 14M bytes)
pkts bytes target prot opt in out source destination
75670 3519K MASQUERADE all -- * eth0 192.168.22.2 0.0.0.0/0
122K 5800K MASQUERADE all -- * eth0 192.168.22.4 0.0.0.0/0
87305 3950K MASQUERADE all -- * eth0 192.168.22.5 0.0.0.0/0
141K 6517K MASQUERADE all -- * eth0 192.168.22.45 0.0.0.0/0
220K 11M MASQUERADE all -- * eth0 192.168.22.57 0.0.0.0/0
46168 2156K MASQUERADE all -- * eth0 192.168.22.200 0.0.0.0/0
29659 1373K MASQUERADE all -- * eth0 192.168.21.5 0.0.0.0/0
91387 4563K MASQUERADE all -- * eth0 192.168.21.9 0.0.0.0/0
11050 522K MASQUERADE all -- * eth0 192.168.21.23 0.0.0.0/0
86176 4195K MASQUERADE all -- * eth0 192.168.23.3 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 123K packets, 14M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy DROP 101K packets, 9340K bytes)
pkts bytes target prot opt in out source destination
4797 462K ULOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 ULOG copy_range 0 nlgroup 1 prefix `SSH connection attempt: '
queue_threshold 1
21534 3487K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
multiport ports 22,25,53,80,110,10000
2362K 803M ACCEPT all -- !eth0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
100 11140 ULOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 ULOG copy_range 0 nlgroup 1 prefix `SSH connection attempt:
' queue_threshold 1
8880 8787K ACCEPT all -- eth0 * 62.118.167.0/24 192.168.23.3
5974 273K ACCEPT all -- * eth0 192.168.23.3
62.118.167.0/24
203K 105M ACCEPT all -- eth0 * !62.118.167.0/24 192.168.23.3
217K 23M ACCEPT all -- * eth0 192.168.23.3
!62.118.167.0/24
2064 1761K ACCEPT all -- eth0 * 62.118.167.0/24 192.168.21.5
1567 67076 ACCEPT all -- * eth0 192.168.21.5
62.118.167.0/24
26836 17M ACCEPT all -- eth0 * 62.118.167.0/24 192.168.21.9
20135 891K ACCEPT all -- * eth0 192.168.21.9
62.118.167.0/24
358K 496M ACCEPT all -- eth0 * 62.118.167.0/24
192.168.21.23
210K 12M ACCEPT all -- * eth0 192.168.21.23
62.118.167.0/24
203K 141M ACCEPT all -- eth0 * !62.118.167.0/24 192.168.21.5
201K 20M ACCEPT all -- * eth0 192.168.21.5
!62.118.167.0/24
768K 615M ACCEPT all -- eth0 * !62.118.167.0/24 192.168.21.9
704K 73M ACCEPT all -- * eth0 192.168.21.9
!62.118.167.0/24
95621 68M ACCEPT all -- eth0 * !62.118.167.0/24
192.168.21.23
96181 8871K ACCEPT all -- * eth0 192.168.21.23
!62.118.167.0/24
44156 16M ACCEPT all -- eth0 * 62.118.167.0/24 192.168.22.2
39330 1823K ACCEPT all -- * eth0 192.168.22.2
62.118.167.0/24
46743 31M ACCEPT all -- eth0 * 62.118.167.0/24 192.168.22.4
38988 3245K ACCEPT all -- * eth0 192.168.22.4
62.118.167.0/24
23384 11M ACCEPT all -- eth0 * 62.118.167.0/24 192.168.22.5
20587 1009K ACCEPT all -- * eth0 192.168.22.5
62.118.167.0/24
86305 57M ACCEPT all -- eth0 * 62.118.167.0/24
192.168.22.45
68098 2988K ACCEPT all -- * eth0 192.168.22.45
62.118.167.0/24
32086 29M ACCEPT all -- eth0 * 62.118.167.0/24
192.168.22.57
23556 1164K ACCEPT all -- * eth0 192.168.22.57
62.118.167.0/24
19150 19M ACCEPT all -- eth0 * 62.118.167.0/24
192.168.22.200
13793 584K ACCEPT all -- * eth0 192.168.22.200
62.118.167.0/24
540K 353M ACCEPT all -- eth0 * !62.118.167.0/24 192.168.22.2
548K 64M ACCEPT all -- * eth0 192.168.22.2
!62.118.167.0/24
878K 604M ACCEPT all -- eth0 * !62.118.167.0/24 192.168.22.4
878K 115M ACCEPT all -- * eth0 192.168.22.4
!62.118.167.0/24
558K 246M ACCEPT all -- eth0 * !62.118.167.0/24 192.168.22.5
588K 92M ACCEPT all -- * eth0 192.168.22.5
!62.118.167.0/24
1205K 842M ACCEPT all -- eth0 * !62.118.167.0/24
192.168.22.45
1130K 121M ACCEPT all -- * eth0 192.168.22.45
!62.118.167.0/24
1299K 466M ACCEPT all -- eth0 * !62.118.167.0/24
192.168.22.57
1486K 546M ACCEPT all -- * eth0 192.168.22.57
!62.118.167.0/24
382K 267M ACCEPT all -- eth0 * !62.118.167.0/24
192.168.22.200
380K 44M ACCEPT all -- * eth0 192.168.22.200
!62.118.167.0/24
357K 198M ACCEPT all -- !eth0 !eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2443K packets, 1834M bytes)
pkts bytes target prot opt in out source destination
=== Конец 01.04.03 ===
С уважением */Сергей/*
--- Это письмо написано при помощи клавиатуры
* Origin: Beyond reality! (2:5020/1653)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Iptables log |
Sergey Gurinovich |
14 Apr 2003 16:22:02 |
|
|
