|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Alexander V. Zinin 2:5020/400 17 May 2004 19:04:53
To : Ivan Voytas
Subject : Re: route и natd ошибка для моей подсети
--------------------------------------------------------------------------------
Hello, Ivan!
You wrote to Alexander V. Zinin on Mon, 17 May 2004 14:49:21 +0000 (UTC):
IV> Да в том-то и дело, что по логике никак.
IV> Какими экспериментами подтверждается? Хочу знать, т.к. самому прямо
IV> сейчас проверить негде.
1. Пропингуем адреса 217.10.32.4, 10.253.252.4. Работает.
2. Запрещаем первым правилом все пакеты от меня, кроме чем на адреса { not
217.10.32.4, 10.253.252.4 }.
3. Пропингуем адреса 217.10.32.4, 10.253.252.4. Работает.
4. Пропингуем 217.10.43.90. Hе работает.
5. Удаляем правило.
6. Пропингуем 217.10.43.90. Работает.
Если бы подрузумевалось (not a) or b, то на 10.253.252.4 пакеты бы не
прошли.
Вроде, нигде не ошибся...
zinin# ping comtv.ru
PING comtv.ru (217.10.32.4): 56 data bytes
64 bytes from 217.10.32.4: icmp_seq=0 ttl=251 time=12.797 ms
64 bytes from 217.10.32.4: icmp_seq=1 ttl=251 time=9.120 ms
^C
- --- comtv.ru ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 9.120/10.959/12.797/1.838 ms
zinin# ping irc.comcor-tv.ru
PING irc.comcor-tv.ru (10.253.252.4): 56 data bytes
64 bytes from 10.253.252.4: icmp_seq=0 ttl=251 time=66.062 ms
64 bytes from 10.253.252.4: icmp_seq=1 ttl=251 time=10.234 ms
^C
- --- irc.comcor-tv.ru ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 10.234/38.148/66.062/27.914 ms
zinin# ipfw add 10 deny all from me to { not 217.10.32.4, 10.253.252.4 } via
rl1
00010 deny ip from me to not 217.10.32.4,10.253.252.4 via rl1
zinin# ping 217.10.32.4
PING 217.10.32.4 (217.10.32.4): 56 data bytes
64 bytes from 217.10.32.4: icmp_seq=0 ttl=251 time=8.393 ms
64 bytes from 217.10.32.4: icmp_seq=1 ttl=251 time=13.366 ms
^C
- --- 217.10.32.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.393/10.880/13.366/2.486 ms
zinin# ping 10.253.252.4
PING 10.253.252.4 (10.253.252.4): 56 data bytes
64 bytes from 10.253.252.4: icmp_seq=0 ttl=251 time=13.166 ms
^C
- --- 10.253.252.4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 13.166/13.166/13.166/0.000 ms
zinin# ping 217.10.43.90
PING 217.10.43.90 (217.10.43.90): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied
^C
- --- 217.10.43.90 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
zinin# ipfw del 10
zinin# ping 217.10.43.90
PING 217.10.43.90 (217.10.43.90): 56 data bytes
64 bytes from 217.10.43.90: icmp_seq=0 ttl=127 time=760.383 ms
^C
- --- 217.10.43.90 ping statistics ---
2 packets transmitted, 1 packets received, 50% packet loss
round-trip min/avg/max/stddev = 760.383/760.383/760.383/0.000 ms
With best regards, Alexander V. Zinin. E-mail: zinin@comtv.ru
--- ifmail v.2.15dev5.3
* Origin: Comcor-TV (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
