|
|
| Тема |
 правило с iptables |
|
| Автор | питaщ (Нерегистриран) | |
| Публикувано | 27.03.09 12:36 |
|
|
|
Здравейте,
на рутера имам следното нещо:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- 192.168.0.4 anywhere tcp spt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere multiport dports smtp,submission,6660:6670,afs3-fileserver tcp flags:FIN,SYN,RST,ACK/SYN state NEW recent: SET name: IDENT side: dest
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- 192.168.0.4 anywhere tcp spt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere multiport dports smtp,submission,6660:6670,afs3-fileserver tcp flags:FIN,SYN,RST,ACK/SYN state NEW recent: SET name: IDENT side: dest
root@darkstar:~#
на input pak e drop.
и като пингна сайт ми дава:
root@darkstar:~# ping abv.bg
PING abv.bg (194.153.145.104) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
това е заради DROP на OUTPUT
какво правило трябва да си добавя, за да не става така?
| |
| |
| 
|
|
