forum.lissyara.su

Код: Выделить всё

server# ipfw list

00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
01100 deny ip from 192.168.1.14 to any in via em1
01200 deny ip from 94.230.163.130 to any in via em0
01300 deny ip from any to 10.0.0.0/8 via em1
01400 deny ip from any to 172.16.0.0/12 via em1
01500 deny ip from any to 192.168.0.0/16 via em1
01600 deny ip from any to 0.0.0.0/8 via em1
01700 deny ip from any to 169.254.0.0/16 via em1
01800 deny ip from any to 192.0.2.0/24 via em1
01900 deny ip from any to 224.0.0.0/4 via em1
02000 deny ip from any to 240.0.0.0/4 via em1
02100 fwd 127.0.0.1,3128 tcp from 192.168.1.0/24 to any dst-port 80 via em0
02200 divert 8668 log ip4 from any to any via em1
02300 deny ip from 10.0.0.0/8 to any via em1
02400 deny ip from 172.16.0.0/12 to any via em1
02500 deny ip from 192.168.0.0/16 to any via em1
02600 deny ip from 0.0.0.0/8 to any via em1
02700 deny ip from 169.254.0.0/16 to any via em1
02800 deny ip from 192.0.2.0/24 to any via em1
02900 deny ip from 224.0.0.0/4 to any via em1
03000 deny ip from 240.0.0.0/4 to any via em1
03100 allow tcp from any to any established
03200 allow ip from any to any frag
03300 allow tcp from any to me dst-port 25 setup
03400 allow tcp from any to me dst-port 110 setup
03500 allow tcp from any to me dst-port 53 setup
03600 allow udp from any to me dst-port 53
03700 allow udp from me 53 to any
03800 allow tcp from any to me dst-port 80 setup
03900 allow icmp from any to any icmptypes 8
04000 allow icmp from any to any icmptypes 0
04100 allow tcp from any to me dst-port 22 keep-state
04400 allow tcp from any to 94.230.163.131 dst-port 49489 keep-state
04500 allow udp from 192.168.1.0/24 to 192.168.1.0/24 dst-port 137,138,139,445
04600 allow tcp from 192.168.1.0/24 to 192.168.1.0/24 dst-port 137,138,139,445
04700 deny log ip4 from any to any in via em1 setup proto tcp
04800 allow tcp from any to any setup
04900 allow udp from me to any dst-port 53 keep-state
05000 allow udp from me to any dst-port 123 keep-state
65535 deny ip from any to any

Код: Выделить всё

defaultrouter="94.230.163.129"

ifconfig_em0="inet 192.168.1.14  netmask 255.255.255.0"
ifconfig_em1="inet xx.xx.xx.xx  netmask 255.255.255.248"

keymap="ru.koi8-r"
sshd_enable="YES"
mysql_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
natd_enable="YES"
natd_interface="em1"
postfix_enable="YES"
apache22_enable="YES"
squid_enable="YES"
firewall_enable="YES"
#firewall_type="open"
firewall_type="simple"
gateway_enable="YES"
samba_enable="YES"
hostname="server"
named_enable="YES"
#No Sendmail - POSTFIX - Rulezzz Wink
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_eneble="NO"
dumpdev="NO"

Код: Выделить всё

nat 100 ip from table(1) to any

Код: Выделить всё

# ipfw table 1 list
192.168.0.7/32 0
192.168.0.20/32 0
192.168.0.30/32 0
192.168.0.69/32 0
192.168.0.77/32 0
192.168.0.100/32 0
192.168.0.113/32 0
192.168.0.123/32 0
192.168.0.150/32 0

Код: Выделить всё

# ifconfig rl0
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:02:44:5b:f9:7b
        inet 192.168.0.150 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.168.1 netmask 0xffffff00 broadcast 192.168.168.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

Код: Выделить всё

[root@gate]# traceroute -s 192.168.0.150 ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 77.88.21.3
traceroute to ya.ru (77.88.21.3) from 192.168.0.150, 64 hops max, 40 byte packets
 1  193.46.xx.xx (193.46.xx.xx)  1.736 ms  0.870 ms  0.675 ms
 2  91.203.13.241 (91.203.13.241)  0.779 ms  0.765 ms  0.582 ms
 3  topnet-gw.top.net.ua (88.81.242.225)  2.877 ms  2.853 ms  2.870 ms
 4  yandex-10G-gw.ix.net.ua (195.35.65.88)  3.380 ms  3.410 ms  6.514 ms
 5  leonov-vlan120.yandex.net (87.250.233.118)  26.789 ms  26.200 ms  26.337 ms
 6  popovich-vlan120.yandex.net (87.250.233.126)  26.841 ms  27.353 ms  27.129 ms
 7  l3-s1300-s400.yandex.net (213.180.213.63)  26.251 ms  26.888 ms  30.638 ms
 8  l3-s650-s1300.yandex.net (213.180.213.65)  26.627 ms  26.649 ms  27.258 ms
 9  www.yandex.ru (77.88.21.3)  27.418 ms  27.593 ms  26.641 ms

Код: Выделить всё

C:\Users\Администратор>tracert ya.ru

Трассировка маршрута к ya.ru [213.180.204.3]
с максимальным числом прыжков 30:

  1    <1 мс    <1 мс    <1 мс  gate.lan [192.168.0.150]
  2     1 ms     1 ms     1 ms  193.46.xx.xx
  3     1 ms     1 ms     1 ms  91.203.13.241
  4     3 ms     3 ms     3 ms  topnet-gw.top.net.ua [88.81.242.225]
  5     4 ms     4 ms     3 ms  yandex-10G-gw.ix.net.ua [195.35.65.88]
  6    27 ms    27 ms    26 ms  leonov-vlan120.yandex.net [87.250.233.118]
  7    29 ms    27 ms    27 ms  popovich-vlan120.yandex.net [87.250.233.126]
  8    27 ms    27 ms    27 ms  l3-s550-s400.yandex.net [213.180.213.23]
  9    28 ms    43 ms    27 ms  l3-s3000-s550.yandex.net [213.180.213.17]
 10    28 ms    27 ms    31 ms  www.yandex.ru [213.180.204.3]

Трассировка завершена.