sudo iptables-save (server)
$ sudo iptables-save
# Generated by iptables-save v1.4.10 on Fri Jan 13 13:57:10 2012
*nat
:PREROUTING ACCEPT [239880:13911573]
:INPUT ACCEPT [33:1980]
:OUTPUT ACCEPT [38492:2415083]
:POSTROUTING ACCEPT [301:12089]
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Fri Jan 13 13:57:10 2012
# Generated by iptables-save v1.4.10 on Fri Jan 13 13:57:10 2012
*mangle
:PREROUTING ACCEPT [2835363:2495200075]
:INPUT ACCEPT [1702212:2102222413]
:FORWARD ACCEPT [1128781:392691609]
:OUTPUT ACCEPT [1039557:137921612]
:POSTROUTING ACCEPT [2168206:530639927]
COMMIT
# Completed on Fri Jan 13 13:57:10 2012
# Generated by iptables-save v1.4.10 on Fri Jan 13 13:57:10 2012
*filter
:INPUT DROP [316:44421]
:FORWARD DROP [1:56]
:OUTPUT DROP [0:0]
:INBOUND - [0:0]
:LOG_FILTER - [0:0]
:LSI - [0:0]
:LSO - [0:0]
:OUTBOUND - [0:0]
-A INPUT -s 109.86.2.2/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 109.86.2.2/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i eth2 -j DROP
-A INPUT -d 178.150.215.255/32 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i eth2 -j INBOUND
-A INPUT -d 192.168.56.10/32 -i eth1 -j INBOUND
-A INPUT -d 178.150.215.112/32 -i eth1 -j INBOUND
-A INPUT -d 192.168.56.0/32 -i eth1 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -j OUTBOUND
-A FORWARD -d 192.168.56.0/24 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.56.0/24 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A OUTPUT -s 178.150.215.112/32 -d 109.86.2.2/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 178.150.215.112/32 -d 109.86.2.2/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o eth2 -j OUTBOUND
-A OUTPUT -o eth1 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -j LSI
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -j ACCEPT
COMMIT
# Completed on Fri Jan 13 13:57:10 2012
$ service ssh status
ssh start/running, process 2543
nmap -sV localhost
$ nmap -sV localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-01-13 13:59 EET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00056s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.8p1 Debian 7ubuntu1 (protocol 2.0)
631/tcp open ipp CUPS 1.4
3306/tcp open mysql MySQL 5.1.58-1ubuntu1
5432/tcp open postgresql PostgreSQL DB
8000/tcp open http-alt?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8000-TCP:V=5.21%I=7%D=1/13%Time=4F101CBC%P=i686-pc-linux-gnu%r(GetR
SF:equest,C34,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Fri,\x2013\x20Jan\x20201
SF:2\x2011:59:56\x20GMT\r\nServer:\x20WSGIServer/0\.1\x20Python/2\.7\.2\+\
SF:r\nVary:\x20Cookie\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nS
SF:et-Cookie:\x20\x20csrftoken=d2de4ac171fef56accbb6bb60edda629;\x20expire
SF:s=Fri,\x2011-Jan-2013\x2011:59:56\x20GMT;\x20Max-Age=31449600;\x20Path=
SF:/\r\n\r\n<html>\n\t<head>\n\t\t<title>My\x20test-site</title>\n\t</head
SF:>\n\t<body>\n<!--\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\xd0\xa5\xd0\x98\xd0\x94\xd0\x95\xd0\xa0\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20-->\n\t\t<table\x20width=\"100%\"\x2
SF:0border='0'>\n\t\t\t<tr\x20height=\"50\">\n\t\t\t\t<td\x20colspan=3\x20
SF:\x20align='center'>\n\t\t\t\x20\t\t<h2>Welcome\x20to\x20my\x20portal\x2
SF:0:\)\x20</h2>\n\t\t\t\x20\t</td>\n\t\t\t</tr>\n\t\t\t<tr\x20width=\"100
SF:%\">\n\t\t\t\t<td\x20width=\"10%\"\x20>\n\t\t\t\t</td>\n\t\t\t\t<td\x20
SF:bgcolor=\"#11FF11\"\x20\x20border=\"0\"\x20bordercolor=\"000000\"\x20wi
SF:dth=\"80%\"\x20height=\"172\">\n\t\t\t\t\t<table\x20border='1'\x20width
SF:=\"100%\"\x20height=\"100%\">\t\t\t\t\n\t\t\t\t\t\t\t<tr\x20width=\"100
SF:%\"\x20align='right'>\t\t\t\t\t\n\t\t\t\t\t\t\t\t<td\x20width=\"20%\">\
SF:n\t\t\t\t\t\t\t\t\t<link\x20rel=\"stylesheet\"\x20href=\"/static/css/st
SF:yle\.css\"\x20/>\x20\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<img\x20src
SF:=\"/static/img/log")%r(FourOhFourRequest,B46,"HTTP/1\.0\x20404\x20NOT\x
SF:20FOUND\r\nDate:\x20Fri,\x2013\x20Jan\x202012\x2012:00:01\x20GMT\r\nSer
SF:ver:\x20WSGIServer/0\.1\x20Python/2\.7\.2\+\r\nContent-Type:\x20text/ht
SF:ml\r\n\r\n\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.
SF:01\x20Transitional//EN\"\x20\"http://www\.w3\.org/TR/html4/loose\.dtd\"
SF:>\n<html\x20lang=\"en\">\n<head>\n\x20\x20<meta\x20http-equiv=\"content
SF:-type\"\x20content=\"text/html;\x20charset=utf-8\">\n\x20\x20<title>Pag
SF:e\x20not\x20found\x20at\x20/nice\x20ports,/Trinity\.txt\.bak</title>\n\
SF:x20\x20<meta\x20name=\"robots\"\x20content=\"NONE,NOARCHIVE\">\n\x20\x2
SF:0<style\x20type=\"text/css\">\n\x20\x20\x20\x20html\x20\*\x20{\x20paddi
SF:ng:0;\x20margin:0;\x20}\n\x20\x20\x20\x20body\x20\*\x20{\x20padding:10p
SF:x\x2020px;\x20}\n\x20\x20\x20\x20body\x20\*\x20\*\x20{\x20padding:0;\x2
SF:0}\n\x20\x20\x20\x20body\x20{\x20font:small\x20sans-serif;\x20backgroun
SF:d:#eee;\x20}\n\x20\x20\x20\x20body>div\x20{\x20border-bottom:1px\x20sol
SF:id\x20#ddd;\x20}\n\x20\x20\x20\x20h1\x20{\x20font-weight:normal;\x20mar
SF:gin-bottom:\.4em;\x20}\n\x20\x20\x20\x20h1\x20span\x20{\x20font-size:60
SF:%;\x20color:#666;\x20font-weight:normal;\x20}\n\x20\x20\x20\x20table\x2
SF:0{\x20border:none;\x20border-collapse:\x20collapse;\x20width:100%;\x20}
SF:\n\x20\x20\x20\x20td,\x20th\x20{\x20vertical-align:top;\x20padding:2px\
SF:x203px;\x20}\n\x20\x20\x20\x20th\x20{");
Service Info: OS: Linux
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 71.32 seconds
_____________________________КЛИЕНТ______________________________________________
max@ubuntumax:~$ tracepath 178.150.215.112
1: ubuntumax.local 0.178ms pmtu 1500
1: PRINTER.router 0.855ms
1: PRINTER.router 0.826ms
2: no reply
3: 193.200.32.113 38.408ms
4: telemost-ua.ua-kiev.datagroup.ua 45.268ms asymm 5
5: bagg1-v771-h3c2.kiev.datagroup.ua 45.697ms
6: dtel-ix.ett.com.ua 44.196ms asymm 7
7: 80.93.125.145.ett.ua 100.530ms asymm 8
8: no reply
9: no reply
....
20: no reply
^C
max@ubuntumax:~$ nmap -sV 178.150.215.112
Starting Nmap 5.21 ( http://nmap.org ) at 2012-01-13 14:00 EET
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.18 seconds
max@ubuntumax:~$ nmap -PN 178.150.215.112
Starting Nmap 5.21 ( http://nmap.org ) at 2012-01-13 14:00 EET
max@ubuntumax:~$ ping 178.150.215.112
PING 178.150.215.112 (178.150.215.112) 56(84) bytes of data.
64 bytes from 178.150.215.112: icmp_req=1 ttl=56 time=44.7 ms
64 bytes from 178.150.215.112: icmp_req=2 ttl=56 time=50.6 ms
64 bytes from 178.150.215.112: icmp_req=3 ttl=56 time=46.0 ms
Пользователь решил продолжить мысль 13 Января 2012, 16:09:25:
а в локалке, на ПК стоит Wind7 через putty выдаёт - Network error: connection timed out.