Увидели сообщение с непонятной ссылкой, спам, непристойность или оскорбление?Воспользуйтесь ссылкой «Сообщить модератору» рядом с сообщением!
0 Пользователей и 1 Гость просматривают эту тему.
GNU nano 2.5.3 File: iptables.up.rules # Generated by iptables-save v1.6.0 on Mon Jun 7 18:08:11 2021*nat:PREROUTING ACCEPT [3690:546481]:INPUT ACCEPT [198:18389]:OUTPUT ACCEPT [76:10840]:POSTROUTING ACCEPT [51:3630]-A POSTROUTING -s 172.30.200.0/24 -j ACCEPT-A POSTROUTING -s 172.30.200.0/24 -d 192.168.3.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 172.30.200.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 192.168.41.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 192.168.1.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 192.168.3.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 10.1.1.0/24 -j ACCEPT-A POSTROUTING -o ens4 -j SNAT --to-source 109.xxx.xxx.xx# -A POSTROUTING -o ens4 -j MASQUERADECOMMIT# Completed on Mon Jun 7 18:08:11 2021# Generated by iptables-save v1.6.0 on Mon Jun 7 18:08:11 2021*filter:INPUT DROP [4:265]:FORWARD DROP [135:50786]:OUTPUT ACCEPT [0:0]:ufw-after-forward - [0:0]:ufw-after-input - [0:0]:ufw-after-logging-forward - [0:0]:ufw-after-logging-input - [0:0]:ufw-after-logging-output - [0:0]:ufw-after-output - [0:0]:ufw-before-forward - [0:0]:ufw-before-input - [0:0]:ufw-before-logging-forward - [0:0]:ufw-before-logging-input - [0:0]:ufw-before-logging-output - [0:0]:ufw-before-output - [0:0]:ufw-logging-allow - [0:0]:ufw-logging-deny - [0:0]:ufw-not-local - [0:0]:ufw-reject-forward - [0:0]:ufw-reject-input - [0:0]:ufw-reject-output - [0:0]:ufw-skip-to-policy-forward - [0:0]:ufw-skip-to-policy-input - [0:0]:ufw-skip-to-policy-output - [0:0]:ufw-track-forward - [0:0]:ufw-track-input - [0:0]:ufw-track-output - [0:0]:ufw-user-forward - [0:0]:ufw-user-input - [0:0]:ufw-user-limit - [0:0]:ufw-user-limit-accept - [0:0]:ufw-user-logging-forward - [0:0]:ufw-user-logging-input - [0:0]:ufw-user-logging-output - [0:0]:ufw-user-output - [0:0]-A INPUT -p udp -m udp --dport 50440 -j ACCEPT-A INPUT -p udp -m udp --dport 1701 -j ACCEPT-A INPUT -p tcp -m tcp --dport 1701 -j ACCEPT-A INPUT -s 192.168.3.0/24 -j ACCEPT-A INPUT -s 109.235.210.162/32 -j ACCEPT-A INPUT -s 212.109.5.55/32 -j ACCEPT-A INPUT -s 178.168.11.189/32 -j ACCEPT-A INPUT -s 85.114.18.218/32 -j ACCEPT-A INPUT -s 195.93.206.157/32 -j ACCEPT-A INPUT -i ens3 -p tcp -m tcp --dport 22 -j DROP-A INPUT -j ufw-before-logging-input-A INPUT -j ufw-before-input-A FORWARD -j ufw-after-forward-A FORWARD -j ufw-after-logging-forward-A FORWARD -j ufw-reject-forward-A FORWARD -j ufw-track-forward-A FORWARD -i ens4 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -i ens3 -o ens4 -j ACCEPT-A OUTPUT -j ufw-before-logging-output-A OUTPUT -j ufw-before-output-A OUTPUT -j ufw-after-output-A OUTPUT -j ufw-after-logging-output-A OUTPUT -j ufw-reject-output-A OUTPUT -j ufw-track-output-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --l$-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log$-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT-A ufw-before-forward -j ufw-user-forward-A ufw-before-input -i lo -j ACCEPT-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny-A ufw-before-input -m conntrack --ctstate INVALID -j DROP-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT-A ufw-before-input -j ufw-not-local-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT-A ufw-before-input -j ufw-user-input-A ufw-before-output -o lo -j ACCEPT-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A ufw-before-output -j ufw-user-output-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefi$-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --lim$-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix$-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny-A ufw-not-local -j DROP-A ufw-skip-to-policy-forward -j DROP-A ufw-skip-to-policy-input -j DROP-A ufw-skip-to-policy-output -j ACCEPT-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK]$-A ufw-user-limit-accept -j ACCEPTCOMMIT# Completed on Mon Jun 7 18:08:11 2021
Добрый день.Стоит виртуальный шлюз на Ubuntu 16.04 после смены провайдера и включение iptables у меня пропадает интернет, но пинги идут, если отключить iptables, то инет появляется.Подскажите пожалуйста какое правило прописать или удалить, чтоб при включение iptables появлялся интернет? (Нажмите, чтобы показать/скрыть)Код: [Выделить] GNU nano 2.5.3 File: iptables.up.rules # Generated by iptables-save v1.6.0 on Mon Jun 7 18:08:11 2021*nat:PREROUTING ACCEPT [3690:546481]:INPUT ACCEPT [198:18389]:OUTPUT ACCEPT [76:10840]:POSTROUTING ACCEPT [51:3630]-A POSTROUTING -s 172.30.200.0/24 -j ACCEPT-A POSTROUTING -s 172.30.200.0/24 -d 192.168.3.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 172.30.200.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 192.168.41.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 192.168.1.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 192.168.3.0/24 -j ACCEPT-A POSTROUTING -s 192.168.100.0/24 -d 10.1.1.0/24 -j ACCEPT-A POSTROUTING -o ens4 -j SNAT --to-source 109.xxx.xxx.xx# -A POSTROUTING -o ens4 -j MASQUERADECOMMIT# Completed on Mon Jun 7 18:08:11 2021# Generated by iptables-save v1.6.0 on Mon Jun 7 18:08:11 2021*filter:INPUT DROP [4:265]:FORWARD DROP [135:50786]:OUTPUT ACCEPT [0:0]:ufw-after-forward - [0:0]:ufw-after-input - [0:0]:ufw-after-logging-forward - [0:0]:ufw-after-logging-input - [0:0]:ufw-after-logging-output - [0:0]:ufw-after-output - [0:0]:ufw-before-forward - [0:0]:ufw-before-input - [0:0]:ufw-before-logging-forward - [0:0]:ufw-before-logging-input - [0:0]:ufw-before-logging-output - [0:0]:ufw-before-output - [0:0]:ufw-logging-allow - [0:0]:ufw-logging-deny - [0:0]:ufw-not-local - [0:0]:ufw-reject-forward - [0:0]:ufw-reject-input - [0:0]:ufw-reject-output - [0:0]:ufw-skip-to-policy-forward - [0:0]:ufw-skip-to-policy-input - [0:0]:ufw-skip-to-policy-output - [0:0]:ufw-track-forward - [0:0]:ufw-track-input - [0:0]:ufw-track-output - [0:0]:ufw-user-forward - [0:0]:ufw-user-input - [0:0]:ufw-user-limit - [0:0]:ufw-user-limit-accept - [0:0]:ufw-user-logging-forward - [0:0]:ufw-user-logging-input - [0:0]:ufw-user-logging-output - [0:0]:ufw-user-output - [0:0]-A INPUT -p udp -m udp --dport 50440 -j ACCEPT-A INPUT -p udp -m udp --dport 1701 -j ACCEPT-A INPUT -p tcp -m tcp --dport 1701 -j ACCEPT-A INPUT -s 192.168.3.0/24 -j ACCEPT-A INPUT -s 109.235.210.162/32 -j ACCEPT-A INPUT -s 212.109.5.55/32 -j ACCEPT-A INPUT -s 178.168.11.189/32 -j ACCEPT-A INPUT -s 85.114.18.218/32 -j ACCEPT-A INPUT -s 195.93.206.157/32 -j ACCEPT-A INPUT -i ens3 -p tcp -m tcp --dport 22 -j DROP-A INPUT -j ufw-before-logging-input-A INPUT -j ufw-before-input-A FORWARD -j ufw-after-forward-A FORWARD -j ufw-after-logging-forward-A FORWARD -j ufw-reject-forward-A FORWARD -j ufw-track-forward-A FORWARD -i ens4 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT-A FORWARD -i ens3 -o ens4 -j ACCEPT-A OUTPUT -j ufw-before-logging-output-A OUTPUT -j ufw-before-output-A OUTPUT -j ufw-after-output-A OUTPUT -j ufw-after-logging-output-A OUTPUT -j ufw-reject-output-A OUTPUT -j ufw-track-output-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --l$-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log$-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT-A ufw-before-forward -j ufw-user-forward-A ufw-before-input -i lo -j ACCEPT-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny-A ufw-before-input -m conntrack --ctstate INVALID -j DROP-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT-A ufw-before-input -j ufw-not-local-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT-A ufw-before-input -j ufw-user-input-A ufw-before-output -o lo -j ACCEPT-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A ufw-before-output -j ufw-user-output-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefi$-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --lim$-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix$-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny-A ufw-not-local -j DROP-A ufw-skip-to-policy-forward -j DROP-A ufw-skip-to-policy-input -j DROP-A ufw-skip-to-policy-output -j ACCEPT-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK]$-A ufw-user-limit-accept -j ACCEPTCOMMIT# Completed on Mon Jun 7 18:08:11 2021
Страница сгенерирована за 0.046 секунд. Запросов: 22.