Ждём диагностику...
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-17-generic x86_64)
* Documentation:
https://help.ubuntu.com/ System information as of Tue Jan 30 20:41:07 MSK 2018
System load: 0.17
Usage of /: 61.5% of 534.39GB
Memory usage: 37%
Swap usage: 0%
Processes: 285
Users logged in: 0
IP address for em1: *.*.*.*
IP address for em2: *.*.10.1
IP address for vlan3: 192.168.3.1
IP address for vlan4: 192.168.4.1
IP address for vlan5: 192.168.5.1
IP address for vlan6: 192.168.6.1
IP address for vlan7: 192.168.7.1
IP address for vlan8: 192.168.8.1
IP address for vlan9: 192.168.9.1
IP address for vlan10: 192.168.10.1
IP address for vlan11: 192.168.11.1
IP address for vlan12: 192.168.12.1
IP address for vlan13: 192.168.13.1
IP address for vlan14: 192.168.14.1
IP address for vlan15: 192.168.15.1
IP address for vlan101: 192.168.100.1
IP address for vlan200: 192.168.200.1
IP address for vlan222: 192.168.222.1
IP address for vlan102: 192.168.101.1
IP address for virbr0: 192.168.122.1
root@ubuntu:/home/rim# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether ac:16:2d:75:4f:a4 brd ff:ff:ff:ff:ff:ff
inet 178.207.152.189/16 brd 178.207.255.255 scope global em1
inet6 fe80::ae16:2dff:fe75:4fa4/64 scope link
valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether ac:16:2d:75:4f:a5 brd ff:ff:ff:ff:ff:ff
inet 172.16.10.1/23 brd 178.16.11.255 scope global em2
inet6 fe80::ae16:2dff:fe75:4fa5/64 scope link
valid_lft forever preferred_lft forever
4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ac:16:2d:75:4f:a6 brd ff:ff:ff:ff:ff:ff
5: em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
6: vlan3@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global vlan3
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
7: vlan4@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.1/24 brd 192.168.4.255 scope global vlan4
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
8: vlan5@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.1/24 brd 192.168.5.255 scope global vlan5
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
9: vlan6@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.6.1/24 brd 192.168.6.255 scope global vlan6
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
10: vlan7@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.7.1/24 brd 192.168.7.255 scope global vlan7
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
11: vlan8@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.1/24 brd 192.168.8.255 scope global vlan8
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
12: vlan9@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.9.1/24 brd 192.168.9.255 scope global vlan9
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
13: vlan10@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 198.168.10.255 scope global vlan10
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
14: vlan11@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.1/24 brd 192.168.11.255 scope global vlan11
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
15: vlan12@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.12.1/24 brd 192.168.12.255 scope global vlan12
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
16: vlan13@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.13.1/24 brd 192.168.13.255 scope global vlan13
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
17: vlan14@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.14.1/24 brd 192.168.14.255 scope global vlan14
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
18: vlan15@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.15.1/24 brd 192.168.15.255 scope global vlan15
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
19: vlan101@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global vlan101
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
20: vlan200@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.1/24 brd 192.168.200.255 scope global vlan200
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
21: vlan222@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.222.1/24 brd 192.168.222.255 scope global vlan222
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
22: vlan102@em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ac:16:2d:75:4f:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.1/24 brd 192.168.101.255 scope global vlan102
inet6 fe80::ae16:2dff:fe75:4fa7/64 scope link
valid_lft forever preferred_lft forever
23: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 42:6b:fc:09:10:5e brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
root@ubuntu:/home/rim# ip a>var\log\111
root@ubuntu:/home/rim# ip r
default via 178.207.152.185 dev em1
172.16.10.0/23 dev em2 proto kernel scope link src 172.16.10.1
178.207.0.0/16 dev em1 proto kernel scope link src 178.207.152.189
192.168.3.0/24 dev vlan3 proto kernel scope link src 192.168.3.1
192.168.4.0/24 dev vlan4 proto kernel scope link src 192.168.4.1
192.168.5.0/24 dev vlan5 proto kernel scope link src 192.168.5.1
192.168.6.0/24 dev vlan6 proto kernel scope link src 192.168.6.1
192.168.7.0/24 dev vlan7 proto kernel scope link src 192.168.7.1
192.168.8.0/24 dev vlan8 proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev vlan9 proto kernel scope link src 192.168.9.1
192.168.10.0/24 dev vlan10 proto kernel scope link src 192.168.10.1
192.168.11.0/24 dev vlan11 proto kernel scope link src 192.168.11.1
192.168.12.0/24 dev vlan12 proto kernel scope link src 192.168.12.1
192.168.13.0/24 dev vlan13 proto kernel scope link src 192.168.13.1
192.168.14.0/24 dev vlan14 proto kernel scope link src 192.168.14.1
192.168.15.0/24 dev vlan15 proto kernel scope link src 192.168.15.1
192.168.100.0/24 dev vlan101 proto kernel scope link src 192.168.100.1
192.168.101.0/24 dev vlan102 proto kernel scope link src 192.168.101.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.200.0/24 dev vlan200 proto kernel scope link src 192.168.200.1
192.168.222.0/24 dev vlan222 proto kernel scope link src 192.168.222.1
root@ubuntu:/home/rim#
root@ubuntu:/home/rim# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root@ubuntu:/home/rim# sudo iptables-save
# Generated by iptables-save v1.4.12 on Tue Jan 30 20:49:05 2018
*filter
:INPUT ACCEPT [5177072:3563729685]
:FORWARD ACCEPT [11908222:7231545960]
:OUTPUT ACCEPT [5728059:4006939610]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i em1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 1977 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o em1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A FORWARD -i em1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s *.*.*.*/32 -d *.*.10.254/32 -i em1 -p tcp -m tcp --sport 1977 --dport 3389 -j ACCEPT
-A FORWARD -i em2 -o em1 -j ACCEPT
-A FORWARD -i em3 -o em1 -j ACCEPT
-A FORWARD -i em4 -o em1 -j ACCEPT
-A FORWARD -i em1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i em1 -o em2 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i em1 -o em3 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i em1 -o em4 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o em1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
COMMIT
# Completed on Tue Jan 30 20:49:05 2018
# Generated by iptables-save v1.4.12 on Tue Jan 30 20:49:05 2018
*mangle
:PREROUTING ACCEPT [36479449:26982950142]
:INPUT ACCEPT [5348115:3733285369]
:FORWARD ACCEPT [30890661:23228764704]
:OUTPUT ACCEPT [5728073:4006942362]
:POSTROUTING ACCEPT [36631907:27236895792]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Tue Jan 30 20:49:05 2018
# Generated by iptables-save v1.4.12 on Tue Jan 30 20:49:05 2018
*nat
:PREROUTING ACCEPT [2443690:169719225]
:INPUT ACCEPT [1192019:70955848]
:OUTPUT ACCEPT [70242:4801810]
:POSTROUTING ACCEPT [4892:449835]
-A PREROUTING ! -d 172.16.10.0/24 -i em2 -p tcp -m multiport --dports 80,8080 -j DNAT --to-destination 172.16.10.1:3128
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.16.100.0/24 -o em1 -j MASQUERADE
-A POSTROUTING -o em1 -j MASQUERADE
COMMIT
# Completed on Tue Jan 30 20:49:05 2018
root@ubuntu:/home/rim#
Ждём диагностику...