root@licey17:/root# ps -aux |grep natd
root 156 0,0 0,1 460 296 ?? Is 13:00 0:00,00 /sbin/natd -f /etc/natd.mule.conf -n xl0
root 2720 0,0 0,1 1092 712 p0 S+ 16:17 0:00,00 grep natd
root@licey17:/root# ipfw show
00100 1438 317644 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
00500 0 0 deny ip from any to 10.0.0.0/8 via xl0
00600 0 0 deny ip from any to 172.16.0.0/12 via xl0
00700 0 0 deny ip from any to 192.168.0.0/16 via xl0
00800 0 0 deny ip from any to 0.0.0.0/8 via xl0
00900 0 0 deny ip from any to 169.254.0.0/16 via xl0
01000 0 0 deny ip from any to 192.0.2.0/24 via xl0
01100 0 0 deny ip from any to 224.0.0.0/4 via xl0
01200 0 0 deny ip from any to 240.0.0.0/4 via xl0
01300 0 0 fwd {OUTER_IP_1_GATEWAY} ip from 195.206.58.237 to any out xmit xl0
01400 15 618 fwd {OUTER_IP_1_GATEWAY} ip from {OUTER_IP_1} to any out xmit xl0
01500 0 0 divert 8668 ip from 192.168.101.2 to any out xmit xl0
01600 0 0 divert 8668 tcp from any to {OUTER_IP_2} 4662,4711,4444 in recv xl0
01700 0 0 divert 8668 udp from any to {OUTER_IP_2} 4672,4444 in recv xl0
01800 0 0 deny ip from 10.0.0.0/8 to any via xl0
01900 0 0 deny ip from 172.16.0.0/12 to any via xl0
02000 0 0 deny ip from 192.168.0.0/16 to any via xl0
02100 0 0 deny ip from 0.0.0.0/8 to any via xl0
02200 0 0 deny ip from 169.254.0.0/16 to any via xl0
02300 0 0 deny ip from 192.0.2.0/24 to any via xl0
02400 0 0 deny ip from 224.0.0.0/4 to any via xl0
02500 0 0 deny ip from 240.0.0.0/4 to any via xl0
02600 0 0 check-state
02700 2863 668357 allow tcp from any to any established
02800 0 0 allow tcp from 192.168.101.2 to any setup
02900 0 0 allow udp from 192.168.101.2 to any keep-state
03000 0 0 allow tcp from any to {OUTER_IP_2} 4662,4444,4711 setup
03100 0 0 allow udp from any to {OUTER_IP_2} 4672,4444 keep-state
03200 0 0 allow tcp from any to 192.168.101.2 4662,4444,4711 setup
03300 0 0 allow udp from any to 192.168.101.2 4672,4444 keep-state
03400 0 0 deny icmp from any to me in recv xl0 frag
03500 0 0 deny tcp from 192.168.101.253 to me 53
03600 0 0 deny tcp from 192.168.101.12 to me 53
03700 0 0 allow tcp from any to me 25,53,80 setup
03800 81 3564 allow tcp from me to any setup
03900 0 0 allow udp from me to any keep-state
04000 0 0 deny udp from 192.168.100.253 to me 53
04100 0 0 deny udp from 192.168.101.12 to me 53
04200 0 0 allow udp from any to me 53,123 keep-state
04300 0 0 allow tcp from {OUTER_TRUSTED} to me 20,21,22,25,110,3128 setup
04400 0 0 allow icmp from any to any
04500 0 0 deny tcp from any to any 137,138 via xl0
04600 0 0 deny udp from any to any 137,138 via xl0
04700 0 0 deny log logamount 500 ip from any to any via xl0
04800 65 3120 allow tcp from any to me 1080,3128,8080,21,20,110,22 setup
04900 0 0 allow ip from 192.168.100.1 to 192.168.101.0/24
05000 0 0 allow ip from 192.168.101.0/24 to 192.168.100.1
05100 0 0 allow ip from 192.168.101.2 to 192.168.100.0/24
05200 0 0 allow ip from 192.168.100.0/24 to 192.168.101.2
05300 15 3939 deny ip from 192.168.100.0/24 to 192.168.101.0/24
05400 0 0 deny ip from 192.168.101.0/24 to 192.168.100.0/24
05500 0 0 deny tcp from any to any 137,138
05600 12 1539 deny udp from any to any 137,138
05700 6 1428 deny log logamount 500 ip from any to any
65535 197 18804 deny ip from any to any
|
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on
25-Ноя-04, 16:31 (MSK)
