نمایش نسخه قابل چاپ
سلام
مشکل جالبی برخوردم
روی یک سرور مجازی دبرکت ادمین نصب کردیم
پورتها و ... رو هم روی iptables باز کردیم
اما تا وفتی iptables رو استاپ نکنیم روی نت ما بالا نمیاد نه ssh و نه دایرکت ادمین
اما از طریق ریموت بالا میاد!!!!!!!!!!!!!
به نظر شما مشکل از کجاست؟
دستورهای زیر رو وارد کنید
کد:# iptables-save
# service iptables save
# service iptables restart
دوست عزیز رول ها رو ذخیره کردم قبلا و عرض کردم
روی ریموت سالم هست اما روی نت داخلی مشکل داره انگار
با سلام
به احتمال زیاد آی پی شما داخل iptables بلاک شده است. برای چک کردن می توانید از این دستور استفاده بفرمائید:
اگر بلاک شده بود با دستور زیر می توانید آزاد کنیدکد PHP:iptables -L INPUT -v -n | grep "IP Address"
موفق باشیدکد PHP:iptables -D INPUT -s IP Address -j DROP
خیر از بلاک شدن آی پی هم نبود
مهندسهاس عزیز کسی موردی مدنظرش نیست دیگه ؟
خوب مطمئن هستید که تنظیمات درست روی iptables انجام دادید؟
تنظیماتی رو که وارد کردید اینجا کپی کنید تا بررسی بشه
از لینک زیر چک کتید
http://www.mediafire.com/view/dzsc3p32wnwync2/log.txt
کد:
target prot opt source destination
ACCEPT tcp -- 164.138.16.150 anywhere tcp dpt:domain
ACCEPT udp -- 164.138.16.150 anywhere udp dpt:domain
ACCEPT tcp -- 164.138.16.150 anywhere tcp spt:domain
ACCEPT udp -- 164.138.16.150 anywhere udp spt:domain
LOCALINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n msserver
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:d omain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:p op3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:i map
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s ubmission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:i maps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:p op3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:r ockwell-csp2
ACCEPT udp -- anywhere anywhere state NEW udp dpt:f tp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:f tp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:d omain
ACCEPT icmp -- anywhere anywhere icmp echo-request l imit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply lim it: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-un reachable
LOGDROPIN all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere 164.138.16.150 tcp dpt:domain
ACCEPT udp -- anywhere 164.138.16.150 udp dpt:domain
ACCEPT tcp -- anywhere 164.138.16.150 tcp spt:domain
ACCEPT udp -- anywhere 164.138.16.150 udp spt:domain
LOCALOUTPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT all -- anywhere anywhere
INVALID tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n msserver
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:d omain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:p op3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:a uth
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:r ockwell-csp2
ACCEPT udp -- anywhere anywhere state NEW udp dpt:f tp-data
ACCEPT udp -- anywhere anywhere state NEW udp dpt:f tp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:d omain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:a uth
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n tp
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp destination-un reachable
LOGDROPOUT all -- anywhere anywhere
Chain ALLOWIN (1 references)
target prot opt source destination
ACCEPT all -- 37.191.80.40 anywhere
Chain ALLOWOUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere 37.191.80.40
Chain DENYIN (1 references)
target prot opt source destination
DROP all -- noname.telekenex.com anywhere
DROP all -- 218.108.169.181 anywhere
DROP all -- 5.133.187.44 anywhere
DROP all -- 118.244.214.207 anywhere
Chain DENYOUT (1 references)
target prot opt source destination
DROP all -- anywhere noname.telekenex.com
DROP all -- anywhere 218.108.169.181
DROP all -- anywhere 5.133.187.44
DROP all -- anywhere 118.244.214.207
Chain INVALID (2 references)
target prot opt source destination
INVDROP all -- anywhere anywhere state INVALID
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
INVDROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
INVDROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
INVDROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
INVDROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
INVDROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
INVDROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
Chain INVDROP (10 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain LOCALINPUT (1 references)
target prot opt source destination
ALLOWIN all -- anywhere anywhere
DENYIN all -- anywhere anywhere
Chain LOCALOUTPUT (1 references)
target prot opt source destination
ALLOWOUT all -- anywhere anywhere
DENYOUT all -- anywhere anywhere
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP udp -- anywhere anywhere udp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp dpt:auth
DROP tcp -- anywhere anywhere tcp dpts:epmap:netbios-ssn
DROP udp -- anywhere anywhere udp dpts:epmap:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:isakmp
DROP udp -- anywhere anywhere udp dpt:isakmp
DROP tcp -- anywhere anywhere tcp dpt:login
DROP udp -- anywhere anywhere udp dpt:who
DROP tcp -- anywhere anywhere tcp dpt:efs
DROP udp -- anywhere anywhere udp dpt:router
LOG tcp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *TCP_IN Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *UDP_IN Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning prefix `Firewall: *ICMP_IN Blocked* '
DROP all -- anywhere anywhere
Chain LOGDROPOUT (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *TCP_OUT Blocked* '
LOG udp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp -- anywhere anywhere limit: avg 30/min burst 5 LOG level warning uid prefix `Firewall: *ICMP_OUT Blocked* '
DROP all -- anywhere anywhere
[root@servmi ~]#
selinux disable هست؟
بلهنقل قول:
نوشته اصلی توسط fanous_m