lych911
2005-08-11, 01:08 AM
我在PING我的FC4的主機時都是time out。
防火牆設定如下
----------------------
.
.
以上省略
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s $INNET -o $EXDEV -j MASQUERADE
iptables -A INPUT -s 192.168.20.0/24 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 20 -j ACCEPT
iptables -A INPUT -p UDP -i $EXDEV --dport 123 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i $EXDEV --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 110 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW,INVALID -j DROP
---------------
是否是FC4系統預設的安全性問題呢?不然怎麼PING是time out呢?
贊助商連結
防火牆設定如下
----------------------
.
.
以上省略
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s $INNET -o $EXDEV -j MASQUERADE
iptables -A INPUT -s 192.168.20.0/24 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 20 -j ACCEPT
iptables -A INPUT -p UDP -i $EXDEV --dport 123 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i $EXDEV --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -i $EXDEV --dport 110 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW,INVALID -j DROP
---------------
是否是FC4系統預設的安全性問題呢?不然怎麼PING是time out呢?
贊助商連結