15:17:33
|
$sudo ifconfig eth1 192.168.18.94 netmask 255.255.255.224
|
| /l3/users/10-08-2009/nt-lnet/debian9.net.nt/user :1 :2 :3 :4 :5 |
|
|
$sudo ifconfig eth2 192.168.18.97
|
|
$sudo ifconfig eth1 192.168.18.94 netmask 255.255.255.224
|
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:09
inet addr:192.168.16.9 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3208 errors:0 dropped:0 overruns:0 frame:0
TX packets:296 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:351246 (343.0 KiB) TX bytes:105288 (102.8 KiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:09
inet addr:192.168.18.94 Bcast:192.168.18.95 Mask:255.255.255.224
...
collisions:0 txqueuelen:1000
RX bytes:378 (378.0 b) TX bytes:510 (510.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
$ping 192.168.18.129
PING 192.168.18.129 (192.168.18.129) 56(84) bytes of data. --- 192.168.18.129 ping statistics --- 14 packets transmitted, 0 received, 100% packet loss, time 13011ms |
|
$ping 192.168.18.97
PING 192.168.18.97 (192.168.18.97) 56(84) bytes of data. 64 bytes from 192.168.18.97: icmp_seq=1 ttl=64 time=0.014 ms 64 bytes from 192.168.18.97: icmp_seq=2 ttl=64 time=0.016 ms --- 192.168.18.97 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.014/0.015/0.016/0.001 ms |
|
$ipr
bash: ipr: command not found |
|
$ip
bash: ip: command not found |
|
$sudo apt-get install iproute
Чтение списков пакетов... Готово Построение дерева зависимостей... Готово Будут установлены следующие дополнительные пакеты: libatm1 Рекомендуемые пакеты: iproute-doc НОВЫЕ пакеты, которые будут установлены: iproute libatm1 обновлено 0, установлено 2 новых пакетов, для удаления отмечено 0 пакетов, и 55 пакетов не обновлено. Необходимо скачать 358kБ архивов. После распаковки объем занятого дискового пространства возрастёт на 877kB. Хотите продолжить [Д/н]? y Err http://debian.org.ua etch/main libatm1 2.4.1-17 Невозможно инициализировать соединение с debian.org.ua:80 (62.149.27.59). - connect (101 Network is unreachable) Err http://debian.org.ua etch/main iproute 20061002-3 Невозможно инициализировать соединение с debian.org.ua:80 (62.149.27.59). - connect (101 Network is unreachable) Не удалось загрузить http://debian.org.ua/debian/pool/main/l/linux-atm/libatm1_2.4.1-17_i386.deb Невозможно инициализировать соединение с debian.org.ua:80 (62.149.27.59). - connect (101 Network is unreachable) Не удалось загрузить http://debian.org.ua/debian/pool/main/i/iproute/iproute_20061002-3_i386.deb Невозможно инициализировать соединение с debian.org.ua:80 (62.149.27.59). - connect (101 Network is unreachable) E: Невозможно загрузить некоторые архивы, вероятно надо запустить apt-get update или попытаться повторить запуск с ключом --fix-missing |
|
$ip r
bash: ip: command not found |
|
$route print
bash: route: command not found |
|
$route -n
bash: route: command not found |
|
$ping mail.ru
connect: Network is unreachable |
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:09
inet addr:192.168.16.9 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3725 errors:0 dropped:0 overruns:0 frame:0
TX packets:673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:397427 (388.1 KiB) TX bytes:260086 (253.9 KiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:09
inet addr:192.168.18.94 Bcast:192.168.18.95 Mask:255.255.255.224
...
collisions:0 txqueuelen:1000
RX bytes:2088 (2.0 KiB) TX bytes:2106 (2.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)
|
|
$ping 192.168.18.126
PING 192.168.18.126 (192.168.18.126) 56(84) bytes of data. 64 bytes from 192.168.18.126: icmp_seq=1 ttl=64 time=15.7 ms 64 bytes from 192.168.18.126: icmp_seq=2 ttl=64 time=7.00 ms 64 bytes from 192.168.18.126: icmp_seq=3 ttl=64 time=10.6 ms --- 192.168.18.126 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 7.004/11.120/15.718/3.574 ms |
|
$ping 192.168.18.157
connect: Network is unreachable |
|
$ping 192.168.18.129
connect: Network is unreachable |
|
$sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3E:00:00:09
inet addr:192.168.16.9 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe00:9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3843 errors:0 dropped:0 overruns:0 frame:0
TX packets:768 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:407547 (397.9 KiB) TX bytes:286980 (280.2 KiB)
eth1 Link encap:Ethernet HWaddr 00:16:3E:00:01:09
inet addr:192.168.18.94 Bcast:192.168.18.95 Mask:255.255.255.224
...
collisions:0 txqueuelen:1000
RX bytes:2442 (2.3 KiB) TX bytes:2442 (2.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)
|
|
$ping 192.168.18.126
PING 192.168.18.126 (192.168.18.126) 56(84) bytes of data. 64 bytes from 192.168.18.126: icmp_seq=1 ttl=64 time=15.9 ms 64 bytes from 192.168.18.126: icmp_seq=2 ttl=64 time=7.78 ms --- 192.168.18.126 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 7.781/11.861/15.942/4.081 ms |
|
$sudo route add default gw 192.168.18.65
|
|
$screen -x
|
|
$ssh 192.168.16.1
The authenticity of host '192.168.16.1 (192.168.16.1)' can't be established. RSA key fingerprint is 51:5b:32:d8:70:19:6d:04:c7:b4:11:49:13:74:dc:bc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.16.1' (RSA) to the list of known hosts. user@192.168.16.1's password: Linux debiant 2.6.18-5-xen-686 #1 SMP Fri Jun 1 05:05:24 UTC 2007 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Aug 10 15:41:52 2009 from fbsd22.net.nt l3-agent is already running: pid=1631; pidfile=/home/user/.lilalo/l3-agent.pid |
|
$sudo route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.18.96 0.0.0.0 255.255.255.224 U 0 0 0 eth2 192.168.18.64 0.0.0.0 255.255.255.224 U 0 0 0 eth1 192.168.16.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.18.65 0.0.0.0 UG 0 0 0 eth1 |
|
$echo 192.168.18.65
192.168.18.65 |
|
$sudo
Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M]
[netmask N] [mss Mss] [window W] [irtt I]
[mod] [dyn] [reinstate] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject
inet_route [-FC] flush NOT supported
|
|
$sudo route delete default
|
|
$sudo route add default gw 192.168.16.254
|
|
$sudo apt-get install tcpdump
Чтение списков пакетов... Готово Построение дерева зависимостей... Готово Будут установлены следующие дополнительные пакеты: libpcap0.8 НОВЫЕ пакеты, которые будут установлены: libpcap0.8 tcpdump обновлено 0, установлено 2 новых пакетов, для удаления отмечено 0 пакетов, и 55 пакетов не обновлено. Необходимо скачать 392kБ архивов. После распаковки объем занятого дискового пространства возрастёт на 877kB. Хотите продолжить [Д/н]? Получено:1 http://debian.org.ua etch/main libpcap0.8 0.9.5-1 [89,5kB] Получено:2 http://debian.org.ua etch/main tcpdump 3.9.5-2etch1 [303kB] Получено 392kB за 0s (7661kB/c) Выбор ранее не выбранного пакета libpcap0.8. (Чтение базы данных... на данный момент установлено 22620 файлов и каталогов.) Распаковывается пакет libpcap0.8 (из файла .../libpcap0.8_0.9.5-1_i386.deb)... Выбор ранее не выбранного пакета tcpdump. Распаковывается пакет tcpdump (из файла .../tcpdump_3.9.5-2etch1_i386.deb)... Настраивается пакет libpcap0.8 (0.9.5-1) ... Настраивается пакет tcpdump (3.9.5-2etch1) ... |
|
$sudo route delete default
|
|
$sudo route add default gw 192.168.18.65
|
|
$sudo tcpdump -i eth2 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel |
|
$ssh 192.168.16.22
The authenticity of host '192.168.16.22 (192.168.16.22)' can't be established.
DSA key fingerprint is 13:3f:fb:2a:53:62:8e:f8:0e:c7:3a:c9:10:99:b6:25.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.16.22' (DSA) to the list of known hosts.
Password:
Last login: Mon Aug 10 15:38:49 2009
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.3-RELEASE (SMP) #0: Wed Jan 16 04:45:45 UTC 2008
Welcome to FreeBSD!
...
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
|
|
#[user@fbsd2:~]$
|
|
#[user@fbsd2:~]$
|
|
#[user@fbsd2:~]$
|
|
#[user@fbsd2:~]$ sudo tcpdump -i re1 -n icmp
Password: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re1, link-type EN10MB (Ethernet), capture size 96 bytes 16:43:41.990922 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 120, length 64 16:43:43.793001 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 121, length 64 16:43:45.592599 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 122, length 64 16:43:47.392792 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 123, length 64 16:43:49.198752 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 124, length 64 16:43:50.995991 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 125, length 64 16:43:52.799849 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 126, length 64 16:43:54.598384 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 127, length 64 16:43:56.399648 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 128, length 64 16:43:58.203934 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 129, length 64 16:44:00.004414 IP 192.168.18.157 > 213.180.204.8: ICMP echo request, id 57617, seq 130, length 64 ^C 11 packets captured 16 packets received by filter 0 packets dropped by kernel |
|
#[user@fbsd2:~]$ sudo sysctl -a | grep forward
[user@fbsd2:~]$ sudo tcpdump -i re2 -n icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re2, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel kern.smp.forward_signal_enabled: 1 kern.smp.forward_roundrobin_enabled: 1 net.inet.ip.forwarding: 0 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 |
|
#[user@fbsd2:~]$ sudo sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1 |
|
#[user@fbsd2:~]$ sudo tcpdump -i re2 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re2, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel |
|
#[user@fbsd2:~]$ exit
exit Connection to 192.168.16.22 closed. |
|
$sudo tcpdump -i eth2 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel |
|
$ping 192.168.18.126
PING 192.168.18.126 (192.168.18.126) 56(84) bytes of data. 64 bytes from 192.168.18.126: icmp_seq=1 ttl=64 time=14.9 ms 64 bytes from 192.168.18.126: icmp_seq=2 ttl=64 time=6.10 ms --- 192.168.18.126 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 6.108/10.513/14.918/4.405 ms |
|
$sudo tcpdump -i eth2 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel |
|
$ssh 192.168.16.22
Password:
Last login: Mon Aug 10 16:43:15 2009 from 192.168.16.9
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.3-RELEASE (SMP) #0: Wed Jan 16 04:45:45 UTC 2008
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
...
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
Removing stale pidfile
|
|
#[user@fbsd2:~]$
|
|
#[user@fbsd2:~]$
|
|
#[user@fbsd2:~]$
|
|
#[user@fbsd2:~]$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.22 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:4e:00:00:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.129 netmask 0xffffff02 broadcast 192.168.18.253
ether 00:16:4e:00:01:02
...
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.126 netmask 0xffffffe0 broadcast 192.168.18.127
ether 00:16:4e:00:02:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd2:~]$ sudo sysctl -a | grep forward
[user@fbsd2:~]$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.18.97 UGS 0 199 re1 127.0.0.1 127.0.0.1 UH 0 833 lo0 192.168.16 link#1 UC 0 0 re0 192.168.16.1 00:16:3e:00:00:01 UHLW 1 233 re0 754 192.168.16.9 00:16:3e:00:00:09 UHLW 1 301 re0 941 192.168.16.225 00:14:c2:05:9a:de UHLW 1 17661 re0 904 ... ::1 ::1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#5 UHL lo0 ff01:5::/32 fe80::1%lo0 UC lo0 ff02::%lo0/32 fe80::1%lo0 UC lo0 kern.smp.forward_signal_enabled: 1 kern.smp.forward_roundrobin_enabled: 1 net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 |
|
#[user@fbsd2:~]$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.22 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:4e:00:00:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.129 netmask 0xffffff02 broadcast 192.168.18.253
ether 00:16:4e:00:01:02
...
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.126 netmask 0xffffffe0 broadcast 192.168.18.127
ether 00:16:4e:00:02:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd2:~]$ sudo ifconfig re2 192.168.18.126 netmask 255.255.255.224
|
|
#[user@fbsd2:~]$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.22 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:4e:00:00:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.129 netmask 0xffffff02 broadcast 192.168.18.253
ether 00:16:4e:00:01:02
...
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.126 netmask 0xffffffe0 broadcast 192.168.18.127
ether 00:16:4e:00:02:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd2:~]$ sudo ifconfig re1 192.168.18.129 netmask 255.255.255.224
|
|
#[user@fbsd2:~]$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.16.22 netmask 0xffffff00 broadcast 192.168.16.255
ether 00:16:4e:00:00:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.129 netmask 0xffffffe0 broadcast 192.168.18.159
ether 00:16:4e:00:01:02
...
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.18.126 netmask 0xffffffe0 broadcast 192.168.18.127
ether 00:16:4e:00:02:02
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
|
|
#[user@fbsd2:~]$ exit
exit Connection to 192.168.16.22 closed. |
|
$sudo tcpdump -i eth2 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel |
|
$ssh 192.168.16.22
Password:
Last login: Mon Aug 10 16:46:58 2009 from 192.168.16.9
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.3-RELEASE (SMP) #0: Wed Jan 16 04:45:45 UTC 2008
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
...
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
Removing stale pidfile
|
|
#[user@fbsd2:~]$ netstat -rn
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 127.0.0.1 127.0.0.1 UH 0 833 lo0 192.168.16 link#1 UC 0 0 re0 192.168.16.1 00:16:3e:00:00:01 UHLW 1 233 re0 618 192.168.16.9 00:16:3e:00:00:09 UHLW 1 547 re0 805 192.168.16.225 00:14:c2:05:9a:de UHLW 1 17745 re0 768 192.168.16.254 00:04:75:75:46:b1 UHLW 1 335 re0 1191 192.168.18.96/27 link#3 UC 0 0 re2 192.168.18.97 link#3 UHLW 1 0 re2 192.168.18.128/27 link#2 UC 0 0 re1 192.168.18.157 00:16:4e:00:01:01 UHLW 1 29 re1 1179 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#5 UHL lo0 ff01:5::/32 fe80::1%lo0 UC lo0 ff02::%lo0/32 fe80::1%lo0 UC lo0 |
|
#[user@fbsd2:~]$ sudo route add default 192.168.18.97
add net default: gateway 192.168.18.97 |
|
#[user@fbsd2:~]$ exit
exit Connection to 192.168.16.22 closed. |
|
$sudo sysctl -a | grep forward
error: "Operation not permitted" reading key "net.ipv6.route.flush" error: "Operation not permitted" reading key "net.ipv4.route.flush" net.ipv6.conf.eth2.forwarding = 0 net.ipv6.conf.eth1.forwarding = 0 net.ipv6.conf.default.forwarding = 0 net.ipv6.conf.all.forwarding = 0 net.ipv6.conf.eth0.forwarding = 0 net.ipv6.conf.lo.forwarding = 0 net.ipv4.conf.eth2.mc_forwarding = 0 net.ipv4.conf.eth2.forwarding = 0 net.ipv4.conf.eth1.mc_forwarding = 0 net.ipv4.conf.eth1.forwarding = 0 net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 0 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 0 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 0 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.all.forwarding = 0 net.ipv4.ip_forward = 0 |
|
$sudo
net.ipv4.ip_forward = 0 |
|
$sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1 |
|
$sudo iptables -t nat -L
Password: Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
|
$sudo iptables -t nat -L
|
|
$sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- debian8.andrey.net.nt debian9.net.nt tcp dpt:rplay to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
|
$sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
|
$sudo iptables -t nat -L
|
|
$sudo iptables -t nat -L
|
|
$exit
|
|
$exit
|
|
$sudo tcpd
tcpd tcpdchk tcpdmatch tcpdump |
|
$sudo tcpd
tcpd tcpdchk tcpdmatch tcpdump |
|
$sudo tcpdump -i eth0 -n -p tcp port 5555
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 16:32:20.317898 IP 192.168.16.8.42420 > 192.168.16.9.5555: S 298847164:298847164(0) win 5840 <mss 1460,sackOK,timestamp 6411412 0,nop,wscale 7> 16:32:23.312960 IP 192.168.16.8.42420 > 192.168.16.9.5555: S 298847164:298847164(0) win 5840 <mss 1460,sackOK,timestamp 6412162 0,nop,wscale 7> 16:32:29.313358 IP 192.168.16.8.42420 > 192.168.16.9.5555: S 298847164:298847164(0) win 5840 <mss 1460,sackOK,timestamp 6413662 0,nop,wscale 7> 16:32:41.314066 IP 192.168.16.8.42420 > 192.168.16.9.5555: S 298847164:298847164(0) win 5840 <mss 1460,sackOK,timestamp 6416662 0,nop,wscale 7> 16:32:43.524892 IP 192.168.16.8.42424 > 192.168.16.9.5555: S 317031478:317031478(0) win 5840 <mss 1460,sackOK,timestamp 6417214 0,nop,wscale 7> ^C 5 packets captured 5 packets received by filter 0 packets dropped by kernel |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 10 600 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 17 packets, 1084 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 17 packets, 1084 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 10 600 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 17 packets, 1084 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 17 packets, 1084 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 660 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo sh -c 'watch iptables -t nat -L -v -n '
|
|
$sudo tcpdump -i eth0 -n -p tcp and ! port 22 and ! port 5900
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 16:35:03.199152 IP 192.168.16.9.51218 > 212.26.146.51.18030: S 472193423:472193423(0) win 5840 <mss 1460,sackOK,timestamp 6450631 0,nop,wscale 7> 16:35:03.230066 IP 212.26.146.51.18030 > 192.168.16.9.51218: R 0:0(0) ack 472193424 win 0 16:35:04.836763 IP 192.168.16.8.35228 > 192.168.16.9.5555: S 488439030:488439030(0) win 5840 <mss 1460,sackOK,timestamp 6452539 0,nop,wscale 7> 16:35:07.831210 IP 192.168.16.8.35228 > 192.168.16.9.5555: S 488439030:488439030(0) win 5840 <mss 1460,sackOK,timestamp 6453289 0,nop,wscale 7> 16:35:13.236097 IP 192.168.16.9.51219 > 212.26.146.51.18030: S 481943376:481943376(0) win 5840 <mss 1460,sackOK,timestamp 6453140 0,nop,wscale 7> 16:35:13.244112 IP 212.26.146.51.18030 > 192.168.16.9.51219: R 0:0(0) ack 481943377 win 0 16:35:13.831605 IP 192.168.16.8.35228 > 192.168.16.9.5555: S 488439030:488439030(0) win 5840 <mss 1460,sackOK,timestamp 6454789 0,nop,wscale 7> 16:35:23.252697 IP 192.168.16.9.51220 > 212.26.146.51.18030: S 496024352:496024352(0) win 5840 <mss 1460,sackOK,timestamp 6455644 0,nop,wscale 7> 16:35:23.258614 IP 212.26.146.51.18030 > 192.168.16.9.51220: R 0:0(0) ack 496024353 win 0 16:35:25.832489 IP 192.168.16.8.35228 > 192.168.16.9.5555: S 488439030:488439030(0) win 5840 <mss 1460,sackOK,timestamp 6457789 0,nop,wscale 7> 16:35:33.265553 IP 192.168.16.9.51221 > 212.26.146.51.18030: S 505826173:505826173(0) win 5840 <mss 1460,sackOK,timestamp 6458147 0,nop,wscale 7> 16:35:33.289990 IP 212.26.146.51.18030 > 192.168.16.9.51221: R 0:0(0) ack 505826174 win 0 16:35:43.298227 IP 192.168.16.9.51222 > 212.26.146.51.18030: S 518715713:518715713(0) win 5840 <mss 1460,sackOK,timestamp 6460655 0,nop,wscale 7> 16:35:43.304917 IP 212.26.146.51.18030 > 192.168.16.9.51222: R 0:0(0) ack 518715714 win 0 14 packets captured 14 packets received by filter 0 packets dropped by kernel |
|
$mkdir .wireshark
|
|
$sudo wireshark
[user@debian9:~]$ sudo wireshark [1]+ Stopped sudo wireshark |
|
$bg
[1]+ sudo wireshark & |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 10 packets, 763 bytes) pkts bytes target prot opt in out source destination 37 2220 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 118 packets, 7144 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 118 packets, 7144 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 10 packets, 763 bytes) pkts bytes target prot opt in out source destination 37 2220 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 119 packets, 7204 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 119 packets, 7204 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 10 packets, 763 bytes) pkts bytes target prot opt in out source destination 37 2220 DNAT tcp -- * * 192.168.16.8 192.168.16.9 tcp dpt:5555 to:192.168.16.10:110 Chain POSTROUTING (policy ACCEPT 119 packets, 7204 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 119 packets, 7204 bytes) pkts bytes target prot opt in out source destination |
|
$sudo iptables -t nat -F PREROUTING
|
| Время первой команды журнала | 15:15:56 2009- 8-10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 15:49:13 2009- 8-11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 100 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 13.00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 5.00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 1.38 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 1.20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008