15:11:24

#host ya.ru

ya.ru has address 93.158.134.203
ya.ru has address 213.180.193.3
ya.ru has address 213.180.204.3
ya.ru has address 77.88.21.3
ya.ru has address 87.250.250.3
ya.ru has address 87.250.250.203
ya.ru has address 87.250.251.3
ya.ru has address 93.158.134.3
ya.ru mail is handled by 10 mx.yandex.ru.

15:16:50

#ping ya.ru

PING ya.ru (93.158.134.3) 56(84) bytes of data.
64 bytes from www.yandex.ru (93.158.134.3): icmp_req=1 ttl=58 time=18.1 ms
64 bytes from www.yandex.ru (93.158.134.3): icmp_req=2 ttl=58 time=19.7 ms
^C
--- ya.ru ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 18.163/18.932/19.702/0.781 ms

15:17:06

#vim /etc/resolv.conf

--- /dev/null	2012-12-17 19:01:14.436000008 +0200
+++ iptables	2012-12-18 16:46:17.000000000 +0200
@@ -0,0 +1,2 @@
+#!/bin/bash
+iptables-restore < /etc/iptables.rule

15:17:21

search net.nt
nameserver 192.168.13.253
"/etc/resolv.conf" 2L, 40C

15:17:26

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

15:29:22

#man iptables

15:44:10

#cd /etc/network/if-up.d/

15:44:18

#ls -hl

итого 12K
-rwxr-xr-x 1 root root 4,5K Мар 28  2012 mountnfs
-rwxr-xr-x 1 root root  849 Дек 21  2009 openssh-server

15:44:19

#cd ..

15:44:34

#cd if-down.d/

15:44:36

#ls -hl

итого 0

15:44:39

#vim iptables

15:45:41

#cd ..

15:45:42

#cd if-up.d/

15:45:44

#ls -hl

итого 12K
-rwxr-xr-x 1 root root 4,5K Мар 28  2012 mountnfs
-rwxr-xr-x 1 root root  849 Дек 21  2009 openssh-server

15:45:45

#vim iptables

15:46:17

#ls -hl

итого 16K
-rw-r--r-- 1 root root   50 Дек 18 16:46 iptables
-rwxr-xr-x 1 root root 4,5K Мар 28  2012 mountnfs
-rwxr-xr-x 1 root root  849 Дек 21  2009 openssh-server

15:46:20

#chmod +x iptables

15:46:25

#ls -hl

итого 16K
-rwxr-xr-x 1 root root   50 Дек 18 16:46 iptables
-rwxr-xr-x 1 root root 4,5K Мар 28  2012 mountnfs
-rwxr-xr-x 1 root root  849 Дек 21  2009 openssh-server

15:46:27

#cd ..

15:46:29

#cd if-down.d/

15:46:31

#ls -hl

итого 4,0K
-rw-r--r-- 1 root root 47 Дек 18 16:45 iptables

15:46:32

#chmod +x iptables

15:46:35

#ls -hl

итого 4,0K
-rwxr-xr-x 1 root root 47 Дек 18 16:45 iptables

Среда (12/19/12)

/dev/pts/1

08:21:57

#iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

08:22:21

#iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

08:22:27

#iptables -A INPUT -d 127.0.0.1 -p icmp -j DROP

08:41:07

#iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       icmp --  anywhere             localhost.localdomain
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

08:41:13

#ping 127.0.0.1

PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
^C
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms

08:41:33

#man iptables

08:42:21

#iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       icmp --  0.0.0.0/0            127.0.0.1
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

08:42:26

#iptables -Ln

iptables: No chain/target/match by that name.

08:42:31

#iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       icmp --  0.0.0.0/0            127.0.0.1
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

08:42:33

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       icmp --  anywhere             localhost.localdomain
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

08:43:21

#iptables -D INPUT 1

08:43:30

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

08:43:31

#ping 127.0.0.1

PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.040 ms
64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.036 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.036/0.038/0.040/0.002 ms

08:43:50

#iptables -A INPUT -d 127.0.0.1 -p icmp -j DROP

08:44:05

#iptables -D INPUT -d 127.0.0.1 -p icpm -j DROP

iptables v1.4.8: unknown protocol `icpm' specified
Try `iptables -h' or 'iptables --help' for more information.

08:44:26

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       icmp --  anywhere             localhost.localdomain
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

08:44:49

#iptables -D INPUT -d 127.0.0.1 -p icmp -j DROP

08:45:21

#iptables -F INPUT

08:45:29

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

08:45:30

#ping 127.0.0.1

PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.035 ms
64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.044 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.035/0.039/0.044/0.007 ms

08:45:39

#iptables -A INPUT -p tcp --dport 80 -j ACCEPT

08:47:35

#iptables -A INPUT -p tcp --dport 22 -j ACCEPT

08:47:39

#iptables -A INPUT -p tcp --syn -j DROP

08:48:15

#iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

08:48:18

#nmap localhost

Starting Nmap 5.00 ( http://nmap.org ) at 2012-12-19 09:49 EET
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 998 filtered ports
PORT   STATE  SERVICE
22/tcp open   ssh
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 6.39 seconds

08:49:18

#nmap 192.168.13.1

Starting Nmap 5.00 ( http://nmap.org ) at 2012-12-19 09:50 EET
Interesting ports on debian1.net.nt (192.168.13.1):
Not shown: 998 filtered ports
PORT   STATE  SERVICE
22/tcp open   ssh
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 4.91 seconds

08:50:09

#iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

08:52:25

#nmap 192.168.13.1

Starting Nmap 5.00 ( http://nmap.org ) at 2012-12-19 09:52 EET
Interesting ports on debian1.net.nt (192.168.13.1):
Not shown: 998 filtered ports
PORT   STATE  SERVICE
22/tcp open   ssh
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 6.39 seconds

08:52:41

#nmap 192.168.13.2

Starting Nmap 5.00 ( http://nmap.org ) at 2012-12-19 09:54 EET
Interesting ports on 192.168.13.2:
Not shown: 998 filtered ports
PORT   STATE  SERVICE
22/tcp open   ssh
80/tcp closed http
MAC Address: 00:16:3E:00:00:02 (Xensource)
Nmap done: 1 IP address (1 host up) scanned in 4.70 seconds

08:54:09

#netstat -nr

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.13.253  0.0.0.0         UG        0 0          0 eth0
192.168.13.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0

Журнал лабораторных работ

Журнал

Вторник (12/18/12)

Среда (12/19/12)