/l3/users/eb/2009/linux1/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24 |
|
#iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere ctstate RELATED Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
#iptables -A INPUT -p tcp -j REJECT
|
#iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere ctstate RELATED REJECT tcp -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
#nmap -sF 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:20 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1714 filtered ports PORT STATE SERVICE 22/tcp open|filtered ssh Nmap done: 1 IP address (1 host up) scanned in 1.297 seconds |
#iptables -D INPUT 3
|
#iptables -A INPUT -p tcp --syn -j REJECT
|
#iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere ctstate RELATED REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
#nmap -sF 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:25 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1712 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 110/tcp open|filtered pop3 9999/tcp open|filtered abyss Nmap done: 1 IP address (1 host up) scanned in 1.288 seconds |
#nmap 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:26 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1714 filtered ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.148 seconds |
#iptables -A INPUT -p tcp --syn -j REJECT --reject-with tcp-reset
|
#iptables -sF 192.168.15.1
Bad argument `192.168.15.1' Try `iptables -h' or 'iptables --help' for more information. |
#nmap -sF 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:30 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1712 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 110/tcp open|filtered pop3 9999/tcp open|filtered abyss Nmap done: 1 IP address (1 host up) scanned in 1.293 seconds |
#iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere ctstate RELATED REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN reject-with tcp-reset Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
#nmap -sS 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:31 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1714 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.115 seconds |
#nmap -sF 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:31 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1712 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 110/tcp open|filtered pop3 9999/tcp open|filtered abyss Nmap done: 1 IP address (1 host up) scanned in 1.300 seconds |
#iptables -F
|
#nmap -sF 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:47 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1712 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 110/tcp open|filtered pop3 9999/tcp open|filtered abyss Nmap done: 1 IP address (1 host up) scanned in 1.397 seconds |
#nmap 192.168.15.1
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:48 EEST Interesting ports on linux1.unix.nt (192.168.15.1): Not shown: 1712 closed ports PORT STATE SERVICE 22/tcp open ssh 110/tcp open pop3 9999/tcp open abyss Nmap done: 1 IP address (1 host up) scanned in 0.125 seconds |
#cat /proc/net/ip_conntrack
tcp 6 429795 ESTABLISHED src=192.168.107.2 dst=192.168.101.2 sport=43586 dport=22 packets=3 bytes=204 src=192.168.101.2 dst=192.168.107.2 sport=22 dport=43586 packets=2 bytes=312 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431934 ESTABLISHED src=10.0.35.100 dst=192.168.101.2 sport=22 dport=44992 packets=1910 bytes=455720 src=192.168.101.2 dst=10.0.35.100 sport=44992 dport=22 packets=1729 bytes=90640 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431934 ESTABLISHED src=10.0.35.100 dst=192.168.15.1 sport=22 dport=35465 packets=462 bytes=110216 src=192.168.15.1 dst=10.0.35.100 sport=35465 dport=22 packets=457 bytes=23824 [ASSURED] mark=0 secmark=0 use=1 |
#netstat -np -A inet
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.15.1:35465 10.0.35.100:22 ESTABLISHED 6080/ssh |
#cat /proc/net/ip_conntrack
tcp 6 429306 ESTABLISHED src=192.168.107.2 dst=192.168.101.2 sport=43586 dport=22 packets=3 bytes=204 src=192.168.101.2 dst=192.168.107.2 sport=22 dport=43586 packets=2 bytes=312 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431994 ESTABLISHED src=10.0.35.100 dst=192.168.101.2 sport=22 dport=44992 packets=2175 bytes=506108 src=192.168.101.2 dst=10.0.35.100 sport=44992 dport=22 packets=1982 bytes=103844 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431994 ESTABLISHED src=10.0.35.100 dst=192.168.15.1 sport=22 dport=35465 packets=733 bytes=162548 src=192.168.15.1 dst=10.0.35.100 sport=35465 dport=22 packets=721 bytes=37600 [ASSURED] mark=0 secmark=0 use=1 |
#cat /proc/net/ip_conntrack | grep src=192.168.102.2
|
#cat /proc/net/ip_conntrack | grep src=192.168.101.2
tcp 6 429246 ESTABLISHED src=192.168.107.2 dst=192.168.101.2 sport=43586 dport=22 packets=3 bytes=204 src=192.168.101.2 dst=192.168.107.2 sport=22 dport=43586 packets=2 bytes=312 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431981 ESTABLISHED src=10.0.35.100 dst=192.168.101.2 sport=22 dport=44992 packets=2226 bytes=511848 src=192.168.101.2 dst=10.0.35.100 sport=44992 dport=22 packets=2033 bytes=106496 [ASSURED] mark=0 secmark=0 use=1 |
#iptables -t mnat -l
iptables v1.4.3.2: option `-l' requires an argument Try `iptables -h' or 'iptables --help' for more information. |
#iptables -t nat -l
iptables v1.4.3.2: option `-l' requires an argument Try `iptables -h' or 'iptables --help' for more information. |
#iptables -t nat -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
#iptables -t nat -POSTROTING -o eth0.100 -s 192.168.101.2 -j MASQUERADE
iptables v1.4.3.2: -P requires a chain and a policy Try `iptables -h' or 'iptables --help' for more information. |
$ls
10:53:38\ etc-2009.05.26 MUSIC Templates 10:53:38\\ fhdaskfh nfdnasf TEMPLATES 1324 FHDASKFH NFDNASF user_create 2009 FHJ Pictures user_passwd 2009.05.26 file PICTURES Videos 26\ FILE Public VIDEOS 26\\ fkdsjaf PUBLIC yslogd: rsyslogd. blackroom FKDSJAF READM zlo Desktop harddisk.img README Втр\ DESKTOP iceweasel.dot README2 Втр\\ din iceweasel.png RTE Втр Май 26 10:53:38 EEST 2009 Documents iseweasel.dot ryuweqi Май\ DOCUMENTS JK RYUWEQI Май\\ Download mirrors_full screen.dot DOWNLOAD Music screen.png |
#iptables -t nat -POSTROUTING -o eth0.100 -s 192.168.101.2 -j MASQUERADE
iptables v1.4.3.2: -P requires a chain and a policy Try `iptables -h' or 'iptables --help' for more information. |
#iptables -t nat -A -POSTROUTING -o eth0.100 -s 192.168.101.2 -j MASQUERADE
iptables: No chain/target/match by that name. |
#iptables -t nat -A -POSTROUTING -o eth0.101 -s 192.168.101.2 -j MASQUERADE
iptables: No chain/target/match by that name. |
#iptables -t nat -A -POSTROUTING -o eth0.101 -s 192.168.101.2 -j MASQUERADE
iptables: No chain/target/match by that name. |
#ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1b:fc:7d:bb:47 inet addr:192.168.15.1 Bcast:192.168.15.255 Mask:255.255.255.0 inet6 addr: fe80::21b:fcff:fe7d:bb47/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:354417 errors:0 dropped:0 overruns:0 frame:0 TX packets:371488 errors:0 dropped:0 overruns:0 carrier:4 collisions:0 txqueuelen:1000 RX bytes:164711354 (157.0 MiB) TX bytes:128141648 (122.2 MiB) eth0.101 Link encap:Ethernet HWaddr 00:1b:fc:7d:bb:47 inet addr:192.168.101.1 Bcast:192.168.101.255 Mask:255.255.255.0 ... collisions:0 txqueuelen:0 RX bytes:14074619 (13.4 MiB) TX bytes:34107905 (32.5 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:48886 errors:0 dropped:0 overruns:0 frame:0 TX packets:48886 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2443494 (2.3 MiB) TX bytes:2443494 (2.3 MiB) |
#iptables -t nat -A -POSTROUTING -o eth0.101 -s 192.168.101.2/24 -j MASQUERADE
iptables: No chain/target/match by that name. |
#iptables -t nat -A -POSTROUTING -o eth0 -s 192.168.101.2/24 -j MASQUERADE
iptables: No chain/target/match by that name. |
#iptables -t nat -A -POSTROUTING -s 192.168.101.2/24 -j MASQUERADE
iptables: No chain/target/match by that name. |
#iptables -t nat -A -POSTROUTING -s 192.168.101.0/24 -j MASQUERADE
iptables: No chain/target/match by that name. |
#ip route
192.168.101.0/24 dev eth0.101 proto kernel scope link src 192.168.101.1 192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.1 default via 192.168.15.254 dev eth0 |
#iptables -t nat -A POSTROUTING -o eth0.101 -s 192.168.101.2 -j MASQUERADE
|
#iptables -t nat -F
|
#iptables -t nat -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
#iptables -t nat -A POSTROUTING -o eth0.101 -s 192.168.101.0/24 -j MASQUERADE
|
#apt-get install apache
Чтение списков пакетов... Готово Построение дерева зависимостей Чтение информации о состоянии... Готово Пакет apache недоступен, но упомянут в списке зависимостей другого пакета. Это может означать, что пакет отсутствует, устарел, или доступен из источников, не упомянутых в sources.list E: Для пакета apache не найдены кандидаты на установку |
#apt-cashe search apache
bash: apt-cashe: команда не найдена |
#apt-cache search apache
libmemcache0 - C client API for memcached memory object caching system libmina-java - Java network application framework libmina-java-doc - Java network application framework - documentation libmodule-refresh-perl - Refresh %INC files when updated on disk libnekohtml-java - HTML parser for Java libnet-bittorrent-libbt-tracker-perl - Perl bindings for libbttracker libnet-server-perl - An extensible, general perl server engine libnet-stomp-perl - A Streaming Text Orientated Messaging Protocol Client libocamlnet-ocaml-dev - OCaml application-level Internet libraries - core development libraries libplexus-io-java - Plexus IO Components ... libapache2-mod-perl2 - интеграция perl с веб-сервером Apache2 libapache2-mod-php5 - встраиваемый в HTML интерпретируемый язык на стороне сервера (модуль Apache 2) libapr1 - переносимая библиотека Apache libaprutil1 - переносимая библиотека утилит Apache libbcel-java - анализ, создание и управление (двоичными) файлами классов Java libserf-0-0 - высокопроизводительная клиентская библиотека HTTP с асинхронным интерфейсом libssl0.9.8 - Динамическая библиотека для SSL lire - полнофункциональный анализатор журналов и генератор отчетов nginx - маленький, но очень мощный и эффективный веб-сервер pootle - программа для управления и перевода на различные языки через веб |
#apt-get install apache2
Чтение списков пакетов... Готово Построение дерева зависимостей Чтение информации о состоянии... Готово Будут установлены следующие дополнительные пакеты: apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-mysql libaprutil1-ldap libmysqlclient15off mysql-common openssl-blacklist ssl-cert Предлагаемые пакеты: apache2-doc apache2-suexec apache2-suexec-custom НОВЫЕ пакеты, которые будут установлены: ... Программа `dselect' или `aptitude' предоставляет дружественный интерфейс управления пакетами; Чтобы получить список значений флагов отладки dpkg, введите dpkg -Dhelp; Чтобы получить информацию об игнорировании проблем, введите dpkg --force-help; Чтобы получить справку об работе с файлами *.deb, введите dpkg-deb --help; Чтобы получить информацию об авторских правах и отсутствии гарантий (GNU GPL), введите dpkg --license [*]. Команды, отмеченные [*], выводят большое количество информации. Объедините их в конвейер с программами `less' или `more'! Настраивается пакет ssl-cert (1.0.23) ... |
#ps -ef | apach
bash: apach: команда не найдена |
#iptables -t nat -F
|
|