iptables

[ganesha]

quando eseguo iptable-save mi stampa queste righe:

...
*nat
:PREROUTING ACCEPT [1074217:66631483]
:POSTROUTING ACCEPT [2402:295153]
:OUTPUT ACCEPT [2405:295365]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j DNAT --to-destination 192.168.0.3:4662
-A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j DNAT --to-destination 192.168.0.3:4672
...

cosa significa riga :PREROUTING ACCEPT [1074217:66631483] ?
che le porte al di fuori di quel range non passano?

[Ikitt]

Originariamente inviato da ganesha
quando eseguo iptable-save mi stampa queste righe:
cosa significa riga :PREROUTING ACCEPT [1074217:66631483] ?
che le porte al di fuori di quel range non passano?

Dipende dalla policy della catena AFAIK.

[ganesha]

se posto tutto l'output di iptables-save, me lo puoi dire?

[ganesha]

up

[ganesha]

codice:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:drop-and-log-it - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT 
-A INPUT -s 192.168.0.0/255.255.255.0 -i ppp0 -j drop-and-log-it 
-A INPUT -d 80.183.110.121 -i ppp0 -p icmp -j ACCEPT 
-A INPUT -d 80.183.110.121 -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -j drop-and-log-it 
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i eth0 -o ppp0 -j ACCEPT 
-A FORWARD -j drop-and-log-it 
-A FORWARD -p tcp -m tcp --dport 4661 -j ACCEPT 
-A FORWARD -p udp -m udp --dport 4665 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 4662 -j ACCEPT 
-A FORWARD -p udp -m udp --dport 4672 -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -s 80.183.110.121 -d 192.168.0.0/255.255.255.0 -o eth0 -j ACCEPT 
-A OUTPUT -s 192.168.0.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -o eth0 -j ACCEPT 
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o ppp0 -j drop-and-log-it 
-A OUTPUT -s 80.183.110.121 -o ppp0 -j ACCEPT 
-A OUTPUT -j drop-and-log-it 
-A drop-and-log-it -j LOG --log-level 6 
-A drop-and-log-it -j DROP 
COMMIT
# Completed on Sat Oct 23 11:57:55 2004
# Generated by iptables-save v1.2.5 on Sat Oct 23 11:57:55 2004
*nat
:PREROUTING ACCEPT [418:23290]
:POSTROUTING ACCEPT [2:482]
:OUTPUT ACCEPT [2:482]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 6699 -j DNAT --to-destination 192.168.0.3:6699 
-A PREROUTING -i ppp0 -p udp -m udp --dport 6257 -j DNAT --to-destination 192.168.0.3:6257 
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 192.168.0.3:4661 
-A PREROUTING -i ppp0 -p udp -m udp --dport 4665 -j DNAT --to-destination 192.168.0.3:4665 
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j DNAT --to-destination 192.168.0.3:4662 
-A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j DNAT --to-destination 192.168.0.3:4672 
-A POSTROUTING -o ppp0 -j SNAT --to-source 80.183.110.121 
COMMIT

[ganesha]

up