PING IP全通,但即使用IP上網也會失敗 - Linux
By Linda
at 2011-05-08T14:02
at 2011-05-08T14:02
Table of Contents
※ 引述《LIAR (會DOS不代表會LINUX)》之銘言:
: : → mshx:check /etc/reslov.conf內容 05/06 11:36
: nameserver 127.0.0.1
: search domain.ccc
dns設定錯誤,請改成以下
並將search domain.ccc拿掉
nameserver ISP_DNS
example:
nameserver 168.95.1.1
以下這邊太複雜了
總而言之,看起來不是DMZ
簡單的範例請自己看一下鳥哥,並且把不需要的iptables rule刪除
google:鳥哥 dmz
: : → mshx:check iptable, iptables -L -nv 05/06 11:37
: Chain INPUT (policy ACCEPT 22M packets, 9933M bytes)
: pkts bytes target prot opt in out source
: destination
: 5536 224K DROP tcp -- !utun * 0.0.0.0/0 0.0.0.0/0
: tcp dpts:9500:9627 ctstate INVALID,NEW
: 2684 897K RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
: multiport dports 68
: 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x4/0x4 multiport dports 67
: 6 1971 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x2/0x2 multiport dports 67
: 6589K 2893M alpaca-firewall all -- * * 0.0.0.0/0
: 0.0.0.0/0
: 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
: multiport dports 67
: Chain FORWARD (policy ACCEPT 5660K packets, 2334M bytes)
: pkts bytes target prot opt in out source
: destination
: 1484K 548M alpaca-firewall all -- * * 0.0.0.0/0
: 0.0.0.0/0 mark match 0x0/0x40000000
: 811K 290M alpaca-nat-firewall all -- br.eth1 * 0.0.0.0/0
: 0.0.0.0/0 [goto]
: Chain OUTPUT (policy ACCEPT 27M packets, 11G bytes)
: pkts bytes target prot opt in out source
: destination
: Chain alpaca-firewall (2 references)
: pkts bytes target prot opt in out source
: destination
: 8034K 3437M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x0/0xc000000
: 39206 3236K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x8000000/0x8000000
: 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x4000000/0x4000000 reject-with tcp-reset
: 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x4000000/0x4000000 reject-with icmp-port-unreachable
: Chain alpaca-nat-firewall (1 references)
: pkts bytes target prot opt in out source
: destination
: 575K 212M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
: ctstate DNAT
: 231K 78M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x80000000/0x80000000
: 0 0 DROP all -- * eth0 0.0.0.0/0 0.0.0.0/0
: 0 0 DROP all -- * tun0 0.0.0.0/0 0.0.0.0/0
: 抱歉!這個貼上PTT似乎會亂掉。我還在研究iptables的語法,請問以我的DMZ來說
: 應該要注意哪些部分的設定?
--
CPU:AMD AM3 Athlon64 II X4 640 VGA:MSI 5670 DDR5 1G
MB:Asus M4A88TD-M PSU:FSP BlueDiamond II 400W
RAM:Transcend 1333/4G *2 CASE:RC690II Black
DVD-RW:iHAS324
SATA HDD:Seagate 1T USB-HDD:Seagate 500G
--
: : → mshx:check /etc/reslov.conf內容 05/06 11:36
: nameserver 127.0.0.1
: search domain.ccc
dns設定錯誤,請改成以下
並將search domain.ccc拿掉
nameserver ISP_DNS
example:
nameserver 168.95.1.1
以下這邊太複雜了
總而言之,看起來不是DMZ
簡單的範例請自己看一下鳥哥,並且把不需要的iptables rule刪除
google:鳥哥 dmz
: : → mshx:check iptable, iptables -L -nv 05/06 11:37
: Chain INPUT (policy ACCEPT 22M packets, 9933M bytes)
: pkts bytes target prot opt in out source
: destination
: 5536 224K DROP tcp -- !utun * 0.0.0.0/0 0.0.0.0/0
: tcp dpts:9500:9627 ctstate INVALID,NEW
: 2684 897K RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
: multiport dports 68
: 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x4/0x4 multiport dports 67
: 6 1971 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x2/0x2 multiport dports 67
: 6589K 2893M alpaca-firewall all -- * * 0.0.0.0/0
: 0.0.0.0/0
: 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
: multiport dports 67
: Chain FORWARD (policy ACCEPT 5660K packets, 2334M bytes)
: pkts bytes target prot opt in out source
: destination
: 1484K 548M alpaca-firewall all -- * * 0.0.0.0/0
: 0.0.0.0/0 mark match 0x0/0x40000000
: 811K 290M alpaca-nat-firewall all -- br.eth1 * 0.0.0.0/0
: 0.0.0.0/0 [goto]
: Chain OUTPUT (policy ACCEPT 27M packets, 11G bytes)
: pkts bytes target prot opt in out source
: destination
: Chain alpaca-firewall (2 references)
: pkts bytes target prot opt in out source
: destination
: 8034K 3437M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x0/0xc000000
: 39206 3236K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x8000000/0x8000000
: 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x4000000/0x4000000 reject-with tcp-reset
: 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x4000000/0x4000000 reject-with icmp-port-unreachable
: Chain alpaca-nat-firewall (1 references)
: pkts bytes target prot opt in out source
: destination
: 575K 212M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
: ctstate DNAT
: 231K 78M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
: mark match 0x80000000/0x80000000
: 0 0 DROP all -- * eth0 0.0.0.0/0 0.0.0.0/0
: 0 0 DROP all -- * tun0 0.0.0.0/0 0.0.0.0/0
: 抱歉!這個貼上PTT似乎會亂掉。我還在研究iptables的語法,請問以我的DMZ來說
: 應該要注意哪些部分的設定?
--
CPU:AMD AM3 Athlon64 II X4 640 VGA:MSI 5670 DDR5 1G
MB:Asus M4A88TD-M PSU:FSP BlueDiamond II 400W
RAM:Transcend 1333/4G *2 CASE:RC690II Black
DVD-RW:iHAS324
SATA HDD:Seagate 1T USB-HDD:Seagate 500G
--
Tags:
Linux
All Comments
By Eden
at 2011-05-08T19:57
at 2011-05-08T19:57
By Sarah
at 2011-05-13T14:28
at 2011-05-13T14:28
By Liam
at 2011-05-14T03:18
at 2011-05-14T03:18
Related Posts
Ubuntu連到開分享檔案的windows
By Hamiltion
at 2011-05-08T12:22
at 2011-05-08T12:22
Ubuntu11 分割區超出磁碟超的問題
By Irma
at 2011-05-08T11:36
at 2011-05-08T11:36
process目前佔用的cpu core
By Puput
at 2011-05-08T00:23
at 2011-05-08T00:23
以UPG306擷取NTSC影像for Cheese
By Damian
at 2011-05-08T00:07
at 2011-05-08T00:07
請問eeepc 701安裝easy peasy 1.6問題
By Wallis
at 2011-05-07T14:02
at 2011-05-07T14:02