История изменений
Исправление
Psych218,
(текущая версия)
:
До:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether d4:3d:7e:51:45:90 brd ff:ff:ff:ff:ff:ff
inet 87.x.z.30/21 brd 87.x.a.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet 87.x.z.30/24 brd 87.x.a.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::d63d:7eff:fe51:4590/64 scope link
valid_lft forever preferred_lft forever
3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 90:94:e4:82:05:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global enp4s0
valid_lft forever preferred_lft forever
inet6 fe80::9294:e4ff:fe82:537/64 scope link
valid_lft forever preferred_lft foreverip r
default via 87.x.y.1 dev enp2s0 metric 202
87.x.y.0/21 dev enp2s0 proto kernel scope link src 87.x.x.30
87.x.y.0/21 dev enp2s0 proto kernel scope link src 87.x.x.30 metric 202
87.x.z.0/24 dev enp2s0 proto kernel scope link src 87.x.x.30
192.168.0.0/24 dev enp4s0 proto kernel scope link src 192.168.0.254(внешний IP заменил на x и y)
iptables-save без systemctl stop iptables
# Generated by iptables-save v1.4.18 on Sat May 16 22:11:16 2015
*filter
:INPUT ACCEPT [1624100:606811247]
:FORWARD ACCEPT [111734:83792095]
:OUTPUT ACCEPT [1170716:271690232]
:sshguard - [0:0]
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 15581 -m recent --set --name SSH --mask 255.255.255.255 --rsource
-A INPUT -p tcp -m tcp --dport 558 -j sshguard
-A INPUT -p udp -m udp --dport 138 -j DROP
-A INPUT -p udp -j RETURN
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A OUTPUT -p udp -j ACCEPT
-A sshguard -m conntrack --ctstate NEW -m recent --update --seconds 120 --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
-A sshguard -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A sshguard -j DROP
-A sshguard -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 2 --name SSH --mask 255.255.255.255 --rsource -j DROP
COMMIT
# Completed on Sat May 16 22:11:16 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:11:16 2015
*nat
:PREROUTING ACCEPT [7900:505459]
:INPUT ACCEPT [6145:397850]
:OUTPUT ACCEPT [13093:799370]
:POSTROUTING ACCEPT [334:22746]
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat May 16 22:11:16 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:11:16 2015
*mangle
:PREROUTING ACCEPT [1737663:690758415]
:INPUT ACCEPT [1625842:606953190]
:FORWARD ACCEPT [111734:83792095]
:OUTPUT ACCEPT [1945180:686798748]
:POSTROUTING ACCEPT [2056914:770590843]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat May 16 22:11:16 2015iptables-save с systemctl stop iptables
# Generated by iptables-save v1.4.18 on Sat May 16 22:12:12 2015
*filter
:INPUT ACCEPT [310:113030]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [317:18853]
COMMIT
# Completed on Sat May 16 22:12:12 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:12:12 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat May 16 22:12:12 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:12:12 2015
*mangle
:PREROUTING ACCEPT [310:113030]
:INPUT ACCEPT [310:113030]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [317:18853]
:POSTROUTING ACCEPT [317:18853]
COMMIT
# Completed on Sat May 16 22:12:12 2015После (перетыкания проводов, как я понял), я не могу подключиться к серверу по ssh, а соответственно получить вывод этих команд.
Исходная версия
Psych218,
:
До:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether d4:3d:7e:51:45:90 brd ff:ff:ff:ff:ff:ff
inet 87.236.26.30/21 brd 87.236.31.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet 87.236.26.30/24 brd 87.236.31.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::d63d:7eff:fe51:4590/64 scope link
valid_lft forever preferred_lft forever
3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 90:94:e4:82:05:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global enp4s0
valid_lft forever preferred_lft forever
inet6 fe80::9294:e4ff:fe82:537/64 scope link
valid_lft forever preferred_lft foreverip r
default via 87.x.y.1 dev enp2s0 metric 202
87.x.y.0/21 dev enp2s0 proto kernel scope link src 87.x.x.30
87.x.y.0/21 dev enp2s0 proto kernel scope link src 87.x.x.30 metric 202
87.x.z.0/24 dev enp2s0 proto kernel scope link src 87.x.x.30
192.168.0.0/24 dev enp4s0 proto kernel scope link src 192.168.0.254(внешний IP заменил на x и y)
iptables-save без systemctl stop iptables
# Generated by iptables-save v1.4.18 on Sat May 16 22:11:16 2015
*filter
:INPUT ACCEPT [1624100:606811247]
:FORWARD ACCEPT [111734:83792095]
:OUTPUT ACCEPT [1170716:271690232]
:sshguard - [0:0]
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 15581 -m recent --set --name SSH --mask 255.255.255.255 --rsource
-A INPUT -p tcp -m tcp --dport 558 -j sshguard
-A INPUT -p udp -m udp --dport 138 -j DROP
-A INPUT -p udp -j RETURN
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A OUTPUT -p udp -j ACCEPT
-A sshguard -m conntrack --ctstate NEW -m recent --update --seconds 120 --name SSH --mask 255.255.255.255 --rsource -j ACCEPT
-A sshguard -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A sshguard -j DROP
-A sshguard -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 2 --name SSH --mask 255.255.255.255 --rsource -j DROP
COMMIT
# Completed on Sat May 16 22:11:16 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:11:16 2015
*nat
:PREROUTING ACCEPT [7900:505459]
:INPUT ACCEPT [6145:397850]
:OUTPUT ACCEPT [13093:799370]
:POSTROUTING ACCEPT [334:22746]
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat May 16 22:11:16 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:11:16 2015
*mangle
:PREROUTING ACCEPT [1737663:690758415]
:INPUT ACCEPT [1625842:606953190]
:FORWARD ACCEPT [111734:83792095]
:OUTPUT ACCEPT [1945180:686798748]
:POSTROUTING ACCEPT [2056914:770590843]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat May 16 22:11:16 2015iptables-save с systemctl stop iptables
# Generated by iptables-save v1.4.18 on Sat May 16 22:12:12 2015
*filter
:INPUT ACCEPT [310:113030]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [317:18853]
COMMIT
# Completed on Sat May 16 22:12:12 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:12:12 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat May 16 22:12:12 2015
# Generated by iptables-save v1.4.18 on Sat May 16 22:12:12 2015
*mangle
:PREROUTING ACCEPT [310:113030]
:INPUT ACCEPT [310:113030]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [317:18853]
:POSTROUTING ACCEPT [317:18853]
COMMIT
# Completed on Sat May 16 22:12:12 2015После (перетыкания проводов, как я понял), я не могу подключиться к серверу по ssh, а соответственно получить вывод этих команд.