- 论坛徽章:
- 0
|
已经用iptables进行了限制。具体如下:
[root@BRQ7-PROXY ~]# iptables -vxnL
Chain INPUT (policy DROP 30066 packets, 2617537 bytes)
pkts bytes target prot opt in out source destination
640 48942 REJECT all -- * * 192.168.200.0/27 0.0.0.0/0 reject-with icmp-port-unreachable
5691 290252 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 #conn/32 > 20
90510 13301896 ACCEPT tcp -- eth1 * 192.168.200.128/26 0.0.0.0/0 tcp dpt:8080
98065 85864320 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
7 340 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2541 200178 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 51984 packets, 4013057 bytes)
pkts bytes target prot opt in out source destination
10207 515762 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 #conn/32 > 3
169 37528 ACCEPT tcp -- * * 0.0.0.0/0 10.1.0.0/16 tcp dpt:445
117353 85675674 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3162 219005 ACCEPT udp -- * * 0.0.0.0/0 10.1.28.25 udp dpt:53
415 21572 ACCEPT tcp -- * * 192.168.200.128/26 221.*.*.* tcp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.12.152 multiport dports 135,137,139,445
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.1.12.152 multiport dports 135,137,139,445
3 152 ACCEPT tcp -- * * 0.0.0.0/0 10.1.0.0/16 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.0.0/16 tcp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.0.0/16 tcp dpt:7000
25 1300 ACCEPT tcp -- * * 0.0.0.0/0 10.1.0.0/16 tcp dpt:3389
Chain OUTPUT (policy ACCEPT 205883 packets, 126240269 bytes)
pkts bytes target prot opt in out source destination
71 8009 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
Chain RH-Firewall-1-INPUT (0 references)
pkts bytes target prot opt in out source destination
由以上可以看出,192.168.200.17默认应该是封掉的。但是结果却不是,如下,不但可以建立连接,而且能突破20的限制:
[root@BRQ7-PROXY log]# netstat -nat|grep 8080|grep 192.168.200.17|grep ES
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:51026 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:39489 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:38721 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:30273 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:51043 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:51042 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:51049 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:51048 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:51051 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:26625 ESTABLISHED
tcp 0 0 ::ffff:192.168.200.254:8080 ::ffff:192.168.200.17:38689 ESTABLISHED
更奇怪的是,从代理服务器上ping 192.168.200.17不通。用tcpdump抓包也抓不到。诸位能不能帮我想想,是哪儿的问题?应该不是配置的问题,我把自己电脑改成192.168.200.128以下地址(192.168.200.43),就会受到限制,不能连代理服务器。
|
|