Re: [leaf-user] thttpd behind lrp

C. Dummy Sat, 16 Nov 2002 13:08:26 -0800


C. Dummy wrote:

I should also show results from lrp box:
ip addr:
1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:11:fc:96 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:08:a8:37:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 10
link/ppp
inet 66.203.191.254 peer 66.203.188.1/32 scope global ppp0

ip route:
66.203.188.1 dev ppp0 proto kernel scope link src 66.203.191.254
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 66.203.188.1 dev ppp0
net ipfilter list:
Chain input (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 ppp0 0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 192.168.1.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 66.203.191.254 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 ppp0 0.0.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 ppp0 0.0.0.0/0 192.168.1.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 135
31 2418 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 135
11 528 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0 216.171.153.128/25 0.0.0.0/0 * -> 22
13 686 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 80
5 284 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 113
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 1023
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 21
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 6699
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 6698
0 0 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 6112
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 113
116 5568 ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 1024:9099
11266 14M ACCEPT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 9103:65535
0 0 REJECT udp ----l- 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 68
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 6256
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 6257
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 7777
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 7778
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 7779
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 27900
0 0 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 6112
0 0 DENY udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 67
116 28265 ACCEPT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
2 116 ACCEPT icmp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 n/a
0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 161:162 -> *
7348 582K ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> *
7262 571K MASQ all ------ 0xFF 0x00 ppp0 192.168.1.0/24 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
18835 14M fairq all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 ppp0 240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 ppp0 192.168.1.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 ppp0 0.0.0.0/0 0.0.0.0/0 135 -> *
18835 14M ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 520
0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 520 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 179
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 179 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> *
121 7584 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53
85 17320 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 23
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 23 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 22 -> *
AutoFW:
Type Prot Low High Vis Hid Where Last CPto CPrt Timer Flags
1 6 17E0-17E0/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 17E0-17E0/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 6CFC-6CFC/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 1E63-1E63/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 1E62-1E62/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 1E61-1E61/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 1870-1870/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 6 1A2A-1A2A/0000 0000 C0A801CA 00000000 0000 0000 0 2
1 11 1871-1871/0000 0000 C0A801C9 00000000 0000 0000 0 2
1 6 1A2B-1A2B/0000 0000 C0A801C9 00000000 0000 0000 0 2
MarkFW:
fwmark rediraddr rport pcnt pref
PortFW:
prot localaddr rediraddr lport rport pcnt pref
UDP 66.203.191.254 192.168.1.202 6256 6256 10 10
UDP 66.203.191.254 192.168.1.201 6257 6257 10 10
TCP 66.203.191.254 192.168.1.202 6698 6698 10 10
TCP 66.203.191.254 192.168.1.201 6699 6699 10 10
TCP 66.203.191.254 192.168.1.203 80 80 6 10
TCP 66.203.191.254 192.168.1.201 21 21 10 10

netstat -ln:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1023 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:53 0.0.0.0:* udp 0 0 0.0.0.0:67 0.0.0.0:* udp 0 0 0.0.0.0:69 0.0.0.0:* raw 0 0 0.0.0.0:1 0.0.0.0:* 7 raw 0 0 0.0.0.0:1 0.0.0.0:* 7 raw 0 0 0.0.0.0:6 0.0.0.0:* 7 Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 1530 /dev/log

C. Dummy wrote:

Sorry my mistake.
INTERN_WWW_SERVER=192.168.1.203 is uncomented on lrp box the rest of changes below on thttpd box.
Commands ran on thttpd box:
ip addr
1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c8:35:20:e9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.203/24 brd 192.168.1.255 scope global eth0

ip route
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.203
default via 192.168.1.254 dev eth0
net ipfilter list
Chain input (policy ACCEPT: 59 packets, 6090 bytes):
Chain forward (policy ACCEPT: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 43 packets, 3464 bytes):
AutoFW:
MarkFW:
PortFW:

netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:1023 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:69 0.0.0.0:* raw 0 0 0.0.0.0:1 0.0.0.0:* 7 raw 0 0 0.0.0.0:6 0.0.0.0:* 7 Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 1111 /dev/log
Thanks for help
Andrey

-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] thttpd behind lrp

Reply via email to