Salut lume, Ma gasesc in postura de sysadmin la distanta pentru un server LInux care face masquerade pentru o cireada de statii windoz. Recent vreo doi utilizatori si-au instalat ceva virusi, ca sa nu ma plictisesc eu seara. Pina remediez problema de la sursa, vreau sa blochez accesul oricarei statii de lucru la portul SMTP al oricarui server (cu exceptia serverului local). Pentru asta am scris asa:
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport smtp -j logdrop Asta e prima regula din FORWARD, care dupa mine ar trebui sa faca ce am descris. Chain-ul "logdrop" face log + drop, si atit. Cu mare neplacere observ ca: [EMAIL PROTECTED]:~$ sudo netstat-nat -n | grep 192.168.0.200 | grep :25 tcp 192.168.0.200:3458 209.204.157.124:25 ESTABLISHED tcp 192.168.0.200:3452 192.193.221.102:25 ESTABLISHED tcp 192.168.0.200:1804 165.21.74.122:25 ESTABLISHED tcp 192.168.0.200:1581 206.18.177.26:25 ESTABLISHED [EMAIL PROTECTED]:~$ sudo netstat-nat -n | grep 192.168.0.200 | grep :25 tcp 192.168.0.200:1590 195.22.237.122:25 ESTABLISHED tcp 192.168.0.200:3458 209.204.157.124:25 ESTABLISHED tcp 192.168.0.200:3452 192.193.221.102:25 ESTABLISHED tcp 192.168.0.200:1804 165.21.74.122:25 ESTABLISHED tcp 192.168.0.200:1581 206.18.177.26:25 ESTABLISHED Adica daca bine inteleg, statia respectiva continua sa deschida conexiuni pe portul 25. Daca rulez iptables -L -v, nu vad nici un pachet filtrat de regula respectiva: ... Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 logdrop tcp -- any any 192.168.0.0/24 anywhere tcp dpt:smtp 1310 527K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 valid-src all -- eth1 any anywhere anywhere ... Scriptul complet de firewall e atasat. Am inteles cumva aiurea ce face FORWARD ? Ce nu fac bine ? Multumesc anticipat, Mihai
_______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug
