Hello Starodumoff Ilya! On Sat, 17 May 2008 00:03:22 +0600 you wrote: > pasv_address=20.13.20.194 > > и подчистить forward надо бы... "кудряво как-то"... :)
Вроде ничего особенного... $IPTABLES -A FORWARD -p tcp -j bad_tcp_packets $IPTABLES -A FORWARD -i $OVZ_IFACE -j ACCEPT $IPTABLES -A FORWARD -m state --state INVALID -j DROP $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \ --log-level DEBUG --log-prefix "IPT FORWARD packet died: " $IPTABLES -A FORWARD -d $WEB1_VE -m state --state NEW -p tcp --dport 21 -j ACCEPT $IPTABLES -A FORWARD -d $WEB1_VE -m state --state NEW -p \ tcp --dport 65000:65535 -j ACCEPT $IPTABLES -A FORWARD -i $INET_IFACE -o $OVZ_IFACE -j ACCEPT $IPTABLES -A FORWARD -i $OVZ_IFACE -o $INET_IFACE -j ACCEPT # Routing VEs outside $IPTABLES -A FORWARD -p all -s $OVZ_NET -o $INET_IFACE -j ACCEPT $IPTABLES -A FORWARD -p all -d $OVZ_NET -i $INET_IFACE -m state \ --state ESTABLISHED,RELATED -j ACCEPT #$IPTABLES -A FORWARD -p all -s $OVZ_NET -j ACCEPT #$IPTABLES -A FORWARD -p all -d $OVZ_NET -j ACCEPT -- Всего наилучшего! Григорий greg [at] anastasia [dot] ru Письмо отправлено: 2008/05/16 22:20 _______________________________________________ Sysadmins mailing list [email protected] https://lists.altlinux.org/mailman/listinfo/sysadmins
