Доброго времени суток. Вопрос уже задавал одному из участников форума, но явного ответа не получил, но не будем говорить о компетентности, все бывает Далее по теме:
uname -a
Linux vifiteh-wstat 2.6.31.12-0.2-default #1 SMP 2010-03-16 21:25:39 +0100 i686 i686 i386 GNU/Linux
OS: OpenSuse 11.2
eth2 - internet
eth1 - lan
почему в netstat -an|grep tcp отражается только eth1 а eth2 молчит? с FW может это быть связанно?
ifconfig -a
eth1 Link encap:Ethernet HWaddr 00:13:D4:F3:98:3D
inet addr:192.168.0.211 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8955612 errors:0 dropped:0 overruns:0 frame:0
TX packets:5855948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:802018489 (764.8 Mb) TX bytes:1411214749 (1345.8 Mb)
Interrupt:23 Base address:0xec00
eth2 Link encap:Ethernet HWaddr 00:14:D1:15:E2:E6
inet addr:192.168.1.36 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5851383 errors:0 dropped:0 overruns:0 frame:0
TX packets:8540280 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1411169036 (1345.7 Mb) TX bytes:770495561 (734.8 Mb)
Interrupt:17 Base address:0xe400
netstat -i
netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth1 1500 0 8956042 0 0 0 5856230 0 0 0 BMRU
eth2 1500 0 5851654 0 0 0 8540590 0 0 0 BMRU
lo 16436 0 458 0 0 0 458 0 0 0 LRU
netstat -an|grep tcp
# netstat -an|grep tcp
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.211:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.211:3128 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.211:22 192.168.0.220:59056 ESTABLISHED
iptables -L -n -v
iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
52 2600 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1544 112K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED
12262 1731K input_int all -- eth1 * 0.0.0.0/0 0.0.0.0/0
559 64162 input_ext all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
69900 4025K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
489K 188M forward_int all -- eth1 * 0.0.0.0/0 0.0.0.0/0
489K 387M forward_ext all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 181 packets, 7240 bytes)
pkts bytes target prot opt in out source destination
52 2600 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
1255 825K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
105 4200 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '
Chain forward_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
391 30240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
62 4240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 5
0 0 LOG all -- * * 192.168.1.36 192.168.0.211 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-FWDext-ACC-FORW '
0 0 ACCEPT all -- * * 192.168.1.36 192.168.0.211 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.0.211 192.168.1.36 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.13 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.25 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.29 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.42 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.51 state RELATED,ESTABLISHED
220K 112M ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.53 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.58 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.212 state RELATED,ESTABLISHED
19690 24M ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.219 state RELATED,ESTABLISHED
68464 60M ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.220 state RELATED,ESTABLISHED
5941 905K ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.222 state RELATED,ESTABLISHED
175K 189M ACCEPT all -- eth2 eth1 0.0.0.0/0 192.168.0.225 state RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain forward_int (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
19 2985 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3 code 2
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 5
0 0 LOG all -- * * 192.168.1.36 192.168.0.211 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-FWDint-ACC-FORW '
0 0 ACCEPT all -- * * 192.168.1.36 192.168.0.211 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.0.211 192.168.1.36 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.13 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.25 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.29 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.42 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.51 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
272K 161M ACCEPT all -- eth1 eth2 192.168.0.53 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.58 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 eth2 192.168.0.212 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
15655 1575K ACCEPT all -- eth1 eth2 192.168.0.219 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
66309 10M ACCEPT all -- eth1 eth2 192.168.0.220 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
6013 461K ACCEPT all -- eth1 eth2 192.168.0.222 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
129K 14M ACCEPT all -- eth1 eth2 192.168.0.225 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
182 10081 reject_func all -- * * 0.0.0.0/0 0.0.0.0/0
Chain input_ext (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG tcp -- * * 192.168.0.0/24 0.0.0.0/0 limit: avg 3/min burst 5 state NEW tcp dpt:3128 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TRUST '
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:3128
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 mark match 0x1 state NEW LOG flags 6 level 4 prefix `SFW2-INext-ACC-REDIR '
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED mark match 0x1
115 3220 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
444 60942 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain input_int (1 references)
pkts bytes target prot opt in out source destination
41 14140 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast udp dpt:67
12185 1713K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG tcp -- * * 192.168.0.0/24 0.0.0.0/0 limit: avg 3/min burst 5 state NEW tcp dpt:3128 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TRUST '
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:3128
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:80 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:443 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:53 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:25 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:465 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:3128 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
2 128 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-ACC-TCP '
2 128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
7 2310 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 mark match 0x1 state NEW LOG flags 6 level 4 prefix `SFW2-INint-ACC-REDIR '
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED mark match 0x1
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
27 1548 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4 prefix `SFW2-INint-DROP-DEFLT '
27 1548 reject_func all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject_func (2 references)
pkts bytes target prot opt in out source destination
209 11629 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
#
может FW косячно настроен? я не могу понять почему он eth2 не отображает все соеденения O_o http и тд Может я что не догоняю?