[root@F5:Active] config # ifconfig eth0 Link encap:Ethernet HWaddr 00:01:D7:C3:30:C1 inet6 addr: fe80::201:d7ff:fec3:30c1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12498 errors:0 dropped:0 overruns:0 frame:0 TX packets:12572 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1661936 (1.5 MiB) TX bytes:1736530 (1.6 MiB) Interrupt:233 Memory:fdfe0000-fdff0000 eth0.1 Link encap:Ethernet HWaddr 00:01:D7:C3:30:C1 inet addr:127.2.0.2 Bcast:127.2.0.255 Mask:255.255.255.0 inet6 addr: fe80::201:d7ff:fec3:30c1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11067 errors:0 dropped:0 overruns:0 frame:0 TX packets:11058 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1166194 (1.1 MiB) TX bytes:1081395 (1.0 MiB) eth0:mgmt Link encap:Ethernet HWaddr 00:01:D7:C3:30:C1 inet addr:192.168.1.245 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:233 Memory:fdfe0000-fdff0000 inside Link encap:Ethernet HWaddr 00:01:D7:C3:30:C3 inet addr:192.168.3.18 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr: fe80::201:d7ff:fec3:30c3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:69690 errors:0 dropped:0 overruns:0 frame:0 TX packets:49892 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:17012429 (16.2 MiB) TX bytes:14199806 (13.5 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.255.255.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:352393 errors:0 dropped:0 overruns:0 frame:0 TX packets:352393 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:40251897 (38.3 MiB) TX bytes:40251897 (38.3 MiB) tmm0 Link encap:Ethernet HWaddr 00:98:76:54:32:10 inet addr:127.1.1.1 Bcast:127.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::298:76ff:fe54:3210/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1009 errors:0 dropped:0 overruns:0 frame:0 TX packets:1634 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:58093 (56.7 KiB) TX bytes:1999100 (1.9 MiB) vlan_172 Link encap:Ethernet HWaddr 00:01:D7:C3:30:C4 inet6 addr: fe80::201:d7ff:fec3:30c4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:468 (468.0 b)
[root@F5:Active] config # ip route 127.1.1.0/24 dev tmm0 proto kernel scope link src 127.1.1.1 192.168.3.0/24 dev inside proto kernel scope link src 192.168.3.18 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.245 127.2.0.0/24 dev eth0.1 proto kernel scope link src 127.2.0.2 10.0.0.0/16 dev inside proto kernel scope link src 10.0.0.151 default via 192.168.3.1 dev inside
[root@F5:Active] config # tcpdump tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 108 bytes 16:13:23.428694 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:23.431538 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:25.433745 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:25.436138 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:26.426907 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:26.437609 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:27.437792 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 16:13:27.440174 IP F5.3900.Test.6215 > sccp.6216: UDP, length 48 8 packets captured 8 packets received by filter 0 packets dropped by kernel
[root@F5:Active] config # iptables --version iptables v1.3.5 [root@F5:Active] config # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- sccp F5.3900.Test ACCEPT all -- F5.3900.Test F5.3900.Test DROP all -- anywhere F5.3900.Test Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。