Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 3.13.0-37-generic kernal
- Kernel IP routing table
- Destination Gateway Genmask Flags Metric Ref Use Iface
- 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
- 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
- 10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
- 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
- Settings for eth0:
- Supported ports: [ TP MII ]
- Supported link modes: 10baseT/Half 10baseT/Full
- 100baseT/Half 100baseT/Full
- 1000baseT/Half 1000baseT/Full
- Supported pause frame use: No
- Supports auto-negotiation: Yes
- Advertised link modes: 10baseT/Half 10baseT/Full
- 100baseT/Half 100baseT/Full
- 1000baseT/Half 1000baseT/Full
- Advertised pause frame use: Symmetric Receive-only
- Advertised auto-negotiation: Yes
- Link partner advertised link modes: 10baseT/Half 10baseT/Full
- 100baseT/Half 100baseT/Full
- 1000baseT/Half 1000baseT/Full
- Link partner advertised pause frame use: Symmetric Receive-only
- Link partner advertised auto-negotiation: Yes
- Speed: 1000Mb/s
- Duplex: Full
- Port: MII
- PHYAD: 0
- Transceiver: internal
- Auto-negotiation: on
- Supports Wake-on: pumbg
- Wake-on: g
- Current message level: 0x00000033 (51)
- drv probe ifdown ifup
- Settings for eth1:
- Supported ports: [ TP ]
- Supported link modes: 10baseT/Half 10baseT/Full
- 100baseT/Half 100baseT/Full
- 1000baseT/Full
- Supported pause frame use: No
- Supports auto-negotiation: Yes
- Advertised link modes: 10baseT/Half 10baseT/Full
- 100baseT/Half 100baseT/Full
- 1000baseT/Full
- Advertised pause frame use: No
- Advertised auto-negotiation: Yes
- Speed: 1000Mb/s
- Duplex: Full
- Port: Twisted Pair
- PHYAD: 2
- Transceiver: internal
- Auto-negotiation: on
- MDI-X: off (auto)
- Supports Wake-on: pumbg
- Wake-on: g
- Current message level: 0x00000007 (7)
- drv probe link
- Link detected: yes
- more /etc/network/interfaces
- # interfaces(5) file used by ifup(8) and ifdown(8)
- auto lo
- iface lo inet loopback
- auto eth0
- iface eth0 inet dhcp
- auto eth1
- iface eth1 inet static
- address 10.10.10.10
- network 10.10.10.0
- netmask 255.255.255.0
- broadcast 10.10.10.255
- more /etc/udev/rules.d/70-persistent-net.rules
- # This file was automatically generated by the /lib/udev/write_net_rules
- # program, run by the persistent-net-generator.rules rules file.
- #
- # You can modify it, as long as you keep each rule on a single
- # line, and change only the value of the NAME= key.
- # PCI device 0x8086:0x153b (e1000e)
- SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="bc:5f:f4:b9:0d:25", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
- # PCI device 0x10ec:0x8168 (r8169)
- SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="64:66:b3:02:31:80", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
- Chain PREROUTING (policy ACCEPT 11685 packets, 1204K bytes)
- num pkts bytes target prot opt in out source destination
- Chain INPUT (policy ACCEPT 3332 packets, 698K bytes)
- num pkts bytes target prot opt in out source destination
- Chain OUTPUT (policy ACCEPT 50099 packets, 3341K bytes)
- num pkts bytes target prot opt in out source destination
- Chain POSTROUTING (policy ACCEPT 53301 packets, 3541K bytes)
- num pkts bytes target prot opt in out source destination
- Chain INPUT (policy ACCEPT 690K packets, 252M bytes)
- num pkts bytes target prot opt in out source destination
- Chain FORWARD (policy ACCEPT 184K packets, 145M bytes)
- num pkts bytes target prot opt in out source destination
- 1 0 0 DROP tcp -- eth1 * 10.10.10.0/24 10.0.0.0/24 multiport dports !22,80,443
- Chain OUTPUT (policy ACCEPT 585K packets, 81M bytes)
- num pkts bytes target prot opt in out source destination
- My intention is simple.... to isolate eth0 LAN from eth1 LAN in (nearly) every way except --dport 22 etc (see rule in chain)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
