API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 19th, 2017
192
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.33 KB | None | 0 0
raw download clone embed print report
  1. root@localhost:~# ip a
  2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
  3. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  4. inet 127.0.0.1/8 scope host lo
  5. inet6 ::1/128 scope host
  6. valid_lft forever preferred_lft forever
  7. 2: bcm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state UNKNOWN qlen 1000
  8. link/ether 02:10:18:01:00:01 brd ff:ff:ff:ff:ff:ff
  9. 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  10. link/ether a0:1d:48:f7:0b:c6 brd ff:ff:ff:ff:ff:ff
  11. 4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  12. link/ether a0:1d:48:f7:0b:c7 brd ff:ff:ff:ff:ff:ff
  13. 5: dsl0: <NO-CARRIER,UP> mtu 0 qdisc noop state DOWN
  14. link/[29]
  15. 6: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  16. link/ether a0:1d:48:f7:0b:c8 brd ff:ff:ff:ff:ff:ff
  17. 7: eth3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  18. link/ether a0:1d:48:f7:0b:c9 brd ff:ff:ff:ff:ff:ff
  19. 8: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  20. link/ether a0:1d:48:f7:0b:ca brd ff:ff:ff:ff:ff:ff
  21. inet 178.165.50.111/24 brd 178.165.50.255 scope global eth4
  22. 9: bcmport: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  23. link/ether 02:10:18:01:00:01 brd ff:ff:ff:ff:ff:ff
  24. 10: ip6tnl0: <NOARP> mtu 1460 qdisc noop state DOWN
  25. link/tunnel6 :: brd ::
  26. 11: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN
  27. link/ipip 0.0.0.0 brd 0.0.0.0
  28. 12: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
  29. link/sit 0.0.0.0 brd 0.0.0.0
  30. 13: wl0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
  31. link/ether a0:1d:48:f7:0b:c0 brd ff:ff:ff:ff:ff:ff
  32. 14: wl1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
  33. link/ether a0:1d:48:f7:0b:c4 brd ff:ff:ff:ff:ff:ff
  34. 15: wl0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  35. link/ether a0:1d:48:f7:0b:c1 brd ff:ff:ff:ff:ff:ff
  36. 16: wl0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  37. link/ether a0:1d:48:f7:0b:c2 brd ff:ff:ff:ff:ff:ff
  38. 17: wl0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  39. link/ether a0:1d:48:f7:0b:c3 brd ff:ff:ff:ff:ff:ff
  40. 18: wl1.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
  41. link/ether a0:1d:48:f7:0b:c5 brd ff:ff:ff:ff:ff:ff
  42. 19: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
  43. link/ether a0:1d:48:f7:0b:c0 brd ff:ff:ff:ff:ff:ff
  44. inet 172.16.0.1/24 brd 172.16.0.255 scope global br0
  45. inet6 fe80::a21d:48ff:fef7:bc0/64 scope link
  46. valid_lft forever preferred_lft forever
  47. 26: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3
  48. link/ppp
  49. inet 10.33.33.1 peer 10.33.33.33/32 scope global ppp0
  50.  
  51. root@localhost:~# ip r
  52. 10.33.33.33 dev ppp0 proto kernel scope link src 10.33.33.1
  53. 95.142.206.0/24 dev ppp0 scope link
  54. 213.180.204.0/24 dev ppp0 scope link
  55. 5.255.255.0/24 dev ppp0 scope link
  56. 172.16.0.0/24 dev br0 proto kernel scope link src 172.16.0.1
  57. 93.158.134.0/24 dev ppp0 scope link
  58. 213.180.193.0/24 dev ppp0 scope link
  59. 178.165.50.0/24 dev eth4 proto kernel scope link src 178.165.50.111
  60. 77.88.55.0/24 dev ppp0 scope link
  61. 185.32.248.0/22 dev ppp0 scope link
  62. 93.186.224.0/21 dev ppp0 scope link
  63. 95.142.192.0/21 dev ppp0 scope link
  64. 93.186.232.0/21 dev ppp0 scope link
  65. 95.213.0.0/18 dev ppp0 scope link
  66. 87.240.128.0/18 dev ppp0 scope link
  67. 87.250.0.0/16 dev ppp0 scope link
  68. 178.248.0.0/16 dev ppp0 scope link
  69. 178.154.0.0/16 dev ppp0 scope link
  70. default via 178.165.50.1 dev eth4
  71.  
  72. root@localhost:~# iptables -S
  73. -P INPUT ACCEPT
  74. -P FORWARD ACCEPT
  75. -P OUTPUT ACCEPT
  76. -N CMWSIn
  77. -N CWMP2In
  78. -N CWMP2Out
  79. -N CWMPIn
  80. -N CWMPOut
  81. -N DHCPServices
  82. -N DNSIn
  83. -N FTPLocalIn
  84. -N FTPRemoteIn
  85. -N Firewall
  86. -N Firewall.LHigh
  87. -N Firewall.LLow
  88. -N FirewallIn
  89. -N FirewallIn.LHigh
  90. -N FirewallIn.LLow
  91. -N FirewallOut
  92. -N ForwardAllow
  93. -N ForwardAllow_DMZ
  94. -N ForwardAllow_IPsec
  95. -N ForwardAllow_MC
  96. -N ForwardAllow_PortMapping
  97. -N ForwardAllow_Rtsp
  98. -N ForwardAllow_Tunnel
  99. -N ForwardDeny
  100. -N ForwardDeny.br0
  101. -N GUILocalIn
  102. -N GUILocalIn_
  103. -N GUILocalOut
  104. -N GUIRemoteIn
  105. -N GUIRemoteIn_
  106. -N HTTPLocalIn
  107. -N HTTPRemoteIn
  108. -N IGMPProxyIn
  109. -N IPsecIn
  110. -N InputDeny
  111. -N InputDeny.br0
  112. -N NATPM.4
  113. -N NATPM.5
  114. -N NATPM.6
  115. -N OutputAllow
  116. -N OutputAllow_LocalServices
  117. -N RtspIn
  118. -N RtspOut
  119. -N SNMPIn
  120. -N SSHLocalIn
  121. -N SSHLocalIn_
  122. -N SSHLocalOut
  123. -N SSHRemoteIn
  124. -N SSHRemoteIn_
  125. -N SSHRemoteOut
  126. -N SambaIn
  127. -N SambaOut
  128. -N ServicesIn
  129. -N ServicesOut
  130. -N TelnetLocalIn
  131. -N TelnetLocalIn_
  132. -N TelnetRemoteIn
  133. -N TelnetRemoteIn_
  134. -N TunnelIn
  135. -A INPUT -j SambaIn
  136. -A INPUT -i lo -j ACCEPT
  137. -A INPUT -j InputDeny
  138. -A INPUT -j ServicesIn
  139. -A INPUT -j FirewallIn
  140. -A FORWARD -j ForwardAllow
  141. -A FORWARD -j ForwardDeny
  142. -A FORWARD -j Firewall
  143. -A OUTPUT -j SambaOut
  144. -A OUTPUT -o lo -j ACCEPT
  145. -A OUTPUT -j OutputAllow
  146. -A OUTPUT -j RtspOut
  147. -A OUTPUT -j FirewallOut
  148. -A DHCPServices -i br0 -p udp -m multiport --dports 67:68 -j ACCEPT
  149. -A DNSIn -i eth4 -p udp -m udp --dport 53 -j DROP
  150. -A DNSIn -i eth4 -p tcp -m tcp --dport 53 -j DROP
  151. -A Firewall.LHigh -o eth4 -p tcp -m multiport --dports 20,21,22,23,25,53,80,110,143,443 -j ACCEPT
  152. -A Firewall.LHigh -o eth4 -p udp -m udp --dport 53 -j ACCEPT
  153. -A Firewall.LHigh -m state --state RELATED,ESTABLISHED -j ACCEPT
  154. -A Firewall.LHigh -j DROP
  155. -A Firewall.LLow -i eth4 -m state --state INVALID,NEW,UNTRACKED -j DROP
  156. -A FirewallIn.LHigh -d 172.16.0.1/32 -i eth4 -j DROP
  157. -A FirewallIn.LLow -d 172.16.0.1/32 -i eth4 -j DROP
  158. -A ForwardAllow -j ForwardAllow_MC
  159. -A ForwardAllow -j ForwardAllow_DMZ
  160. -A ForwardAllow -j ForwardAllow_Rtsp
  161. -A ForwardAllow -j ForwardAllow_PortMapping
  162. -A ForwardAllow -j ForwardAllow_IPsec
  163. -A ForwardAllow -j ForwardAllow_Tunnel
  164. -A ForwardAllow_MC -m pkttype --pkt-type multicast -j ACCEPT
  165. -A ForwardAllow_PortMapping -j NATPM.4
  166. -A ForwardAllow_PortMapping -j NATPM.5
  167. -A ForwardAllow_PortMapping -j NATPM.6
  168. -A ForwardDeny -j ForwardDeny.br0
  169. -A ForwardDeny -i eth4 -m state --state INVALID,NEW,UNTRACKED -j DROP
  170. -A ForwardDeny -o eth4 -m state --state INVALID -j DROP
  171. -A GUILocalIn ! -p tcp -j RETURN
  172. -A GUILocalIn -p tcp -m multiport ! --dports 80,4433 -j RETURN
  173. -A GUILocalIn -d 172.16.0.1/32 -j GUILocalIn_
  174. -A GUILocalIn_ -j ACCEPT
  175. -A GUILocalIn_ -j DROP
  176. -A GUIRemoteIn ! -p tcp -j RETURN
  177. -A GUIRemoteIn -p tcp -m multiport ! --dports 8080,443 -j RETURN
  178. -A GUIRemoteIn -d 178.165.50.111/32 -j GUIRemoteIn_
  179. -A GUIRemoteIn_ -j ACCEPT
  180. -A GUIRemoteIn_ -j DROP
  181. -A IGMPProxyIn -i wl0 -p igmp -j ACCEPT
  182. -A IGMPProxyIn -i eth0 -p igmp -j ACCEPT
  183. -A IGMPProxyIn -i eth1 -p igmp -j ACCEPT
  184. -A IGMPProxyIn -i eth2 -p igmp -j ACCEPT
  185. -A IGMPProxyIn -i eth3 -p igmp -j ACCEPT
  186. -A InputDeny -j InputDeny.br0
  187. -A NATPM.4 -d 172.16.0.111/32 -i br+ -p tcp -j ACCEPT
  188. -A NATPM.4 -d 172.16.0.111/32 -p tcp -m conntrack --ctstate DNAT -j ACCEPT
  189. -A NATPM.5 -d 172.16.0.111/32 -i br+ -p tcp -j ACCEPT
  190. -A NATPM.5 -d 172.16.0.111/32 -p tcp -m conntrack --ctstate DNAT -j ACCEPT
  191. -A NATPM.6 -d 172.16.0.111/32 -i br+ -p udp -j ACCEPT
  192. -A NATPM.6 -d 172.16.0.111/32 -p udp -m conntrack --ctstate DNAT -j ACCEPT
  193. -A OutputAllow_LocalServices -j CWMPOut
  194. -A OutputAllow_LocalServices -j CWMP2Out
  195. -A OutputAllow_LocalServices -j GUILocalOut
  196. -A OutputAllow_LocalServices -j SSHLocalOut
  197. -A SSHLocalIn ! -p tcp -j RETURN
  198. -A SSHLocalIn -p tcp -m multiport ! --dports 22 -j RETURN
  199. -A SSHLocalIn -d 172.16.0.1/32 -i br0 -j SSHLocalIn_
  200. -A SSHLocalIn_ -j ACCEPT
  201. -A SSHLocalIn_ -j DROP
  202. -A SSHRemoteIn ! -p tcp -j RETURN
  203. -A SSHRemoteIn -p tcp -m multiport ! --dports 2222 -j RETURN
  204. -A SSHRemoteIn -d 178.165.50.111/32 -i eth4 -j SSHRemoteIn_
  205. -A SSHRemoteIn_ -j ACCEPT
  206. -A SSHRemoteIn_ -j DROP
  207. -A ServicesIn -j DNSIn
  208. -A ServicesIn -j CWMPIn
  209. -A ServicesIn -j CWMP2In
  210. -A ServicesIn -j SSHRemoteIn
  211. -A ServicesIn -j SSHLocalIn
  212. -A ServicesIn -j GUIRemoteIn
  213. -A ServicesIn -j GUILocalIn
  214. -A ServicesIn -j HTTPRemoteIn
  215. -A ServicesIn -j HTTPLocalIn
  216. -A ServicesIn -j DHCPServices
  217. -A ServicesIn -j RtspIn
  218. -A ServicesIn -j SNMPIn
  219. -A ServicesIn -j CMWSIn
  220. -A ServicesIn -j TelnetRemoteIn
  221. -A ServicesIn -j TelnetLocalIn
  222. -A ServicesIn -j FTPRemoteIn
  223. -A ServicesIn -j FTPLocalIn
  224. -A ServicesIn -j IGMPProxyIn
  225. -A ServicesIn -j IPsecIn
  226. -A ServicesIn -j TunnelIn
  227. -A TelnetLocalIn ! -p tcp -j RETURN
  228. -A TelnetLocalIn -p tcp -m multiport ! --dports 23 -j RETURN
  229. -A TelnetLocalIn -d 172.16.0.1/32 -j TelnetLocalIn_
  230. -A TelnetLocalIn_ -j ACCEPT
  231. -A TelnetLocalIn_ -j DROP
  232. -A TelnetRemoteIn_ -j ACCEPT
  233. -A TelnetRemoteIn_ -j DROP
  234.  
  235. root@localhost:~# iptables -S -t nat
  236. -P PREROUTING ACCEPT
  237. -P POSTROUTING ACCEPT
  238. -P OUTPUT ACCEPT
  239. -N CP
  240. -N CbpcRedirect
  241. -N DMZ
  242. -N DMZ_SNAT
  243. -N IP_PHONE_br0
  244. -N NATIpPhone
  245. -N NATPM.4
  246. -N NATPM.4_SNAT
  247. -N NATPM.5
  248. -N NATPM.5_SNAT
  249. -N NATPM.6
  250. -N NATPM.6_SNAT
  251. -N NATSkip_ACS
  252. -N NATSkip_CMWS
  253. -N NATSkip_CWMP2
  254. -N NATSkip_GUILocal
  255. -N NATSkip_GUIRemote
  256. -N NATSkip_HTTPLocal
  257. -N NATSkip_HTTPRemote
  258. -N NATSkip_IPsec
  259. -N NATSkip_SSHLocal
  260. -N NATSkip_SSHRemote
  261. -N NATSkip_TelnetLocal
  262. -N NATSkip_TelnetRemote
  263. -N NATSkip_VoIP_FaxT38
  264. -N NATSkip_VoIP_RTP
  265. -N NATSkip_VoIP_SIP
  266. -N NATSkip_VoIP_SIP2
  267. -N NATeth4
  268. -N PortMapping
  269. -N RtspRedirect
  270. -N Rtsp_dnat
  271. -N Rtsp_snat
  272. -N SNATSkip_IPsec
  273. -N SNAT_DMZ
  274. -N SNAT_NATPM.4
  275. -N SNAT_NATPM.5
  276. -N SNAT_NATPM.6
  277. -N SnatMapping
  278. -A PREROUTING -j RtspRedirect
  279. -A PREROUTING -j NATSkip_GUIRemote
  280. -A PREROUTING -j NATSkip_GUILocal
  281. -A PREROUTING -j NATSkip_HTTPRemote
  282. -A PREROUTING -j NATSkip_HTTPLocal
  283. -A PREROUTING -j NATSkip_CMWS
  284. -A PREROUTING -j NATSkip_ACS
  285. -A PREROUTING -j NATSkip_CWMP2
  286. -A PREROUTING -j NATSkip_SSHRemote
  287. -A PREROUTING -j NATSkip_SSHLocal
  288. -A PREROUTING -j NATSkip_TelnetRemote
  289. -A PREROUTING -j NATSkip_TelnetLocal
  290. -A PREROUTING -j NATSkip_VoIP_FaxT38
  291. -A PREROUTING -j NATSkip_VoIP_RTP
  292. -A PREROUTING -j NATSkip_VoIP_SIP
  293. -A PREROUTING -j NATSkip_VoIP_SIP2
  294. -A PREROUTING -j PortMapping
  295. -A PREROUTING -j Rtsp_dnat
  296. -A PREROUTING -j DMZ
  297. -A PREROUTING -j DMZ_SNAT
  298. -A PREROUTING -j NATSkip_IPsec
  299. -A PREROUTING ! -i pr+ -j CP
  300. -A PREROUTING -j CbpcRedirect
  301. -A POSTROUTING -j SnatMapping
  302. -A POSTROUTING -j Rtsp_snat
  303. -A POSTROUTING -j SNAT_DMZ
  304. -A POSTROUTING -j SNATSkip_IPsec
  305. -A POSTROUTING -j NATIpPhone
  306. -A POSTROUTING -o eth4 -j NATeth4
  307. -A IP_PHONE_br0 -s 172.16.0.0/24 ! -d 172.16.0.0/24 -p udp -m udp --sport 5060 -j MASQUERADE --to-ports 49152-65535
  308. -A IP_PHONE_br0 -s 172.16.0.0/24 ! -d 172.16.0.0/24 -p udp -m udp --dport 5060 -m multiport ! --sports 5060 -j MASQUERADE --to-ports 49152-65535
  309. -A NATIpPhone -j IP_PHONE_br0
  310. -A NATPM.4 -d 178.165.50.111/32 -p tcp -m tcp --dport 4242 -j DNAT --to-destination 172.16.0.111
  311. -A NATPM.4_SNAT -d 178.165.50.111/32 -i br+ -p tcp -m tcp --dport 4242 -j DNAT --to-destination 172.16.0.111
  312. -A NATPM.5 -d 178.165.50.111/32 -p tcp -m tcp --dport 33123 -j DNAT --to-destination 172.16.0.111
  313. -A NATPM.5_SNAT -d 178.165.50.111/32 -i br+ -p tcp -m tcp --dport 33123 -j DNAT --to-destination 172.16.0.111
  314. -A NATPM.6 -d 178.165.50.111/32 -p udp -m udp --dport 33123 -j DNAT --to-destination 172.16.0.111
  315. -A NATPM.6_SNAT -d 178.165.50.111/32 -i br+ -p udp -m udp --dport 33123 -j DNAT --to-destination 172.16.0.111
  316. -A NATSkip_GUILocal -d 172.16.0.1/32 -i br0 -p tcp -m multiport --dports 80,4433 -j ACCEPT
  317. -A NATSkip_GUIRemote -d 178.165.50.111/32 -i eth4 -p tcp -m multiport --dports 8080,443 -j ACCEPT
  318. -A NATSkip_SSHLocal -d 172.16.0.1/32 -i br0 -p tcp -m tcp --dport 22 -j ACCEPT
  319. -A NATSkip_SSHRemote -d 178.165.50.111/32 -i eth4 -p tcp -m tcp --dport 2222 -j ACCEPT
  320. -A NATSkip_TelnetLocal -d 172.16.0.1/32 -i br0 -p tcp -m tcp --dport 23 -j ACCEPT
  321. -A NATeth4 -o eth4 -j MASQUERADE
  322. -A PortMapping -j NATPM.6
  323. -A PortMapping -j NATPM.6_SNAT
  324. -A PortMapping -j NATPM.5
  325. -A PortMapping -j NATPM.5_SNAT
  326. -A PortMapping -j NATPM.4
  327. -A PortMapping -j NATPM.4_SNAT
  328. -A SNAT_NATPM.4 -d 172.16.0.111/32 -p tcp -m tcp --dport 4242 -m emark --mark 0x1/0x1 -m conntrack --ctstate DNAT -j MASQUERADE
  329. -A SNAT_NATPM.5 -d 172.16.0.111/32 -p tcp -m tcp --dport 33123 -m emark --mark 0x1/0x1 -m conntrack --ctstate DNAT -j MASQUERADE
  330. -A SNAT_NATPM.6 -d 172.16.0.111/32 -p udp -m udp --dport 33123 -m emark --mark 0x1/0x1 -m conntrack --ctstate DNAT -j MASQUERADE
  331. -A SnatMapping -j SNAT_NATPM.6
  332. -A SnatMapping -j SNAT_NATPM.5
  333. -A SnatMapping -j SNAT_NATPM.4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!