Re: Mistika su routingu [arulis @ 2009-01-06 23:56:10] — Newsgroups.lt

Tema: Re: Mistika su routingu

Autorius: arulis

Data: 2009-01-06 23:56:10

gal isp ziuri koki ttl paketo? ar ISP is viso leidzia tau natinti pagal 
sutarti?

"Arturas Slajus" <x11@ISTRINK_MANEarturaz.net> wrote in message 
news:gk0d57$3dr$1@trimpas.omnitel.net...
> Sveiki :)
>
> Apturiu siuo metu tokia keista, is niekur ishdygusia problema ir mastau ar 
> rekt ant ISP ar ne :)
>
> Neseniai dingo ryshys su kai kuriais uzhsienio saitais (pvz digg.com, 
> yahoo kai kuriais servais). Smagiausia, kad jeigu ishjungiu firewalla 
> (iptables 1.4.1.1) - t.y. isvalau visas taisykles - atsiranda tas rysys is 
> localhosto. Su links galiu browsint.
>
> Bet jei pridedi 1 taisykle:
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
> (arba SNAT, skirtumo ner)
>
> bam! po 3-5 sekundziu dingsta rysis su tais psl. Kiti skrenda normaliai.
>
> Tos 3-5 sekundes man suka galva, kad cia ISP kaltas.
>
> + kitas dalykas, jeigu imetu dar ir sita:
>
> iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -j DROP
>
> Tai praeina tos 3-5 sekundes ir atsiranda vel i digg.com rysys :))
> toks jausmas, kad ISP filtruoja kazkokiu mistiniu budu.
>
> Geriausia, kad jeigu yra toks taisykliu rinkinys:
>
> # Generated by iptables-save v1.4.1.1 on Tue Jan  6 21:56:58 2009
> *nat
> :PREROUTING ACCEPT [1150:96504]
> :POSTROUTING ACCEPT [45:2631]
> :OUTPUT ACCEPT [14:885]
> -A POSTROUTING -s 192.168.0.0/16 -o eth1 -j DROP
> -A POSTROUTING -o eth1 -j MASQUERADE
> COMMIT
> # Completed on Tue Jan  6 21:56:58 2009
> # Generated by iptables-save v1.4.1.1 on Tue Jan  6 21:56:58 2009
> *mangle
> :PREROUTING ACCEPT [73852:60657760]
> :INPUT ACCEPT [830:108703]
> :FORWARD ACCEPT [72989:60539679]
> :OUTPUT ACCEPT [808:91421]
> :POSTROUTING ACCEPT [73797:60631100]
> COMMIT
> # Completed on Tue Jan  6 21:56:58 2009
> # Generated by iptables-save v1.4.1.1 on Tue Jan  6 21:56:58 2009
> *filter
> :INPUT ACCEPT [830:108703]
> :FORWARD ACCEPT [72992:60539811]
> :OUTPUT ACCEPT [808:91421]
> COMMIT
> # Completed on Tue Jan  6 21:56:58 2009
>
> Tai ish localhosto irgi skrenda digg.com :)
>
> Gal kas turit ideju, kuom tas digg ir yahoo toks mistiskai ypatingas ir 
> kas cia is vis vyksta? :)

3D astronomy agriculture audio autos autos.audi autos.audio autos.binaries autos.bmw autos.club autos.ford autos.hondacrx autos.japan autos.mercedes autos.opel autos.sport autos.volvo autos.vw avia avia.binaries bankcards binaries books building cinema commerce comp.hardware comp.software comp.lietuvinimas comp.networks culture darbas.ieskau darbas.siulau design economics electronics fauna fauna.aqua fauna.binaries fishing flora foto foto.binaries games games.cs games.online gsm gurmanai humour humour.binaries internet law microsoft moto music music.binaries music.instruments music.LT.binaries navigacija php politics programming rpg sport studying sveikata talk test translation transportation travel travel.binaries tv unix video video.binaries watersports www www.flash pda autos.supermama.lt mobile darbas retro.3D retro.agriculture retro.astronomy retro.audio retro.autos retro.autos.audi retro.autos.audio retro.autos.binaries retro.autos.bmw retro.autos.club retro.autos.ford retro.autos.hondacrx retro.autos.japan retro.autos.mercedes retro.autos.opel retro.autos.sport retro.autos.supermama retro.autos.supermama.lt retro.autos.volvo retro.autos.vw retro.avia retro.avia.binaries retro.bankcards retro.beos retro.binaries retro.books retro.building retro.cinema retro.commerce retro.comp retro.comp.hardware retro.comp.lietuvinimas retro.comp.networks retro.comp.software retro.culture retro.darbas retro.darbas.ieskau retro.darbas.siulau retro.design retro.economics retro.electronics retro.e-vejas retro.fauna retro.fauna.aqua retro.fauna.binaries retro.fishing retro.flora retro.foto retro.foto.binaries retro.games retro.games.cs retro.games.online retro.games.rpg retro.genealogija retro.gsm retro.gurmanai retro.humour retro.humour.binaries retro.internet retro.YZF retro.YZF.nebuk retro.YZF.nebuk.netikintis retro.YZF.nebuk.netikintis.buk retro.YZF.nebuk.netikintis.buk.tikintis retro.law retro.microsoft retro.mobile retro.moto retro.music retro.music.binaries retro.music.instruments retro.music.LT retro.music.LT.binaries retro.navigacija retro.news retro.news.taisykles retro.newuser retro.pda retro.php retro.politics retro.programming retro.rpg retro.sport retro.studying retro.sveikata retro.talk retro.translation retro.transportation retro.travel retro.travel.binaries retro.tv retro.unix retro.video retro.video.binaries retro.watersports retro.www retro.www.flash diy lt.rkm.news.announce lt.rkm.news.newuser

Samba logNerijus2009-02-11 09:13

SambaNerijus2009-02-11 09:13

SD-MSklwn2009-02-09 22:16

+squid proxylens2009-02-09 22:03

+attrib.exe analogas Fedoros repozitorijuose?saimhe2009-02-09 16:12

+2web serveriaikikas2009-02-09 15:22

Q: Freebsd 6.0FT2009-02-09 11:40

+Mint6klwn2009-02-09 09:28

+Vidinio tinklo upgreidas. Ar suveiks toks sposas...?Levas2009-02-07 15:27

+shutdownaskashkas2009-02-07 15:09

+Programos instaliavimas linuxe (Baltixe)Rimas OK2009-02-06 10:06

Kernel modulio krovimasbertas2009-02-05 18:53

+DHCP temabertas2009-02-05 18:49

+gmail driveTadas Kvedaras2009-02-04 15:53

+Help:del kompiliavimoVirginijus Varnas2009-02-03 21:40

+procesu kontroleGintis2009-01-31 23:23

+TrixBox VOIPPluss2009-01-29 15:00

+Ar verta planuoti IPv6Makauskas Vidas2009-01-29 13:41

+Problemos su MAIL serveriu pakeitus IPcaro2009-01-29 11:04

+pinguknown2009-01-28 14:55

+Intel(R) PRO/Wireless 2200BG, Fedora 10Atlaikes Antanas2009-01-28 14:48

+klaida, ar realybe?ArunasSt2009-01-27 13:32

pan ir failo i¹saugojimasValdas2009-01-23 14:25

+OVPN perdavimo greitisazartas2009-01-22 18:55

+Video konferencijų softasFwd2009-01-22 10:24

reikia pagalbos su logrotateHyperlink2009-01-22 08:54

+IP telefonijabertas2009-01-22 08:49

nu va pagaliau paleidau 3G ZTE-K3565 su LinuxG.S.2009-01-21 12:47

+HELP! OpenVPNPluss2009-01-21 09:33

+25 identiškų kompiuterių klasėMykolas OK2009-01-18 20:05

+kuri mailo servisa?tobias2009-01-15 18:41

+USB linuxG.S.2009-01-15 18:10

+pinglingus2009-01-14 22:44

+pafleiminam?Artūras Šlajus2009-01-14 21:26

+spamassasino taisykles reikia.Levas2009-01-12 22:02

+Samba PDCbertas2009-01-12 17:39

+Q: dėl CCNA medžiagosscout <scout[trinti]@eos.lt>2009-01-11 15:19

+reikia uzdrausti XWindows ant Ubuntuso so2009-01-09 17:36

+torrentbertas2009-01-08 12:37

+ICQ susekimasbertas2009-01-08 11:05

-Mistika su routinguArtūras Šlajus2009-01-06 21:58

Re: Mistika su routinguArtūras Šlajus2009-01-07 11:33

Re: Mistika su routingubertas2009-01-07 12:35

Re: Mistika su routinguNerijus Krukauskas2009-01-07 11:56

Re: Mistika su routinguArtūras Šlajus2009-01-07 10:44

Re: Mistika su routingurabarbaras2009-01-07 07:50

Re: Mistika su routinguArtūras Šlajus2009-01-07 10:49

Re: Mistika su routinguArtūras Šlajus2009-01-07 00:57

Re: Mistika su routinguarulis2009-01-06 23:56

Re: Mistika su routinguArtūras Šlajus2009-01-07 00:06

Re: Mistika su routinguDex2009-01-07 10:03

+samba domenas ir workgroupasMakauskas Vidas2009-01-06 12:55

+TCP Linux'eDomas Mituzas2009-01-05 18:24

+Neišeina pašalinti failoTadas Kvedaras2009-01-05 07:54

18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1