Sign In
Create Account
Back to top |
Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
EdgeRouter X - Ubiquiti - (ER X)
3 votes
Last Updated: May 10 2023 13:56, Started by
wolfydRg
, Nov 09 2019 21:14
·
16
16
#37
Posted 12 November 2019 - 07:08
|
Inseamna ca nu ai dat paste la toata configuratia  Am sters niste linii unde aveam alocate ip-uri fixe pentru anumite device-uri ca era prea mult de editat )set firewall all-ping enable set firewall broadcast-ping disable set firewall ipv6-name WANv6_IN default-action drop set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN' set firewall ipv6-name WANv6_IN enable-default-log set firewall ipv6-name WANv6_IN rule 10 action accept set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions' set firewall ipv6-name WANv6_IN rule 10 state established enable set firewall ipv6-name WANv6_IN rule 10 state related enable set firewall ipv6-name WANv6_IN rule 20 action drop set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state' set firewall ipv6-name WANv6_IN rule 20 state invalid enable set firewall ipv6-name WANv6_LOCAL default-action drop set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router' set firewall ipv6-name WANv6_LOCAL enable-default-log set firewall ipv6-name WANv6_LOCAL rule 10 action accept set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions' set firewall ipv6-name WANv6_LOCAL rule 10 state established enable set firewall ipv6-name WANv6_LOCAL rule 10 state related enable set firewall ipv6-name WANv6_LOCAL rule 20 action drop set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state' set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable set firewall ipv6-name WANv6_LOCAL rule 30 action accept set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp' set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp set firewall ipv6-name WANv6_LOCAL rule 40 action accept set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6' set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546 set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp set firewall ipv6-name WANv6_LOCAL rule 40 source port 547 set firewall ipv6-receive-redirects disable set firewall ipv6-src-route disable set firewall ip-src-route disable set firewall log-martians enable set firewall name WAN_IN default-action drop set firewall name WAN_IN description 'WAN to internal' set firewall name WAN_IN rule 10 action accept set firewall name WAN_IN rule 10 description 'Allow established/related' set firewall name WAN_IN rule 10 state established enable set firewall name WAN_IN rule 10 state related enable set firewall name WAN_IN rule 20 action drop set firewall name WAN_IN rule 20 description 'Drop invalid state' set firewall name WAN_IN rule 20 state invalid enable set firewall name WAN_LOCAL default-action drop set firewall name WAN_LOCAL description 'WAN to router' set firewall name WAN_LOCAL rule 10 action accept set firewall name WAN_LOCAL rule 10 description 'Allow established/related' set firewall name WAN_LOCAL rule 10 state established enable set firewall name WAN_LOCAL rule 10 state related enable set firewall name WAN_LOCAL rule 20 action drop set firewall name WAN_LOCAL rule 20 description 'Drop invalid state' set firewall name WAN_LOCAL rule 20 state invalid enable set firewall receive-redirects disable set firewall send-redirects enable set firewall source-validation disable set firewall syn-cookies enable set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description Internet set interfaces ethernet eth0 duplex auto set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN set interfaces ethernet eth0 firewall in name WAN_IN set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL set interfaces ethernet eth0 firewall local name WAN_LOCAL set interfaces ethernet eth0 speed auto set interfaces ethernet eth1 description xxxx set interfaces ethernet eth1 duplex auto set interfaces ethernet eth1 speed auto set interfaces ethernet eth2 description xxx set interfaces ethernet eth2 duplex auto set interfaces ethernet eth2 speed auto set interfaces ethernet eth3 description xxx set interfaces ethernet eth3 duplex auto set interfaces ethernet eth3 speed auto set interfaces ethernet eth4 description xxxx set interfaces ethernet eth4 duplex auto set interfaces ethernet eth4 poe output off set interfaces ethernet eth4 speed auto set interfaces loopback lo set interfaces switch switch0 address 192.168.1.1/24 set interfaces switch switch0 description Local set interfaces switch switch0 mtu 1500 set interfaces switch switch0 switch-port interface eth1 set interfaces switch switch0 switch-port interface eth2 set interfaces switch switch0 switch-port interface eth3 set interfaces switch switch0 switch-port interface eth4 set interfaces switch switch0 switch-port vlan-aware disable set port-forward auto-firewall enable set port-forward hairpin-nat disable set port-forward rule 1 description xxx set port-forward rule 1 forward-to address 192.168.1.xxxx set port-forward rule 1 forward-to port xxx set port-forward rule 1 original-port xxxx set port-forward rule 1 protocol tcp_udp set port-forward rule 2 description xxxx set port-forward rule 2 forward-to address 192.168.1.xxxx set port-forward rule 2 forward-to port xxx set port-forward rule 2 original-port xxxx set port-forward rule 2 protocol tcp_udp set port-forward rule 3 description xxxx set port-forward rule 3 forward-to address 192.168.1.xxxx set port-forward rule 3 forward-to port xxxx set port-forward rule 3 original-port xxxx set port-forward rule 3 protocol tcp_udp set port-forward wan-interface eth0 set service dhcp-server disabled false set service dhcp-server hostfile-update disable set service dhcp-server shared-network-name LAN authoritative enable set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 8.8.8.8 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.150 stop 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.xxx set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx ip-address 192.168.1.228 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping xxxx mac-address 'xxxx' set service dhcp-server static-arp disable set service dhcp-server use-dnsmasq disable set service dns forwarding cache-size 1000 set service dns forwarding listen-on switch0 set service gui http-port 80 set service gui https-port 443 set service gui older-ciphers enable set service nat rule 5010 description 'masquerade for WAN' set service nat rule 5010 outbound-interface eth0 set service nat rule 5010 type masquerade set service ssh port 22 set service ssh protocol-version v2 set service unms disable set system host-name ubnt set system login user xxxx authentication encrypted-password 'xxxxxxxx' set system login user xxxx level admin set system name-server 1.1.1.1 set system name-server 9.9.9.9 set system ntp server 0.ro.pool.ntp.org set system ntp server 1.ro.pool.ntp.org set system ntp server 2.ro.pool.ntp.org set system offload hwnat enable set system offload ipsec enable set system syslog global facility all level notice set system syslog global facility protocols level debug set system time-zone Europe/Bucharest |
#38
Posted 12 November 2019 - 10:56
|
Nu m-am uitat atent DAR (ma uit mai spre seara) DAR (am mai intrebat):
de ce acoperi/stergi adresele din subnetul 192.168.0.0/16?? Ele sunt private, nu are cum sa ti le acceseze cineva. |
#39
Posted 12 November 2019 - 11:14
|
configure set firewall group network-group BOGONS description 'Martians & UFOs' ###se vor adauga in acest grup clasele de ip ce n-ar trebui sa vina din WAN (internet)### set firewall group network-group BOGONS network 0.0.0.0/8 set firewall group network-group BOGONS network 100.64.0.0/10 set firewall group network-group BOGONS network 127.0.0.0/8 set firewall group network-group BOGONS network 169.254.0.0/16 set firewall group network-group BOGONS network 172.16.0.0/12 set firewall group network-group BOGONS network 192.0.0.0/24 set firewall group network-group BOGONS network 192.0.2.0/24 set firewall group network-group BOGONS network 192.168.0.0/16 set firewall group network-group BOGONS network 198.18.0.0/15 set firewall group network-group BOGONS network 198.51.100.0/24 set firewall group network-group BOGONS network 203.0.113.0/24 set firewall group network-group BOGONS network 224.0.0.0/4 set firewall group network-group BOGONS network 240.0.0.0/4 ###se aplica configuratia, se salveaza, se iese din configuration mode## commit; save; exit Cîteva observații/întrebări: 1. Prima adresă e 10.0.0.0/8, nu 0.0.0.0/8 că nu vrei să blochezi tot internetul. 2. În afară de adresele din RFC1918 (10.0.0.0/8, 172.16.0.0/12 și 192.168.0.0/16) și multicast: 224.0.0.0-239.255.255.255.255, de ce ai vrea să blochezi altceva? |
#40
Posted 12 November 2019 - 11:20
|
@mufa
Cred ca nu intelegi sensul 0.0.0.0/8 (0.0.0.1 - 0.255.255.254) Aici mai multe detalii: RFC6890 si RFC1122 Exista si 10.0.0.0/8 si este trecuta si ea acolo. UPS - am uitat-o. Pentru restul adreselor, explicatiile aici: https://www.iana.org...-registry.xhtml Edited by ogo, 12 November 2019 - 11:23. |
#41
Posted 12 November 2019 - 11:30
|
@mufa Cred ca nu intelegi sensul 0.0.0.0/8 (0.0.0.1 - 0.255.255.254) Aici mai multe detalii: RFC6890 si RFC1122 Exista si 10.0.0.0/8 si este trecuta si ea acolo. UPS - am uitat-o. Pentru restul adreselor, explicatiile aici: https://www.iana.org...-registry.xhtml Quote
For example, [RFC1122] reserves an IPv4 address block (0.0.0.0/8) to represent the local (i.e., "this") network. Dar da, am înțeles acum de ce sunt alea rezervate. |
#42
Posted 12 November 2019 - 11:43
|
Cauta dupa: paragraful 3.2.1.3 in 1122. E explicat "in cuvinte".
|
#43
Posted 12 November 2019 - 14:09
|
@mods
Modificati va rog postul acesta: https://forum.softpe...8#entry25496882 si adaugati dupa linia: set firewall group network-group BOGONS network 0.0.0.0/8si urmatoarea linie: set firewall group network-group BOGONS network 10.0.0.0/8 Multumesc! Edited by ogo, 12 November 2019 - 14:09. |
#44
Posted 12 November 2019 - 18:16
|
Am facut eu, si am stricat un pic codul din josul postului, ca deforma pagina.
|
#45
Posted 12 November 2019 - 18:40
|
Nu m-am uitat atent DAR (ma uit mai spre seara) DAR (am mai intrebat): de ce acoperi/stergi adresele din subnetul 192.168.0.0/16?? Ele sunt private, nu are cum sa ti le acceseze cineva.
|
#47
Posted 12 November 2019 - 20:21
|
@tiby: multumesc!
@petman: Quote sinceritatea este forma cea mai indrazneata a curajului! @demonik: Daca ai RDS poti incerca; o sa observi ca ai minim 2-3 "accesari" mai ales de la ip-uri ce fac parte din subnet-urile definite de RFC1918, accesari ce vin din INTERNET catre interfata WAN a gateway-ului tau. |
|
#48
Posted 12 November 2019 - 20:27
|
Care banuiesc ca oricum ajung pe regula de drop momentan.. e necesara o regula in plus? Intreb
pe routerele astea mici orice regula in plus costa )
|
#49
Posted 12 November 2019 - 20:44
|
RFC1918 este folosit si de furnizori pentru jucariile proprii, pana la urma si reteaua furnizorului este tot un LAN. In cazul tau ogo am impresia ca cineva iti vrea "binele" de tot vezi accesari de la astfel de IP-uri pe interfata WAN. Si cred ca acele IP-uri sunt surse din reteaua lor nu vin din Internet. Cred...
|
#50
Posted 12 November 2019 - 22:02
|
Ce e din 10.0.0.0/8 e din RDS 100% (echipamentele lor folosesc IP-uri din netmask-ul privat pe 8 biti, acest lucru fiind confirmat telefonic). Restul, mai ales 192.168.0.0/16 vin "echipamentele" clientilor RDS, marea lor majoritate setata prost (mai ales la FTTB). Ce vine pe broadcast sunt iarasi echipamente prost setate care fac "discovery" la "n" protocoale ce ruleaza pe diferitele echipamente prezente in retea (ale isp-ului sau nu).
BOGON-urile nu ar trebui sa apara pe WAN dar probleme de genul apar la f multe AS-uri iar unele dintre ele chiar le anunta direct in INTERNET. O lista detaliata AICI. @demonik depinde de firewall-ul tau: teoretic tu ai ceva de genul pe chain-ul INPUT: drop all not comming from LAN, si sa pp ca lan-ul tau inseamna 192.168.0.0/24 - Ce crezi ca se intampla cand pe WAN iti vine un BOGON tot din 192.168.0.0/24 - router-ul tau va raspunde sau nu?
|
#51
Posted 12 November 2019 - 22:28
|
Sa zicem ca raspunde, chit ca mi se pare imposibil intrucat vine prin interfata ppp care nu-i in LAN (prin LAN ma refer la interface list, care la randul ei contine doar bridge-ul, nu la o clasa de ip-uri, interface list folosit si in regula amintita de tine mai sus), ce se intampla mai departe (daca "raspunde")?
Edited by MembruAnonim, 12 November 2019 - 22:33. |
#52
Posted 12 November 2019 - 22:54
|
N-am idee, depinde daca este intentionat sau nu, depinde de intentiile "agresorului", depinde de securitate firmware-ului ce ruleaza pe echipamentul respectiv, dar, ca o concluzie, cred ca e mai usor sa previ decat sa "tratezi".
|
#53
Posted 12 November 2019 - 23:05
|
De fapt problema cu rapunsul este aceiasi chiar daca sursa e un IP privat sau public. In cazul celor private e mai urat deoarece dechide o portita care poate fi o bresa grava de securitate.
|
|
#54
Posted 13 November 2019 - 16:30
|
abordarea lui ogo este corecta, doar ca - intr-adevar - baga ceva overhead pe router. Insa la nivelul la care a ajung performanta bruta in zilele noastre, zau ca e cam ultima problema de care ma tem. Mai curand am ramas fara pool DHCP decat fara resurse pe masina de rutare.
|
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2023 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.