problema cu firewall-u

Edited by stefan2008, 02 November 2007 - 21:02.

Edited by dani.user, 02 November 2007 - 22:05.

dani.user, on Nov 2 2007, 22:03, said:

stefan2008, on Nov 2 2007, 22:56, said:

Ba face parte...e o clasa a rds-ului , din serverele lor...si dai acea clasa pt k este mai usor    , dk m-a apuca sa tai toate ip-urile yahoo si meebo...as imbatrani

stefan2008, on Nov 2 2007, 22:56, said:

Ba face parte...e o clasa a rds-ului , din serverele lor...si dai acea clasa pt k este mai usor    , dk m-a apuca sa tai toate ip-urile yahoo si meebo...as imbatrani

stefan2008, on Nov 2 2007, 21:36, said:

salut . Vreau sa blochez site-uri de genul www.yahoo.com , meebo.com etc....am un firewall destul de complex....dar eu blochez mai multe site-uri prin banarea clasei 81.196.0.0 , dar cand tai clasa asta imi restrictioneaza accesul si la un site de care am nevoie .Ip-ul site-ului este :63.209.24.22 . tai clasa de ip-uri cu comanda :
iptables -A FORWARD -s 84.xxx.xxx.xxx/255.255.255.224 -d 81.196.0.0/255.252.0.0 -j DROP  
am incercat sa pun :
iptables -A FORWARD -s 84.xxx.xxx.xxx/255.255.255.224 -d 63.209.24.22 -o eth0 -j ACCEPT
in speranta k acel site va merge.....dar nu e aja .
Dk poate cineva sa imi spuna ce nu fac bine , sau cum ar trebui sa fac....as fi fericit:D , eu imi bat capul de cateva zile dar nu am gasit solutia...

Quote

Edited by stefan2008, 02 November 2007 - 23:26.

stefan2008, on Nov 2 2007, 23:22, said:

Ala e un ip al rds-ului ia bagal pe ripe.net si nu am zis k face parte dar nu e logic ca dk e un ip al unui server rds...prin acel server sa treak o multime de ip-uri?

[23:20:55]reallove@e ma ?? ~ $ whois 63.209.24.22

OrgName:	Level 3 Communications, Inc.
OrgID:	  LVLT
Address:	1025 Eldorado Blvd.
City:	   Broomfield
StateProv:  CO
PostalCode: 80021
Country:	US

NetRange:   63.208.0.0 - 63.215.255.255
CIDR:	   63.208.0.0/13
NetName:	LEVEL4-CIDR
NetHandle:  NET-63-208-0-0-1
Parent:	 NET-63-0-0-0-0
NetType:	Direct Allocation
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment:	ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:	1999-05-28
Updated:	2001-05-30

RTechHandle: LC-ORG-ARIN
RTechName:   level Communications
RTechPhone:  +1-877-453-8353
RTechEmail:  [email protected]

OrgAbuseHandle: APL8-ARIN
OrgAbuseName:   Abuse POC LVLT
OrgAbusePhone:  +1-877-453-8353
OrgAbuseEmail:  [email protected]

OrgTechHandle: ARINC4-ARIN
OrgTechName:   ARIN Contact
OrgTechPhone:  +1-800-436-8489
OrgTechEmail:  [email protected]

OrgTechHandle: TPL1-ARIN
OrgTechName:   Tech POC LVLT
OrgTechPhone:  +1-877-453-8353
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2007-11-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

bigguy82, on Nov 2 2007, 23:22, said:

reallove, on Nov 2 2007, 23:26, said:

[23:20:55]reallove@e ma ?? ~ $ whois 63.209.24.22

OrgName:	Level 3 Communications, Inc.
OrgID:	  LVLT
Address:	1025 Eldorado Blvd.
City:	   Broomfield
StateProv:  CO
PostalCode: 80021
Country:	US

NetRange:   63.208.0.0 - 63.215.255.255
CIDR:	   63.208.0.0/13
NetName:	LEVEL4-CIDR
NetHandle:  NET-63-208-0-0-1
Parent:	 NET-63-0-0-0-0
NetType:	Direct Allocation
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment:	ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:	1999-05-28
Updated:	2001-05-30

RTechHandle: LC-ORG-ARIN
RTechName:   level Communications
RTechPhone:  +1-877-453-8353
RTechEmail:  [email protected]

OrgAbuseHandle: APL8-ARIN
OrgAbuseName:   Abuse POC LVLT
OrgAbusePhone:  +1-877-453-8353
OrgAbuseEmail:  [email protected]

OrgTechHandle: ARINC4-ARIN
OrgTechName:   ARIN Contact
OrgTechPhone:  +1-800-436-8489
OrgTechEmail:  [email protected]

OrgTechHandle: TPL1-ARIN
OrgTechName:   Tech POC LVLT
OrgTechPhone:  +1-877-453-8353
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2007-11-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

stefan2008, on Nov 2 2007, 23:30, said:

mda atunci explik tu dc atunci cand pun regula aia si dau un rr la firewall nu mai mi se incark yahoo, meebo , mai multe

dani.user, on Nov 2 2007, 23:32, said:

dani.user, on Nov 2 2007, 23:43, said:

Edited by stefan2008, 03 November 2007 - 00:23.

dani.user, on Nov 3 2007, 10:45, said:

dassaev, on Nov 9 2007, 16:32, said:

mda... mi-am dat seama din primul post ca esti incepator . Nu inteleg de ce te chinui cu atatea clase de mii de ip-ur (zici ca ai banat toata romania) si nu pui direct:
iptables -A FORWARD -s 0.0.0.0/0 -d 0.0.0.0/0 -j DROP
si ca sa fie treaba treaba pune si :
ipatables -A INPUT -s 0.0.0.0/0 -j DROP