forum.opennet.ru

Составление сообщения

Исходное сообщение

"Помогите с DMZ на Pix"
Отправлено eric, 09-Мрт-10 13:19

или так, обратите внимание, что hitcnt в acl_dmz везде (hitcnt=0) , получается что через acl_dmz вообще ничего не идет...
access-list acl_dmz; 6 elements
access-list acl_dmz line 1 permit tcp any host Web eq www (hitcnt=0)
access-list acl_dmz line 2 permit udp host Web any eq domain (hitcnt=0)
access-list acl_dmz line 3 permit tcp host Web any eq smtp (hitcnt=0)
access-list acl_dmz line 4 permit tcp host Web any eq www (hitcnt=0)
access-list acl_dmz line 5 permit tcp host Web any eq pop3 (hitcnt=0)
access-list acl_dmz line 6 deny ip any any (hitcnt=0)
access-list acl_inbound; 10 elements
access-list acl_inbound line 1 permit tcp host ------------ host 213.145.149.--- eq ssh (hitcnt=0)
access-list acl_inbound line 2 permit icmp any host 213.145.149.------ echo-reply (hitcnt=472)
access-list acl_inbound line 3 permit icmp any host 213.145.149.------ source-quench (hitcnt=0)
access-list acl_inbound line 4 permit icmp any host 213.145.149.------ unreachable (hitcnt=0)
access-list acl_inbound line 5 permit icmp any host 213.145.149.------ time-exceeded (hitcnt=21)
access-list acl_inbound line 6 permit udp any host 213.145.149.--- eq domain (hitcnt=0)
access-list acl_inbound line 7 permit tcp any host 213.145.149.--- eq ssh (hitcnt=0)
access-list acl_inbound line 8 permit tcp any host 213.145.149.--- eq https (hitcnt=41)
access-list acl_inbound line 9 permit tcp any host 213.145.149.--- eq www (hitcnt=69)
access-list acl_inbound line 10 deny ip any any (hitcnt=2253)
access-list acl_outbound; 25 elements
access-list acl_outbound line 1 permit tcp 10.0.0.0 255.255.255.0 host Web eq 10051 (hitcnt=0)
access-list acl_outbound line 2 permit tcp 10.0.0.0 255.255.255.0 host Web eq 9091 (hitcnt=0)
access-list acl_outbound line 3 permit tcp 10.0.0.0 255.255.255.0 host Web eq 9090 (hitcnt=0)
access-list acl_outbound line 4 permit tcp 10.0.0.0 255.255.255.0 host Web eq 5269 (hitcnt=0)
access-list acl_outbound line 5 permit tcp 10.0.0.0 255.255.255.0 host Web eq 5223 (hitcnt=0)
access-list acl_outbound line 6 permit tcp 10.0.0.0 255.255.255.0 host Web eq 5222 (hitcnt=0)
access-list acl_outbound line 7 permit ip 10.0.0.0 255.255.255.0 host Web (hitcnt=63)
access-list acl_outbound line 8 permit tcp 10.0.0.0 255.255.255.0 host Web eq https (hitcnt=0)
access-list acl_outbound line 9 permit tcp 10.0.0.0 255.255.255.0 host Web eq www (hitcnt=22)
access-list acl_outbound line 10 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq smtp (hitcnt=0)
access-list acl_outbound line 11 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq pop3 (hitcnt=0)
access-list acl_outbound line 12 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq 995 (hitcnt=0)
access-list acl_outbound line 13 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq imap4 (hitcnt=0)
access-list acl_outbound line 14 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq 993 (hitcnt=0)
access-list acl_outbound line 15 permit udp 10.0.0.0 255.255.255.0 any eq domain (hitcnt=479570)
access-list acl_outbound line 16 permit ip host pdc host 192.168.0.2 (hitcnt=0)
access-list acl_outbound line 17 permit icmp 10.0.0.0 255.255.255.0 any echo (hitcnt=70415)
access-list acl_outbound line 18 permit tcp host proxy any eq www (hitcnt=729476)
access-list acl_outbound line 19 permit tcp host proxy any eq https (hitcnt=47073)
access-list acl_outbound line 20 permit tcp host proxy any eq ftp (hitcnt=8)
access-list acl_outbound line 21 permit tcp host proxy any range 1024 65535 (hitcnt=20315)
access-list acl_outbound line 22 permit tcp host exchange any eq smtp (hitcnt=1326)
access-list acl_outbound line 23 permit tcp 10.0.0.0 255.255.255.0 host 212.42.122.115 (hitcnt=15)
access-list acl_outbound line 24 permit tcp host exchange any eq pop3 (hitcnt=30458)
access-list acl_outbound line 25 deny ip any any (hitcnt=619340)

Исходное сообщение
"Помогите с DMZ на Pix" Отправлено eric, 09-Мрт-10 13:19
или так, обратите внимание, что hitcnt в acl_dmz везде (hitcnt=0) , получается что через acl_dmz вообще ничего не идет... access-list acl_dmz; 6 elements access-list acl_dmz line 1 permit tcp any host Web eq www (hitcnt=0) access-list acl_dmz line 2 permit udp host Web any eq domain (hitcnt=0) access-list acl_dmz line 3 permit tcp host Web any eq smtp (hitcnt=0) access-list acl_dmz line 4 permit tcp host Web any eq www (hitcnt=0) access-list acl_dmz line 5 permit tcp host Web any eq pop3 (hitcnt=0) access-list acl_dmz line 6 deny ip any any (hitcnt=0) access-list acl_inbound; 10 elements access-list acl_inbound line 1 permit tcp host ------------ host 213.145.149.--- eq ssh (hitcnt=0) access-list acl_inbound line 2 permit icmp any host 213.145.149.------ echo-reply (hitcnt=472) access-list acl_inbound line 3 permit icmp any host 213.145.149.------ source-quench (hitcnt=0) access-list acl_inbound line 4 permit icmp any host 213.145.149.------ unreachable (hitcnt=0) access-list acl_inbound line 5 permit icmp any host 213.145.149.------ time-exceeded (hitcnt=21) access-list acl_inbound line 6 permit udp any host 213.145.149.--- eq domain (hitcnt=0) access-list acl_inbound line 7 permit tcp any host 213.145.149.--- eq ssh (hitcnt=0) access-list acl_inbound line 8 permit tcp any host 213.145.149.--- eq https (hitcnt=41) access-list acl_inbound line 9 permit tcp any host 213.145.149.--- eq www (hitcnt=69) access-list acl_inbound line 10 deny ip any any (hitcnt=2253) access-list acl_outbound; 25 elements access-list acl_outbound line 1 permit tcp 10.0.0.0 255.255.255.0 host Web eq 10051 (hitcnt=0) access-list acl_outbound line 2 permit tcp 10.0.0.0 255.255.255.0 host Web eq 9091 (hitcnt=0) access-list acl_outbound line 3 permit tcp 10.0.0.0 255.255.255.0 host Web eq 9090 (hitcnt=0) access-list acl_outbound line 4 permit tcp 10.0.0.0 255.255.255.0 host Web eq 5269 (hitcnt=0) access-list acl_outbound line 5 permit tcp 10.0.0.0 255.255.255.0 host Web eq 5223 (hitcnt=0) access-list acl_outbound line 6 permit tcp 10.0.0.0 255.255.255.0 host Web eq 5222 (hitcnt=0) access-list acl_outbound line 7 permit ip 10.0.0.0 255.255.255.0 host Web (hitcnt=63) access-list acl_outbound line 8 permit tcp 10.0.0.0 255.255.255.0 host Web eq https (hitcnt=0) access-list acl_outbound line 9 permit tcp 10.0.0.0 255.255.255.0 host Web eq www (hitcnt=22) access-list acl_outbound line 10 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq smtp (hitcnt=0) access-list acl_outbound line 11 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq pop3 (hitcnt=0) access-list acl_outbound line 12 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq 995 (hitcnt=0) access-list acl_outbound line 13 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq imap4 (hitcnt=0) access-list acl_outbound line 14 permit tcp 10.0.0.0 255.255.255.0 host 192.168.0.2 eq 993 (hitcnt=0) access-list acl_outbound line 15 permit udp 10.0.0.0 255.255.255.0 any eq domain (hitcnt=479570) access-list acl_outbound line 16 permit ip host pdc host 192.168.0.2 (hitcnt=0) access-list acl_outbound line 17 permit icmp 10.0.0.0 255.255.255.0 any echo (hitcnt=70415) access-list acl_outbound line 18 permit tcp host proxy any eq www (hitcnt=729476) access-list acl_outbound line 19 permit tcp host proxy any eq https (hitcnt=47073) access-list acl_outbound line 20 permit tcp host proxy any eq ftp (hitcnt=8) access-list acl_outbound line 21 permit tcp host proxy any range 1024 65535 (hitcnt=20315) access-list acl_outbound line 22 permit tcp host exchange any eq smtp (hitcnt=1326) access-list acl_outbound line 23 permit tcp 10.0.0.0 255.255.255.0 host 212.42.122.115 (hitcnt=15) access-list acl_outbound line 24 permit tcp host exchange any eq pop3 (hitcnt=30458) access-list acl_outbound line 25 deny ip any any (hitcnt=619340)

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру