Kerio WinRoute Firewall (часть 2) - [86] :: В помощь системному администратору

Hrist

прокси не прописан. юзергейт работал через НАТ

трафик полиси:
ping | firewall | any | ping | permit
я в локалку | firewall | local | any | permit
локалка ко мне | local | firewall | any | permit
локалка в инет | local | inet | any | permit | NAT
я в локалку | firewall | inet | any | permit
разрешить мне все | firewall | any | any | permit

http policy:
всем все | permit | all obects permit

ipconfig со шлюза:
C:\Documents and Settings\Administrator>ipconfig /all

Настройка протокола IP для Windows

Имя компьютера . . . . . . . . . : CAVIAR-SERVER
Основной DNS-суффикс . . . . . . :
Тип узла. . . . . . . . . . . . . : неизвестный
IP-маршрутизация включена . . . . : да
WINS-прокси включен . . . . . . . : нет

Inet - Ethernet адаптер:

DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
Физический адрес. . . . . . . . . : 00-50-8D-F5-AC-91
DHCP включен. . . . . . . . . . . : нет
IP-адрес . . . . . . . . . . . . : 82.140.х.х
Маска подсети . . . . . . . . . . : 255.255.255.248
Основной шлюз . . . . . . . . . . : 82.140.69.х
DNS-серверы . . . . . . . . . . . : 217.195.65.9
217.195.66.253

local - Ethernet адаптер:

DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter
Физический адрес. . . . . . . . . : 00-90-27-57-4F-05
DHCP включен. . . . . . . . . . . : нет
IP-адрес . . . . . . . . . . . . : 192.168.0.1
Маска подсети . . . . . . . . . . : 255.255.255.0
Основной шлюз . . . . . . . . . . :

с клиентов (хотя это не понимаю зачем надо - т.к. В первую очередь не выйти самом шлюзу!)
Локалка - Ethernet адаптер:

DNS-суффикс этого подключения . . :
Описание . . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
Физический адрес. . . . . . . . . : 00-50-8D-F5-хх-хх
DHCP включен. . . . . . . . . . . : нет
IP-адрес . . . . . . . . . . . . : 192.168.0.2
Маска подсети . . . . . . . . . . : 255.255.255.0
Основной шлюз . . . . . . . . . . : 192.168.0.1
DNS-серверы . . . . . . . . . . . : 192.168.0.1

Добавлено:
ICS остановлен, я его выключал. каспеерского нет. есть нод32, но он безобидный, более того там стоит в исключения папка с керио и в керио я вшил проверку нодовскую

C:\Documents and Settings\Administrator>route print

IPv4 таблица маршрута
================================================== =========================
Список интерфейсов
0x1 ........................... MS TCP Loopback interface
0x10004 ...00 50 8d f5 ac 91 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC

0x30003 ...00 90 27 57 4f 05 ...... Intel(R) PRO/100+ Management Adapter
================================================== =========================
================================================== =========================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 82.140.69.1 82.140.69.5 20
82.140.69.0 255.255.255.248 82.140.69.5 82.140.69.5 20
82.140.69.5 255.255.255.255 127.0.0.1 127.0.0.1 20
82.255.255.255 255.255.255.255 82.140.69.5 82.140.69.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 20
192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 20
224.0.0.0 240.0.0.0 82.140.69.5 82.140.69.5 20
224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 20
255.255.255.255 255.255.255.255 82.140.69.5 82.140.69.5 1
255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
Основной шлюз: 82.140.69.1
================================================== =========================
Постоянные маршруты:
Отсутствует

Добавлено:
керио включен:

C:\Documents and Settings\program>nslookup mail.ru
Server: dns.peterstar.ru
Address: 217.195.65.9

Non-authoritative answer:
Name: mail.ru
Address: 194.67.57.26

керио выключен:

C:\Documents and Settings\program>nslookup mail.ru
Server: dns.peterstar.ru
Address: 217.195.65.9

Non-authoritative answer:
Name: mail.ru
Address: 194.67.57.26

log connections

[23/Apr/2007 19:10:28] [ID] 218 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1082 -> 194.67.57.26:80 [Duration] 84 sec [Bytes] 0/208/208 [Packets] 0/5/5
[23/Apr/2007 19:10:28] [ID] 208 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1076 -> 65.118.228.2:80 [Duration] 168 sec [Bytes] 264/248/512 [Packets] 6/6/12
[23/Apr/2007 19:11:10] [ID] 226 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1091 -> 217.160.183.115:80 [Duration] 84 sec [Bytes] 0/48/48 [Packets] 0/1/1
[23/Apr/2007 19:11:10] [ID] 225 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1090 -> 217.160.183.115:80 [Duration] 84 sec [Bytes] 0/48/48 [Packets] 0/1/1
[23/Apr/2007 19:11:10] [ID] 224 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1089 -> 213.144.15.27:80 [Duration] 84 sec [Bytes] 0/48/48 [Packets] 0/1/1
[23/Apr/2007 19:11:10] [ID] 211 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1080 -> 65.118.228.2:80 [Duration] 168 sec [Bytes] 264/208/472 [Packets] 6/5/11
[23/Apr/2007 19:11:10] [ID] 209 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1078 -> 65.118.228.2:80 [Duration] 189 sec [Bytes] 264/168/432 [Packets] 6/4/10
[23/Apr/2007 19:11:31] [ID] 206 [Rule] New rule [Service] HTTP [Connection] TCP CAVIAR-SERVER:1074 -> 63.245.213.21:80 [Duration] 231 sec [Bytes] 264/208/472 [Packets] 6/5/11

Добавлено:
log filter

[23/Apr/2007 19:10:28] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:213.144.15.27:80 -> 82.140.69.5:1084, flags: SYN ACK , seq:2792175751 ack:2077972843, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:213.144.15.27:80 -> 82.140.69.5:1084, flags: SYN ACK , seq:2792175751 ack:2077972843, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1086 -> 217.160.183.115:80, flags: SYN , seq:2818507702 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1086 -> 217.160.183.115:80, flags: SYN , seq:2818507702 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:213.144.15.27:80 -> 82.140.69.5:1084, flags: SYN ACK , seq:2792175751 ack:2077972843, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1087 -> 213.144.15.27:80, flags: SYN , seq:254893216 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:217.160.183.115:80 -> 82.140.69.5:1086, flags: SYN ACK , seq:3322343250 ack:2818507703, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:217.160.183.115:80 -> 82.140.69.5:1086, flags: SYN ACK , seq:3322343250 ack:2818507703, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1087 -> 213.144.15.27:80, flags: SYN , seq:254893216 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1087 -> 213.144.15.27:80, flags: SYN , seq:254893216 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:217.160.183.115:80 -> 82.140.69.5:1086, flags: SYN ACK , seq:3322343250 ack:2818507703, win:16384, tcplen:0
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:40, ip/port:82.140.69.5:1084 -> 213.144.15.27:80, flags: RST , seq:2077972843 ack:2077972843, win:0, tcplen:0
[23/Apr/2007 19:10:28] Last message repeated 3 times
[23/Apr/2007 19:10:28] PERMIT "New rule" packet to Inet, proto:TCP, len:40, ip/port:82.140.69.5:1086 -> 217.160.183.115:80, flags: RST , seq:2818507703 ack:2818507703, win:0, tcplen:0
[23/Apr/2007 19:10:49] Last message repeated 3 times
[23/Apr/2007 19:10:49] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1094 -> 217.160.173.234:80, flags: SYN , seq:604331183 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:49] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:213.144.15.27:80 -> 82.140.69.5:1087, flags: SYN ACK , seq:1416795478 ack:254893217, win:16384, tcplen:0
[23/Apr/2007 19:10:49] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:213.144.15.27:80 -> 82.140.69.5:1087, flags: SYN ACK , seq:1416795478 ack:254893217, win:16384, tcplen:0
[23/Apr/2007 19:10:49] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1094 -> 217.160.173.234:80, flags: SYN , seq:604331183 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:49] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1094 -> 217.160.173.234:80, flags: SYN , seq:604331183 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:10:49] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:213.144.15.27:80 -> 82.140.69.5:1087, flags: SYN ACK , seq:1416795478 ack:254893217, win:16384, tcplen:0
[23/Apr/2007 19:10:49] PERMIT "New rule" packet to Inet, proto:TCP, len:40, ip/port:82.140.69.5:1087 -> 213.144.15.27:80, flags: RST , seq:254893217 ack:254893217, win:0, tcplen:0
[23/Apr/2007 19:11:10] Last message repeated 3 times
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1096 -> 217.160.173.234:80, flags: SYN , seq:1307979929 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.65.9:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:217.160.173.234:80 -> 82.140.69.5:1094, flags: SYN ACK , seq:1949019479 ack:604331184, win:16384, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.66.253:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:77, ip/port:82.140.69.5:1028 -> 217.195.65.9:53, udplen:49
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.65.9:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:217.160.173.234:80 -> 82.140.69.5:1094, flags: SYN ACK , seq:1949019479 ack:604331184, win:16384, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1096 -> 217.160.173.234:80, flags: SYN , seq:1307979929 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.65.9:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.66.253:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1028 -> 192.43.172.30:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.65.9:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.66.253:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:TCP, len:48, ip/port:82.140.69.5:1096 -> 217.160.173.234:80, flags: SYN , seq:1307979929 ack:0, win:16384, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet from Inet, proto:TCP, len:48, ip/port:217.160.173.234:80 -> 82.140.69.5:1094, flags: SYN ACK , seq:1949019479 ack:604331184, win:16384, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:77, ip/port:82.140.69.5:1028 -> 192.33.14.30:53, udplen:49
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:77, ip/port:82.140.69.5:1028 -> 192.26.92.30:53, udplen:49
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:77, ip/port:82.140.69.5:1028 -> 192.35.51.30:53, udplen:49
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:TCP, len:40, ip/port:82.140.69.5:1094 -> 217.160.173.234:80, flags: RST , seq:604331184 ack:604331184, win:0, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:TCP, len:40, ip/port:82.140.69.5:1094 -> 217.160.173.234:80, flags: RST , seq:604331184 ack:604331184, win:0, tcplen:0
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:UDP, len:66, ip/port:82.140.69.5:1053 -> 217.195.65.9:53, udplen:38
[23/Apr/2007 19:11:10] PERMIT "New rule" packet to Inet, proto:TCP, len:40, ip/port:82.140.69.5:1094 -> 217.160.173.234:80, flags: RST , seq:604331184 ack:604331184, win:0, tcplen:0
f0s-4 вне форума Ответить с цитированием

Добавлено:

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
emx (21-06-2007 15:56): http://forum.ru-board.com/topic.cgi?forum=8&topic=22219	Версия для печати • Подписаться • Добавить в закладки
Страницы: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104