我们有一个LAN,Linux Box用作Internet网关.
在这个网关上,我们安装了内联网邮件服务器(sendmail),fetchmail,代理和DNS.
租用线路连接到此网关,并在此框中配置静态IP.
在这个网关上,我们安装了内联网邮件服务器(sendmail),fetchmail,代理和DNS.
租用线路连接到此网关,并在此框中配置静态IP.
对于theblast 10-15天,已经注意到一些网站根本没有工作.
如果我将此相同的连接和IP配置到独立的Windows PC,则可以毫无问题地访问所有这些网站.
我无法浏览一些网站而无法ping通,但我可以使用nslookup解析地址.
我的局域网配置如下:
使用ifconfig:
- enp2s0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
- inet 192.168.1.41 netmask 255.255.255.0 broadcast 192.168.1.255
- inet6 fe80::52e5:49ff:fe1b:daa8 prefixlen 64 scopeid 0x20<link>
- ether 00:00:00:00:00:00 txqueuelen 1000 (Ethernet)
- RX packets 67331121 bytes 8458827280 (7.8 GiB)
- RX errors 0 dropped 2138 overruns 0 frame 0
- TX packets 66307928 bytes 58607952676 (54.5 GiB)
- TX errors 0 dropped 0 overruns 0 carrier 1 collisions 0
- enp4s1: flags=4163<UP,MULTICAST> mtu 1500
- inet XX.XXX.XXXX.XX netmask 255.0.0.0 broadcast 49.255.255.255
- ether 00:00:00:00:00:00 txqueuelen 1000 (Ethernet)
- RX packets 66015747 bytes 58276418282 (54.2 GiB)
- RX errors 0 dropped 100 overruns 0 frame 0
- TX packets 53457822 bytes 7049917031 (6.5 GiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
/etc/resolve.conf
- nameserver 8.8.8.8
- nameserver 192.168.1.41
iptables的
- # Generated by iptables-save v1.4.21 on Fri Aug 12 10:18:54 2016
- *filter
- :INPUT ACCEPT [6409479:525988637]
- :FORWARD ACCEPT [26036553:16397355271]
- :OUTPUT ACCEPT [6914932:970229461]
- -A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
- -A FORWARD -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
- -A FORWARD -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
- -A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
- COMMIT
- # Completed on Fri Aug 12 10:18:54 2016
- # Generated by iptables-save v1.4.21 on Fri Aug 12 10:18:54 2016
- *nat
- :PREROUTING ACCEPT [1480942:133895346]
- :INPUT ACCEPT [179896:21387703]
- :OUTPUT ACCEPT [82634:5613521]
- :POSTROUTING ACCEPT [231368:13257122]
- -A PREROUTING -d XX.XXX.XXX.XX/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.250
- -A POSTROUTING -s 192.168.1.132/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.127/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.188/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.199/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.20/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.181/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.233/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.77/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.134/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.113/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.19/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.20/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.197/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.198/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.9/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.5/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.119/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.1/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.98/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.182/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.40/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.134/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.181/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.181/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.98/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.177/32 -p tcp -m tcp --dport 443 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.89/32 -p tcp -m tcp --dport 443 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.129/32 -p tcp -m tcp --dport 21 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.66/32 -j MASQUERADE
- -A POSTROUTING -s 192.168.1.250/32 -j MASQUERADE
- COMMIT
- # Completed on Fri Aug 12 10:18:54 2016
- # Generated by iptables-save v1.4.21 on Fri Aug 12 10:18:54 2016
- *mangle
- :PREROUTING ACCEPT [33387672:17017857834]
- :INPUT ACCEPT [6409479:525988637]
- :FORWARD ACCEPT [26036554:16397355355]
- :OUTPUT ACCEPT [6914932:970229461]
- :POSTROUTING ACCEPT [32955572:17367734827]
- COMMIT
- # Completed on Fri Aug 12 10:18:54 2016
我该如何找到阻止这些连接的内容?我还应该在Linux机器中查看什么?
有人可以提示解决这个问题吗?还有什么我应该在这里提一下吗?
提前致谢.
