16
Система / Re: IPFW+NATD проброс портов изнутри локальной сети
« : Сентября 26, 2011, 11:31:04 am »
Спасибо за совет, буду пытаться.
SMF - Just Installed!
defaultrouter="10.10.10.1"
ifconfig_ale0="192.168.0.4 netmask 255.255.255.0"
ifconfig_rl0="10.10.10.2 netmask 255.255.255.252"
named_enable="YES"
gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-m -u -f /etc/natd.conf"
rinetd_enable="YES"
firewall_enable="YES"
firewall_type="/etc/rc.firewall"
use_sockets yes
same_ports yes
unregistered_only yes
#redirect_port tcp 192.168.0.100:80 80 Сейчас проброшен Rinetd
redirect_port tcp 192.168.0.100:7777 7777
#redirect_port tcp 192.168.0.97:80 1212 Сейчас проброшен Rinetd
00011 deny ip from table(1) to me
00111 allow ip from any to any via lo0
00211 deny ip from any to 127.0.0.0/8
00311 deny ip from 127.0.0.0/8 to any
00411 deny log logamount 50 ip from 192.168.0.0/24 to any in via rl0
00611 deny log logamount 50 ip from 10.10.10.2/30 to any in via ale0
00811 deny log logamount 50 ip from any to 10.0.0.0/8 in via rl0
00911 deny log logamount 50 ip from any to 172.16.0.0/12 in via rl0
01011 deny log logamount 50 ip from any to 192.168.0.0/16 in via rl0
01111 deny log logamount 50 ip from any to 0.0.0.0/8 in via rl0
01211 deny log logamount 50 ip from any to 169.254.0.0/16 in via rl0
01311 deny log logamount 50 ip from any to 224.0.0.0/4 in via rl0
01411 deny log logamount 50 ip from any to 240.0.0.0/4 in via rl0
01511 deny log logamount 50 icmp from any to any frag
01611 deny log logamount 50 icmp from any to 255.255.255.255 in via rl0
01711 deny log logamount 50 icmp from any to 255.255.255.255 out via rl0
01811 divert 8668 ip from 192.168.0.0/24 to any out via rl0
02011 divert 8668 ip from any to 10.10.10.2 in via rl0
02111 deny log logamount 50 ip from 10.0.0.0/8 to any out via rl0
02211 deny log logamount 50 ip from 172.16.0.0/12 to any out via rl0
02311 deny log logamount 50 ip from 192.168.0.0/16 to any out via rl0
02411 deny log logamount 50 ip from 0.0.0.0/8 to any out via rl0
02511 deny log logamount 50 ip from 169.254.0.0/16 to any out via rl0
02611 deny log logamount 50 ip from 224.0.0.0/4 to any out via rl0
02711 deny log logamount 50 ip from 240.0.0.0/4 to any out via rl0
02811 allow icmp from any to any icmptypes 0,8,11
02911 allow ip from any to 192.168.0.0/24 in via ale0
03011 allow ip from 192.168.0.0/24 to any out via ale0
03111 allow tcp from any to any established
03411 allow tcp from any to 192.168.0.100 dst-port 7777,80 in via rl0 setup
03511 allow tcp from any to 192.168.0.100 dst-port 7777,80 out via ale0 setup
03811 allow tcp from any to 192.168.0.97 dst-port 80 in via rl0 setup
03911 allow tcp from any to 192.168.0.97 dst-port 80 out via ale0 setup
04211 allow udp from any to 10.10.10.2 dst-port 53 in via rl0
04311 allow udp from 10.10.10.2 53 to any out via rl0
04411 allow udp from any 53 to 10.10.10.2 in via rl0
04511 allow udp from 10.10.10.2 to any dst-port 53 out via rl0
04611 allow udp from any to any dst-port 123 via rl0
04711 allow tcp from any to 10.10.10.2 dst-port 53 in via rl0 setup
04811 allow tcp from any to 10.10.10.2 dst-port 80 in via rl0 setup
04911 allow tcp from any to 10.10.10.2 dst-port 25 in via rl0 setup
05011 allow log logamount 50 tcp from any to 10.10.10.2 dst-port 22 in via rl0 setup
05111 deny log logamount 50 tcp from any to 10.10.10.2 in via rl0 setup
05211 allow tcp from 10.10.10.2 to any out via rl0 setup
05311 allow tcp from any to 10.10.10.2 in via ale0 setup
05411 allow tcp from 192.168.0.0/24 to any dst-port 5190 in via ale0 setup
05511 allow log logamount 50 ip from 192.168.0.0/24 to not 192.168.0.0/24 in via ale0 setup
05611 deny ip from any to any
65535 deny ip from any to any
# mailq
37h 22K 1Qxs61-000J9Y-Ol <> *** frozen ***
root@test.ru
37h 4.3K 1Qxs61-000JAC-Qi <> *** frozen ***
root@test.ru
37h 1.4K 1QxsEg-000JAW-Hp <> *** frozen ***
root@test.ru
37h 2.1K 1QxsOx-000JBG-3p <> *** frozen ***
root@test.ru
31h 1.2K 1QxxH4-000JLv-Iu <> *** frozen ***
root@test.ru
13h 14K 1QyEag-000AdK-G4 <> *** frozen ***
root@test.ru
13h 4.3K 1QyEag-000AdL-G5 <> *** frozen ***
root@test.ru
13h 1.4K 1QyEiF-000AgD-TT <> *** frozen ***
root@test.ru
13h 1.9K 1QyEsD-000Ah5-Gw <> *** frozen ***
root@test.ru
# /usr/local/sbin/eximstats -charts -chartdir /usr/local/www/eximstats/ -html=/usr/local/www/eximstats/eximstats.html /var/log/maillogИз чего становится ясно, что он не понимает, что там пишется Но как заставить?
**** No valid log lines read
[root@gate /home/adminbief]#
# Убираем из логов временную метку Exim`a - её ставит syslogdпоставить yes, то eximstats начнёт понимать логи. И всё считается.
syslog_timestamp = no
/var/log/maillog 640 7 * $W6D0 JC
Aug 29 19:05:21 gate exim[3787]: 1QxsOx-000JBG-3p Message is frozen
Aug 29 19:05:21 gate exim[3788]: 1QxVl8-000IGR-LH Message is frozen
Aug 29 19:30:51 gate exim[1882]: SMTP connection from [192.168.0.4] (TCP/IP connection count = 1)
Aug 29 19:30:57 gate exim[3919]: no host name found for IP address 192.168.0.4
Aug 29 19:30:57 gate exim[3919]: 1Qy7Xt-00011D-I6 <= test@test.ru H=(gate) [192.168.0.4] P=esmtp S=880 id=82ce2bf88c77d463e75cce916f7cc84c@test.ru from <test@test.ru> for test@test.ru
Aug 29 19:30:57 gate exim[3921]: 1Qy7Xt-00011D-I6 => test <test@test.ru> R=virtual_localuser T=local_delivery
Aug 29 19:30:57 gate exim[3921]: 1Qy7Xt-00011D-I6 Completed
Aug 29 19:30:57 gate exim[3919]: SMTP connection from (gate) [192.168.0.4] closed by QUIT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
<title>Exim statistics from 9999-99-99 99:99:99 to 0000-00-00 00:00:00</title>
</head>
<body bgcolor="white">
<h1>Exim statistics from 9999-99-99 99:99:99 to 0000-00-00 00:00:00</h1>
<ul>
<li><a href="#Grandtotal">Grand total summary</a>
<li><a href="#Transport">Deliveries by Transport</a>
<li><a href="#Messages received">Messages received per hour</a>
<li><a href="#Deliveries">Deliveries per hour</a>
<li><a href="#Time spent on the queue all messages">Time spent on the queue: all messages</a>
<li><a href="#Time spent on the queue messages with at least one remote delivery">Time spent on the queue: messages with at least one remote delivery</a>
<li><a href="#Relayed messages">Relayed messages</a>
<li><a href="#Sending host count">Top 50 sending hosts by message count</a>
<li><a href="#Sending host volume">Top 50 sending hosts by volume</a>
<li><a href="#Host destination count">Top 50 host destinations by message count</a>
<li><a href="#Host destination volume">Top 50 host destinations by volume</a>
</ul>
<hr>
<a name="Grandtotal"></a>
<h2>Grand total summary</h2>
<table border=1>
<tr><th>TOTAL</th><th>Volume</th><th>Messages</th><th>Addresses</th><th>Hosts</th><th colspan=2>At least one addr<br>Delayed</th><th colspan=2>At least one addr<br>Failed</th>
<tr><td>Received</td><td align="right"> 0</td><td align="right">0</td><td align="right"></td><td align="right">0</td><td align="right">0</td><td align="right"> 0.0%</td><td align="right">0</td><td align="right"> 0.0%</td>
<tr><td>Delivered</td><td align="right"> 0</td><td align="right">0</td><td align="right">0</td><td align="right">0</td>
</table>
<hr><a name="Transport"></a><h2>Deliveries by Transport</h2>
<table border=0 width="100%"><tr><td><table border=1>
<tr><th> </th><th>Volume</th><th>Messages</th>
</tr></table></td><td></td><td></td></tr></table>
<hr><a name="Messages received"></a><h2>Messages received per hour (each dot is 1 message)</h2>
<table border=0 width="100%">
<tr><td><pre>
00-01 0
01-02 0
02-03 0
03-04 0
04-05 0
05-06 0
06-07 0
07-08 0
08-09 0
09-10 0
10-11 0
11-12 0
12-13 0
13-14 0
14-15 0
15-16 0
16-17 0
17-18 0
18-19 0
19-20 0
20-21 0
21-22 0
22-23 0
23-24 0
</pre>
</td><td>
<img src="./histogram_Messages_received.png"></td></tr></table>
<hr><a name="Deliveries"></a><h2>Deliveries per hour (each dot is 1 delivery)</h2>
<table border=0 width="100%">
<tr><td><pre>
00-01 0
01-02 0
02-03 0
03-04 0
04-05 0
05-06 0
06-07 0
07-08 0
08-09 0
09-10 0
10-11 0
11-12 0
12-13 0
13-14 0
14-15 0
15-16 0
16-17 0
17-18 0
18-19 0
19-20 0
20-21 0
21-22 0
22-23 0
23-24 0
</pre>
</td><td>
<img src="./histogram_Deliveries.png"></td></tr></table>
<hr><a name="Time spent on the queue all messages"></a><h2>Time spent on the queue: all messages</h2>
<table border=0 width="100%"><tr><td><table border=1>
<tr><th>Time</th><th>Messages</th><th>Percentage</th><th>Cumulative Percentage</th>
</table></td><td></td></tr></table>
<hr><a name="Time spent on the queue messages with at least one remote delivery"></a><h2>Time spent on the queue: messages with at least one remote delivery</h2>
<table border=0 width="100%"><tr><td><table border=1>
<tr><th>Time</th><th>Messages</th><th>Percentage</th><th>Cumulative Percentage</th>
</table></td><td></td></tr></table>
<hr><a name="Relayed messages"></a><h2>Relayed messages</h2>
No relayed messages
<hr><a name="Sending host count"></a><h2>Top 50 sending hosts by message count</h2>
<table border=0 width="100%">
<tr><td>
<table border=1>
<tr><th align="right">Messages</th><th align="right">Bytes</th><th align="right">Average</th><th align="right" nowrap>Sending host</th></tr>
</table>
</td><td>
</td><td>
</td></tr></table>
<hr><a name="Sending host volume"></a><h2>Top 50 sending hosts by volume</h2>
<table border=0 width="100%">
<tr><td>
<table border=1>
<tr><th align="right">Messages</th><th align="right">Bytes</th><th align="right">Average</th><th align="right" nowrap>Sending host</th></tr>
</table>
</td><td>
</td><td>
</td></tr></table>
<hr><a name="Host destination count"></a><h2>Top 50 host destinations by message count</h2>
<table border=0 width="100%">
<tr><td>
<table border=1>
<tr><th align="right">Messages</th><th align="right">Bytes</th><th align="right">Average</th><th align="right" nowrap>Host destination</th></tr>
</table>
</td><td>
</td><td>
</td></tr></table>
<hr><a name="Host destination volume"></a><h2>Top 50 host destinations by volume</h2>
<table border=0 width="100%">
<tr><td>
<table border=1>
<tr><th align="right">Messages</th><th align="right">Bytes</th><th align="right">Average</th><th align="right" nowrap>Host destination</th></tr>
</table>
</td><td>
</td><td>
</td></tr></table>
</body>
</html>
log_selector = \
+all_parents \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_connection \
+smtp_protocol_error \
-queue_run
Exim statistics from 9999-99-99 99:99:99 to 0000-00-00 00:00:00
Grand total summary
Deliveries by Transport
Messages received per hour
Deliveries per hour
Time spent on the queue: all messages
Time spent on the queue: messages with at least one remote delivery
Relayed messages
Top 50 sending hosts by message count
Top 50 sending hosts by volume
Top 50 host destinations by message count
Top 50 host destinations by volume
Grand total summary
TOTAL Volume Messages Addresses Hosts At least one addr
Delayed At least one addr
Failed
Received 0 0 0 0 0.0% 0 0.0%
Delivered 0 0 0 0
Deliveries by Transport
Volume Messages
Messages received per hour (each dot is 1 message)
00-01 0
01-02 0
02-03 0
03-04 0
04-05 0
05-06 0
06-07 0
07-08 0
08-09 0
09-10 0
10-11 0
11-12 0
12-13 0
13-14 0
14-15 0
15-16 0
16-17 0
17-18 0
18-19 0
19-20 0
20-21 0
21-22 0
22-23 0
23-24 0