Script started on Tue Jul 8 17:48:29 2008 ]0;root@demo: /root[?1034h[root@demo ~]# ip a 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:27:50:7a:b1 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:27:7f:75:e2 brd ff:ff:ff:ff:ff:ff inet 169.254.8.10/16 brd 169.254.255.255 scope global eth1:avahi ]0;root@demo: /root[root@demo ~]# cd /etc/net/ifaces/eth1 bash: cd: /etc/net/ifaces/eth1: No such file or directory ]0;root@demo: /root[root@demo ~]# cd /etc/net/ifaces/eth1 [root@demo ~]#  /etc/net/ifaces/eth1 [root@demo ~]# l /etc/net/ifaces/eth1 [root@demo ~]# ls /etc/net/ifaces/eth1 [root@demo ~]# ls ls: /etc/net/ifaces/eth1: No such file or directory ]0;root@demo: /root[root@demo ~]# ls /etc/net/ifaces/eth1 default eth0 lo unknown ]0;root@demo: /root[root@demo ~]# cd /media/c ]0;root@demo: /root[root@demo ~]# cd /metc/net/ifaces/ ]0;root@demo: /etc/net/ifaces[root@demo ifaces]# ls default eth0 lo unknown ]0;root@demo: /etc/net/ifaces[root@demo ifaces]# cpmkdir eth1 ]0;root@demo: /etc/net/ifaces[root@demo ifaces]# cd weth1 ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# vim ipv4address 7[?47h[?1h=[?12;25h[?12l[?25h[?25l"ipv4address" [New File][>c~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 0,0-1 All[?12l[?25h[?25li  -- INSERT --0,1 All[?12l[?25h[?25l11,2 All[?12l[?25h[?25l71,3 All[?12l[?25h[?25l21,4 All[?12l[?25h[?25l.1,5 All[?12l[?25h[?25l11,6 All[?12l[?25h[?25l61,7 All[?12l[?25h[?25l.1,8 All[?12l[?25h[?25l01,9 All[?12l[?25h[?25l.1,10 All[?12l[?25h[?25l11,11 All[?12l[?25h[?25l/1,12 All[?12l[?25h[?25l21,13 All[?12l[?25h[?25l41,14 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 1,13 All[?12l[?25h[?25l: :[?12l[?25hq[?25l :q[?12l[?25h![?25l :q![?12l[?25h [?25l[?1l>[?12l[?25h[?47l8]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# echo "172.16.0.1/24" > ipipv4address ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# echo "BOODI-n " ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# cat > options DISABLED=no BOOTPROTO=static ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .....OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# ip a 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:27:50:7a:b1 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:27:7f:75:e2 brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 brd 172.16.0.255 scope global eth1 ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# ip r 172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.1 10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 default via 10.0.2.2 dev eth0 ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# apt-cache hsearch tcpdump libpcap-devel - Development environment for the packet capture library tcpdump - A network traffic monitoring tool ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# apt-get install tcpdump Reading Package Lists... 0% Reading Package Lists... 100% Reading Package Lists... Done Building Dependency Tree... 0% Building Dependency Tree... 0% Building Dependency Tree... 50% Building Dependency Tree... 50% Building Dependency Tree... 94% Building Dependency Tree... Done The following NEW packages will be installed: tcpdump 0 upgraded, 1 newly installed, 0 removed and 6 not upgraded. Need to get 309kB of archives. After unpacking 631kB of additional disk space will be used. 0% [Working] 0% [Query] Get:1 ftp://updates.altlinux.org i586/updates tcpdump 1:3.9.7-alt1 [309kB] 0% [1 tcpdump 0/309kB 0%] 100% [Working] Fetched 309kB in 1s (291kB/s) Committing changes... Preparing... (100%)# (100%)## (100%)### (100%)#### (100%)##### (100%)###### (100%)####### (100%)######## (100%)######### (100%)########## (100%)########### (100%)############ (100%)############# (100%)############## (100%)############### (100%)################ (100%)################# (100%)################## (100%)################### (100%)#################### (100%)##################### (100%)###################### (100%)####################### (100%)######################## (100%)######################### (100%)########################## (100%)########################### (100%)############################ (100%)############################# (100%)############################## (100%)############################### (100%)################################ (100%)################################# (100%)################################## (100%)################################### (100%)#################################### (100%)##################################### (100%)###################################### (100%)####################################### (100%)######################################## (100%)######################################### (100%)########################################## (100%)########################################### (100%)############################################ (100%)############################################# (100%)############################################## (100%)############################################### (100%)################################################ (100%)################################################# (100%)################################################## (100%)################################################### (100%)#################################################### (100%)##################################################### (100%)###################################################### (100%)####################################################### (100%)######################################################## (100%)######################################################### (100%)########################################################## (100%)########################################################### (100%)############################################################ (100%)############################################################# (100%)############################################################## (100%)############################################################### (100%)############################################################### [100%] 1: tcpdump ( 10%)# ( 10%)## ( 10%)### ( 10%)#### ( 10%)##### ( 10%)###### ( 20%)####### ( 20%)######## ( 20%)######### ( 20%)########## ( 20%)########### ( 20%)############ ( 20%)############# ( 31%)############## ( 31%)############### ( 31%)################ ( 31%)################# ( 31%)################## ( 31%)################### ( 41%)#################### ( 41%)##################### ( 41%)###################### ( 41%)####################### ( 41%)######################## ( 41%)######################### ( 41%)########################## ( 51%)########################### ( 51%)############################ ( 51%)############################# ( 51%)############################## ( 51%)############################### ( 51%)################################ ( 51%)################################# ( 62%)################################## ( 62%)################################### ( 62%)#################################### ( 62%)##################################### ( 62%)###################################### ( 62%)####################################### ( 72%)######################################## ( 72%)######################################### ( 72%)########################################## ( 72%)########################################### ( 72%)############################################ ( 72%)############################################# ( 72%)############################################## ( 82%)############################################### ( 82%)################################################ ( 82%)################################################# ( 82%)################################################## ( 82%)################################################### ( 82%)#################################################### ( 82%)##################################################### ( 90%)###################################################### ( 90%)####################################################### ( 90%)######################################################## ( 90%)######################################################### ( 90%)########################################################## ( 92%)########################################################### ( 93%)############################################################ ( 95%)############################################################# ( 99%)############################################################## ( 99%)############################################################### (100%)############################################################### [100%] Done. ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# tcpdump -i eth1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 18:00:32.777207 IP 172.16.0.2.4471 > 192.168.200.117.webcache: S 2740685371:2740685371(0) win 5840 18:00:32.971091 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 117.200.168.192.in-addr.arpa. (46) 18:00:33.968439 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 117.200.168.192.in-addr.arpa. (46) 18:00:35.798593 IP 172.16.0.2.4471 > 192.168.200.117.webcache: S 2740685371:2740685371(0) win 5840 18:00:35.968782 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 117.200.168.192.in-addr.arpa. (46) 18:00:37.822276 arp who-has demo.local tell 172.16.0.2 18:00:37.822365 arp reply demo.local is-at 08:00:27:7f:75:e2 (oui Unknown) 18:00:38.003206 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 2.0.16.172.in-addr.arpa. (41) 18:00:39.010657 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 2.0.16.172.in-addr.arpa. (41) 18:00:41.017625 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 2.0.16.172.in-addr.arpa. (41) 18:00:41.818490 IP 172.16.0.2.4471 > 192.168.200.117.webcache: S 2740685371:2740685371(0) win 5840 18:00:43.483493 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42) 18:00:44.484146 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42) 18:00:46.483956 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42) 18:00:48.494368 IP demo.local.5353 > 224.0.0.251.5353: 0 PTR (QM)? 1.0.16.172.in-addr.arpa. (41) 18:00:48.494368 IP demo.local.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) PTR[|domain] 18:00:53.803214 IP 172.16.0.2.4471 > 192.168.200.117.webcache: S 2740685371:2740685371(0) win 5840 18:01:17.798826 IP 172.16.0.2.4471 > 192.168.200.117.webcache: S 2740685371:2740685371(0) win 5840 18:01:22.825093 arp who-has demo.local tell 172.16.0.2 18:01:22.825233 arp reply demo.local is-at 08:00:27:7f:75:e2 (oui Unknown) 18:02:05.822643 IP 172.16.0.2.4471 > 192.168.200.117.webcache: S 2740685371:2740685371(0) win 5840 18:02:10.810226 arp who-has demo.local tell 172.16.0.2 18:02:10.810354 arp reply demo.local is-at 08:00:27:7f:75:e2 (oui Unknown) 23 packets captured 23 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# host Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time] [-R number] hostname [server] -a is equivalent to -v -t * -c specifies query class for non-IN data -C compares SOA records on authoritative nameservers -d is equivalent to -v -l lists all hosts in a domain, using AXFR -i IP6.INT reverse lookups -N changes the number of dots allowed before root lookup is done -r disables recursive processing -R specifies number of retries for UDP packets -t specifies the query type -T enables TCP/IP mode -v enables verbose output -w specifies to wait forever for a reply -W specifies how long to wait for a reply -4 use IPv4 query transport only -6 use IPv6 query transport only ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# host linux.armd.ru linux.armd.ru is an alias for armd.ru. armd.ru has address 80.68.240.144 armd.ru mail is handled by 10 smtp.armd.ru. ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# host linux.armd.rutcpdump -i eth1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 18:04:05.437654 IP 172.16.0.2.2757 > congo-hosting.rbc.ru.http: S 2920138140:2920138140(0) win 5840 1 packets captured 4 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# tcpdump -i eth1 0 host 80.68.240.144 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net/ifaces/eth1[root@demo eth1]# cd /etc/net/ ifaces/ options.d/ scripts/ sysctl.conf [root@demo eth1]# cd /etc/net/ ]0;root@demo: /etc/net[root@demo net]# grep forwward sysctl.conf # IPv4 packet forwarding. net.ipv4.ip_forward = 0 ]0;root@demo: /etc/net[root@demo net]# sed -i 's//net.ipv4.ip_forward = 0/s//s/0/1/' sysctl.conf ]0;root@demo: /etc/net[root@demo net]# !g grep forward sysctl.conf # IPv4 packet forwarding. net.ipv4.ip_forward = 1 ]0;root@demo: /etc/net[root@demo net]# service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .....OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/net[root@demo net]# service network restart [root@demo net]# grep forward sysctl.conf [root@demo net]# [28@sed -i '/net.ipv4.ip_forward = 0/s/0/1/' [root@demo net]# sed -i '/net.ipv4.ip_forward = 0/s/0/1/' sysctl.conf [root@demo net]# grep forward [root@demo net]# grep forward sysctl.conf [root@demo net]# cd /etc/net/tcpdump -i eth0 host 80.68.240.144 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:08:52.657386 IP 172.16.0.2.h323gatestat > congo-hosting.rbc.ru.http: S 3254392215:3254392215(0) win 5840 18:08:52.666204 IP congo-hosting.rbc.ru.http > 172.16.0.2.h323gatestat: S 321792001:321792001(0) ack 3254392216 win 8192 18:08:52.724214 IP 172.16.0.2.h323gatestat > congo-hosting.rbc.ru.http: . ack 1 win 5840 18:10:35.699207 IP 172.16.0.2.h323gatestat > congo-hosting.rbc.ru.http: F 1:1(0) ack 1 win 5840 18:10:35.702806 IP congo-hosting.rbc.ru.http > 172.16.0.2.h323gatestat: . ack 2 win 8760 18:10:35.702817 IP congo-hosting.rbc.ru.http > 172.16.0.2.h323gatestat: F 1:1(0) ack 2 win 8760 18:10:35.707147 IP 172.16.0.2.h323gatestat > congo-hosting.rbc.ru.http: . ack 2 win 5840 7 packets captured 7 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net[root@demo net]# netcat 8080.68.240.144 80 EHLO 501 Method Not Implemented

Method Not Implemented

EHLO to /index.html not supported.

]0;root@demo: /etc/net[root@demo net]# ipt iptables iptables-restore iptables-save iptables-xml iptunnel [root@demo net]# iptables-save # Generated by iptables-save v1.3.7 on Tue Jul 8 18:13:06 2008 *mangle :PREROUTING ACCEPT [428:365625] :INPUT ACCEPT [394:361829] :FORWARD ACCEPT [7:296] :OUTPUT ACCEPT [278:27722] :POSTROUTING ACCEPT [361:43691] COMMIT # Completed on Tue Jul 8 18:13:06 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:13:06 2008 *nat :PREROUTING ACCEPT [36:4238] :POSTROUTING ACCEPT [30:2757] :OUTPUT ACCEPT [29:2705] COMMIT # Completed on Tue Jul 8 18:13:06 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:13:06 2008 *filter :INPUT ACCEPT [65:29557] :FORWARD ACCEPT [7:296] :OUTPUT ACCEPT [69:10645] :stdin - [0:0] COMMIT # Completed on Tue Jul 8 18:13:06 2008 ]0;root@demo: /etc/net[root@demo net]# iptables -t nat -A POSTROUTING -o eth0 -j snatSNAT --to-siource=10.0.2.15 ]0;root@demo: /etc/net[root@demo net]# ip a 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:27:50:7a:b1 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 08:00:27:7f:75:e2 brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 brd 172.16.0.255 scope global eth1 ]0;root@demo: /etc/net[root@demo net]# iptables-save # Generated by iptables-save v1.3.7 on Tue Jul 8 18:17:08 2008 *mangle :PREROUTING ACCEPT [428:365625] :INPUT ACCEPT [394:361829] :FORWARD ACCEPT [7:296] :OUTPUT ACCEPT [278:27722] :POSTROUTING ACCEPT [361:43691] COMMIT # Completed on Tue Jul 8 18:17:08 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:17:08 2008 *nat :PREROUTING ACCEPT [36:4238] :POSTROUTING ACCEPT [30:2757] :OUTPUT ACCEPT [29:2705] -A POSTROUTING -o eth0 -j SNAT --to-source 10.0.2.15 COMMIT # Completed on Tue Jul 8 18:17:08 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:17:08 2008 *filter :INPUT ACCEPT [65:29557] :FORWARD ACCEPT [7:296] :OUTPUT ACCEPT [69:10645] :stdin - [0:0] COMMIT # Completed on Tue Jul 8 18:17:08 2008 ]0;root@demo: /etc/net[root@demo net]# iptables -t nat -L -nvx Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT 0 -- anywhere anywhere to:10.0.2.15 Chain OUTPUT (policy ACCEPT) target prot opt source destination ]0;root@demo: /etc/net[root@demo net]# iptables -t nat -L -save [root@demo net]# iptables-save  atables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source=10.0.2.15 [root@demo net]# iptables-save netcat 80.68.240.144 80 [root@demo net]# tcpdump -i eth0 host 80.68.240.144 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:21:54.337149 IP demo.local.4801 > congo-hosting.rbc.ru.http: S 4079413571:4079413571(0) win 5840 18:21:54.347491 IP congo-hosting.rbc.ru.http > demo.local.4801: S 384256001:384256001(0) ack 4079413572 win 8192 18:21:54.369053 IP demo.local.4801 > congo-hosting.rbc.ru.http: . ack 1 win 5840 18:21:56.879758 IP demo.local.4801 > congo-hosting.rbc.ru.http: P 1:2(1) ack 1 win 5840 18:21:56.883444 IP congo-hosting.rbc.ru.http > demo.local.4801: . ack 2 win 8760 18:21:56.959695 IP demo.local.4801 > congo-hosting.rbc.ru.http: P 2:3(1) ack 1 win 5840 18:21:56.963812 IP congo-hosting.rbc.ru.http > demo.local.4801: . ack 3 win 8760 18:22:00.615823 IP demo.local.4801 > congo-hosting.rbc.ru.http: P 3:8(5) ack 1 win 5840 18:22:00.616617 IP congo-hosting.rbc.ru.http > demo.local.4801: . ack 8 win 8760 18:22:00.622625 IP congo-hosting.rbc.ru.http > demo.local.4801: P 1:217(216) ack 8 win 8760 18:22:00.622634 IP congo-hosting.rbc.ru.http > demo.local.4801: F 217:217(0) ack 8 win 8760 18:22:00.624004 IP demo.local.4801 > congo-hosting.rbc.ru.http: . ack 217 win 6432 18:22:00.624073 IP demo.local.4801 > congo-hosting.rbc.ru.http: F 8:8(0) ack 218 win 6432 18:22:00.626149 IP congo-hosting.rbc.ru.http > demo.local.4801: . ack 9 win 8760 14 packets captured 14 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net[root@demo net]# tcpdump -i eth0 host 80.68.240.144 [root@demo net]# tcpdump -[1@-[1@n[1@ tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:22:35.220616 IP 10.0.2.15.4802 > 80.68.240.144.http: S 4121055896:4121055896(0) win 5840 18:22:35.227257 IP 80.68.240.144.http > 10.0.2.15.4802: S 389504001:389504001(0) ack 4121055897 win 8192 18:22:35.232999 IP 10.0.2.15.4802 > 80.68.240.144.http: . ack 1 win 5840 18:22:36.160388 IP 10.0.2.15.4802 > 80.68.240.144.http: P 1:2(1) ack 1 win 5840 18:22:36.161985 IP 80.68.240.144.http > 10.0.2.15.4802: . ack 2 win 8760 18:22:43.145085 IP 10.0.2.15.4802 > 80.68.240.144.http: P 2:7(5) ack 1 win 5840 18:22:43.145817 IP 80.68.240.144.http > 10.0.2.15.4802: . ack 7 win 8760 18:22:43.153304 IP 80.68.240.144.http > 10.0.2.15.4802: P 1:217(216) ack 7 win 8760 18:22:43.153570 IP 80.68.240.144.http > 10.0.2.15.4802: F 217:217(0) ack 7 win 8760 18:22:43.156774 IP 10.0.2.15.4802 > 80.68.240.144.http: . ack 217 win 6432 18:22:43.160685 IP 10.0.2.15.4802 > 80.68.240.144.http: F 7:7(0) ack 218 win 6432 18:22:43.164320 IP 80.68.240.144.http > 10.0.2.15.4802: . ack 8 win 8760 12 packets captured 12 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net[root@demo net]# tcpdump -n -i eth0 host 80.68.240.144[1@1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 18:23:37.940320 IP 172.16.0.2.4803 > 80.68.240.144.http: S 4192929678:4192929678(0) win 5840 18:23:37.945009 IP 80.68.240.144.http > 172.16.0.2.4803: S 397568001:397568001(0) ack 4192929679 win 8192 18:23:37.951733 IP 172.16.0.2.4803 > 80.68.240.144.http: . ack 1 win 5840 18:23:41.386498 IP 172.16.0.2.4803 > 80.68.240.144.http: P 1:6(5) ack 1 win 5840 18:23:41.388562 IP 80.68.240.144.http > 172.16.0.2.4803: . ack 6 win 8760 18:23:41.390993 IP 80.68.240.144.http > 172.16.0.2.4803: P 1:217(216) ack 6 win 8760 18:23:41.394495 IP 80.68.240.144.http > 172.16.0.2.4803: F 217:217(0) ack 6 win 8760 18:23:41.408547 IP 172.16.0.2.4803 > 80.68.240.144.http: . ack 217 win 6432 18:23:41.412625 IP 172.16.0.2.4803 > 80.68.240.144.http: F 6:6(0) ack 218 win 6432 18:23:41.414915 IP 80.68.240.144.http > 172.16.0.2.4803: . ack 7 win 8760 10 packets captured 10 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/net[root@demo net]# cd /etc/sys sysconfig/ sysctl.conf sysfs.conf syslog.conf syslog.d/ system-release [root@demo net]# cd /etc/sysconfig/i ]0;root@demo: /etc/sysconfig[root@demo sysconfig]# ls bootsplash framebuffer init keyboard ntpd tomcat5 clamd harddisk iptables klogd portmap usb clock harddisks iptables_modules mouse pptp wpa_supplicant console hotplug iptables_params network rawdevices xinetd consolefont httpd2 ipw3945d network-scripts syslogd xinitrc ethtool i18n kernel nfs system ]0;root@demo: /etc/sysconfig[root@demo sysconfig]# cd /etc/net ]0;root@demo: /etc/net[root@demo net]# cd /usr/share/doc/ethcnet-0.9.6/ ChangeLog README.bridge README.plip examples/ README README.firewall TODO wiki-RU/ README.bluetooth README.ossh contrib/ [root@demo net]# cd /usr/share/doc/etcnet-0.9.6/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6[root@demo etcnet-0.9.6]# ls ChangeLog README.bluetooth README.firewall README.plip contrib wiki-RU README README.bridge README.ossh TODO examples ]0;root@demo: /usr/share/doc/etcnet-0.9.6[root@demo etcnet-0.9.6]# cd examples/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples[root@demo examples]# ls Complex-without-QoS OpenVPN-to-satellite QoS-HTB-user-guide firewall-hiddenman Ethernet PPP VLAN-without-vlantab routing Ethernet-bridge-GRE QoS-CBQ-internet-cafe WiFi-WEP-ipw2100 routing-LARTC-1 OpenVPN-TAP QoS-HTB-SFQ-256kbit dummy ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples[root@demo examples]# cd firewall-hiddenman/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman[root@demo firewall-hiddenman]# ;s bash: syntax error near unexpected token `;' ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman[root@demo firewall-hiddenman]# ls ifaces ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman[root@demo firewall-hiddenman]# cd ifaces/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces[root@demo ifaces]# ls default ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces[root@demo ifaces]# cd default/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default[root@demo default]# ls fw ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default[root@demo default]# cd fw/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw[root@demo fw]# ls iptables ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw[root@demo fw]# cd iptables/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables[root@demo iptables]# ls filter mangle modules nat ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables[root@demo iptables]# cat modules ipt_LOG ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables[root@demo iptables]# cd nat/ ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat[root@demo nat]# ls POSTROUTING PREROUTING ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat[root@demo nat]# cat * snat-to 5.6.7.8 if marked as 1 dnat-to 1.2.3.4 if proto tcp from any to 4.3.2.1 ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat[root@demo nat]# cat POSTROUTING snat-to 5.6.7.8 if marked as 1 ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat[root@demo nat]# pwd /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat ]0;root@demo: /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat[root@demo nat]# cd /etc/net/ifaces/eth0/ ]0;root@demo: /etc/net/ifaces/eth0[root@demo eth0]# mkdir -p key originally introduced for the Windows 95 operating systemfw/iptables/nat ]0;root@demo: /etc/net/ifaces/eth0[root@demo eth0]# fw/iptables/natcd fw/iptables/nat ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# cat > ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# echo "snat-to 10.0.2.15" > POSTROUTING ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# services network  [root@demo nat]# service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: Stopping iptables for eth0 Unloading rules for the "POSTROUTING" chain in the "nat" tableiptables v1.3.7: Invalid rule number `snat-to' Try `iptables -h' or 'iptables --help' for more information. ERROR: /etc/net/scripts/config-fw: /sbin/iptables -t nat -D POSTROUTING snat-to 10.0.2.15 . ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .... Starting iptables for eth0 Loading rules for the "POSTROUTING" chain in the "nat" tableBad argument `snat-to' Try `iptables -h' or 'iptables --help' for more information. ERROR: /etc/net/scripts/config-fw: /sbin/iptables -t nat -A POSTROUTING snat-to 10.0.2.15 . .OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# rpm -ql etcnet | less [?1049h[?1h=/etc/net /etc/net/ifaces /etc/net/ifaces/default /etc/net/ifaces/default/fw /etc/net/ifaces/default/fw/ebtables /etc/net/ifaces/default/fw/ebtables/broute /etc/net/ifaces/default/fw/ebtables/broute/BROUTING /etc/net/ifaces/default/fw/ebtables/filter /etc/net/ifaces/default/fw/ebtables/filter/FORWARD /etc/net/ifaces/default/fw/ebtables/filter/INPUT /etc/net/ifaces/default/fw/ebtables/filter/OUTPUT /etc/net/ifaces/default/fw/ebtables/filter/loadorder /etc/net/ifaces/default/fw/ebtables/loadorder /etc/net/ifaces/default/fw/ebtables/modules /etc/net/ifaces/default/fw/ebtables/nat /etc/net/ifaces/default/fw/ebtables/nat/OUTPUT /etc/net/ifaces/default/fw/ebtables/nat/POSTROUTING /etc/net/ifaces/default/fw/ebtables/nat/PREROUTING /etc/net/ifaces/default/fw/ebtables/nat/loadorder /etc/net/ifaces/default/fw/ip6tables /etc/net/ifaces/default/fw/ip6tables/filter /etc/net/ifaces/default/fw/ip6tables/filter/FORWARD /etc/net/ifaces/default/fw/ip6tables/filter/INPUT /etc/net/ifaces/default/fw/ip6tables/filter/OUTPUT /etc/net/ifaces/default/fw/ip6tables/filter/loadorder /etc/net/ifaces/default/fw/ip6tables/loadorder /etc/net/ifaces/default/fw/ip6tables/mangle /etc/net/ifaces/default/fw/ip6tables/mangle/FORWARD /etc/net/ifaces/default/fw/ip6tables/mangle/INPUT /etc/net/ifaces/default/fw/ip6tables/mangle/OUTPUT /etc/net/ifaces/default/fw/ip6tables/mangle/POSTROUTING /etc/net/ifaces/default/fw/ip6tables/mangle/PREROUTING /etc/net/ifaces/default/fw/ip6tables/mangle/loadorder /etc/net/ifaces/default/fw/ip6tables/modules lines 1-34 /etc/net/ifaces/default/fw/ip6tables/syntax /etc/net/ifaces/default/fw/iptables /etc/net/ifaces/default/fw/iptables/filter /etc/net/ifaces/default/fw/iptables/filter/FORWARD /etc/net/ifaces/default/fw/iptables/filter/INPUT /etc/net/ifaces/default/fw/iptables/filter/OUTPUT /etc/net/ifaces/default/fw/iptables/filter/loadorder /etc/net/ifaces/default/fw/iptables/loadorder /etc/net/ifaces/default/fw/iptables/mangle /etc/net/ifaces/default/fw/iptables/mangle/FORWARD /etc/net/ifaces/default/fw/iptables/mangle/INPUT /etc/net/ifaces/default/fw/iptables/mangle/OUTPUT /etc/net/ifaces/default/fw/iptables/mangle/POSTROUTING /etc/net/ifaces/default/fw/iptables/mangle/PREROUTING /etc/net/ifaces/default/fw/iptables/mangle/loadorder /etc/net/ifaces/default/fw/iptables/modules /etc/net/ifaces/default/fw/iptables/nat /etc/net/ifaces/default/fw/iptables/nat/OUTPUT /etc/net/ifaces/default/fw/iptables/nat/POSTROUTING /etc/net/ifaces/default/fw/iptables/nat/PREROUTING /etc/net/ifaces/default/fw/iptables/nat/loadorder /etc/net/ifaces/default/fw/iptables/syntax /etc/net/ifaces/default/fw/options /etc/net/ifaces/default/options /etc/net/ifaces/default/options-bnep /etc/net/ifaces/default/options-dummy /etc/net/ifaces/default/options-eth /etc/net/ifaces/default/options-lo /etc/net/ifaces/default/options-ovpn /etc/net/ifaces/default/options-ppp /etc/net/ifaces/default/options-usb /etc/net/ifaces/default/options-vlan /etc/net/ifaces/default/sysctl.conf-dvb /etc/net/ifaces/lo lines 35-68 [?1l>[?1049l]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# caless /etc/net/deifaces/default/fw/s ebtables/ ip6tables/ iptables/ options [root@demo nat]# less /etc/net/ifaces/default/fw/iptables/ filter/ loadorder mangle/ modules nat/ syntax [root@demo nat]# less /etc/net/ifaces/default/fw/iptables/syntax [?1049h[?1h=# All chains and targets are case-sensitive ! policy: insert: -I ins: -I append: -A add: -A delete: -D del: -D # Builtin targets accept: -j ACCEPT allow: -j ACCEPT pass: -j ACCEPT drop: -j DROP deny: -j DROP return: -j RETURN queue: -j QUEUE # Target extensions balance: -j BALANCE --to-destination classify: -j CLASSIFY --set-class clusterip: -j CLUSTERIP --new clusterip-hashmode: -j CLUSTERIP --hashmode clusterip-clustermac: -j CLUSTERIP --clustermac clusterip-total-nodes: -j CLUSTERIP --total-nodes clusterip-local-node: -j CLUSTERIP --local-node clusterip-hash-init: -j CLUSTERIP --hash-init connmark: -j CONNMARK --set-mark set-connmark: -j CONNMARK --set-mark mask: --mask connmark-save: -j CONNMARK --save-mark save-connmark: -j CONNMARK --save-mark connmark-restore: -j CONNMARK --restore-mark restore-connmark: -j CONNMARK --restore-mark dnat: -j DNAT --to-destination /etc/net/ifaces/default/fw/iptables/syntax lines 1-34/299 10%dnat-to: -j DNAT --to-destination dnat-to-destination: -j DNAT --to-destination set-dscp: -j DSCP --set-dscp set-dscp-class: -j DSCP --set-dscp-class ecn-tcp-remove: -j ECN --ecn-tcp-remove log: -j LOG log-level: --log-level log-prefix: --log-prefix log-tcp-sequence: --log-tcp-sequence log-tcp-options: --log-tcp-options log-ip-options: --log-ip-options log-uid: --log-uid mark: -j MARK --set-mark set-mark: -j MARK --set-mark masquerade: -j MASQUERADE masquerade-to-ports: -j MASQUERADE --to-ports mirror: -j MIRROR netmap: -j NETMAP --to netmap-to: -j NETMAP --to notrack: -j NOTRACK redirect: -j REDIRECT redirect-to: -j REDIRECT --to-ports redirect-to-ports: -j REDIRECT --to-ports reject: -j REJECT reject-with: -j REJECT --reject-with route-to: -j ROUTE --oif route-from: -j ROUTE --iif route-gw: -j ROUTE --gw route-continue: -j ROUTE --continue route-tee: -j ROUTE --tee add-set: -j SET --add-set del-set: -j SET --del-set snat: -j SNAT --to-source snat-to: -j SNAT --to-source /etc/net/ifaces/default/fw/iptables/syntax lines 35-68/299 23%[?1l>[?1049l]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# less /etc/net/ifaces/default/fw/iptables/syntax [root@demo nat]# rpm -ql etcnet | less [root@demo nat]# service network restart [root@demo nat]# echo "snat-to 10.0.2.15" > POSTROUTING [root@demo nat]# echo "snat-to[1@-[1@j [root@demo nat]# echo "-j [1@ [1@S[1@N[1@A[1@T [root@demo nat]# echo "-j SNAT [1@ [1@-[1@-[1@t[1@o[1@-[1@s[1@o[1@u[1@r[1@c[1@e ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# ]service [5@(reverse-i-search)`': (reverse-i-search)`': service ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: Stopping iptables for eth0 Unloading rules for the "POSTROUTING" chain in the "nat" tableiptables: No chain/target/match by that name ERROR: /etc/net/scripts/config-fw: /sbin/iptables -t nat -D POSTROUTING -j SNAT --to-source 10.0.2.15 . ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .... Starting iptables for eth0 Loading rules for the "POSTROUTING" chain in the "nat" table. .OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# iptables-save # Generated by iptables-save v1.3.7 on Tue Jul 8 18:39:59 2008 *mangle :PREROUTING ACCEPT [702:496570] :INPUT ACCEPT [592:486572] :FORWARD ACCEPT [75:4034] :OUTPUT ACCEPT [480:56993] :POSTROUTING ACCEPT [682:90259] COMMIT # Completed on Tue Jul 8 18:39:59 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:39:59 2008 *nat :PREROUTING ACCEPT [46:6854] :POSTROUTING ACCEPT [46:4207] :OUTPUT ACCEPT [55:4959] -A POSTROUTING -j SNAT --to-source 10.0.2.15 COMMIT # Completed on Tue Jul 8 18:39:59 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:39:59 2008 *filter :INPUT ACCEPT [22:6512] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [24:6536] :stdin - [0:0] COMMIT # Completed on Tue Jul 8 18:39:59 2008 ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# grepfind /usr/share/doc/etcnet-0.9.6/ -name iname postrouting /usr/share/doc/etcnet-0.9.6/examples/OpenVPN-TAP/i0060756/fw/iptables/nat/POSTROUTING /usr/share/doc/etcnet-0.9.6/examples/firewall-hiddenman/ifaces/default/fw/iptables/nat/POSTROUTING /usr/share/doc/etcnet-0.9.6/examples/Complex-without-QoS/ifaces/office-net/fw/iptables/nat/POSTROUTING /usr/share/doc/etcnet-0.9.6/examples/Complex-without-QoS/ifaces/ppp20/fw/iptables/nat/POSTROUTING /usr/share/doc/etcnet-0.9.6/examples/OpenVPN-to-satellite/ifaces/sc7am1/fw/iptables/nat/POSTROUTING ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# find /usr/share/doc/etcnet-0.9.6/ -iname postrouting -exec cat {} \; snat-to ${IPV4ADDRESS} to-iface ${NAME} snat-to 5.6.7.8 if marked as 1 return if all from $COMPANY1_OFFICE_NET to $COMPANY1_DMZ_NET return if all from $COMPANY1_OFFICE_NET to $COMPANY1_DMZ_NET2 return if all from $COMPANY1_OFFICE_NET to $COMPANY1_DMZ_NET3 return if all from $COMPANY2_OFFICE_NET to $COMPANY1_DMZ_NET return if all from $COMPANY2_OFFICE_NET to $COMPANY1_DMZ_NET2 return if all from $COMPANY2_OFFICE_NET to $COMPANY1_DMZ_NET3 return if all from $COMPANY1_USER_F29_LAST29_IP to $COMPANY1_VOIP_PROXY_IP jump-to OFFICE-SNAT if all from $COMPANY1_OFFICE_NET jump-to OFFICE-SNAT if all from $COMPANY1_DMZ_NET jump-to OFFICE-SNAT if all from $COMPANY1_DMZ_NET2 jump-to OFFICE-SNAT if all from $COMPANY1_DMZ_NET3 return if all from $COMPANY1_VOIP_PROXY_IP to $USER_F1_LAST1_IP snat-to $NAME_IP if all from $COMPANY1_VOIP_PROXY_IP snat-to ${IPV4ADDRESS} to-iface ${NAME} ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# find /usr/share/doc/etcnet-0.9.6/ -iname postrouting -exec cat {} \; [root@demo nat]# iptables-save service network restart [root@demo nat]# echo "-j SNAT --to-source 10.0.2.15" > POSTROUTING [root@demo nat]# less /etc/net/ifaces/default/fw/iptables/syntax [root@demo nat]# rpm -ql etcnet | less [root@demo nat]# service network restart [root@demo nat]# echo "snat-to 10.0.2.15" > POSTROUTING[1@'[1@' [root@demo nat]# echo 's [root@demo nat]# echo 'sn [root@demo nat]# echo 'sna [root@demo nat]# echo 'snat [root@demo nat]# echo 'snat- [root@demo nat]# echo 'snat-t [root@demo nat]# echo 'snat-to [root@demo nat]# echo 'snat-to [root@demo nat]# echo 'snat-to 1 [root@demo nat]# echo 'snat-to 10 [root@demo nat]# echo 'snat-to 10. [root@demo nat]# echo 'snat-to 10.0 [root@demo nat]# echo 'snat-to 10.0. [root@demo nat]# echo 'snat-to 10.0.2 [root@demo nat]# echo 'snat-to 10.0.2. [root@demo nat]# echo 'snat-to 10.0.2.1 [root@demo nat]# echo 'snat-to 10.0.2.15[1@  [root@demo nat]# echo 'snat-to 10.0.2.15' [root@demo nat]# service network restart [root@demo nat]# rpm -ql etcnet | less [root@demo nat]# less /etc/net/ifaces/default/fw/iptables/syntax [root@demo nat]# echo "-j SNAT --to-source 10.0.2.15" > POSTROUTING[1@'[1@' [root@demo nat]# echo '- [root@demo nat]# echo '-j [root@demo nat]# echo '-j [root@demo nat]# echo '-j S [root@demo nat]# echo '-j SN [root@demo nat]# echo '-j SNA [root@demo nat]# echo '-j SNAT [root@demo nat]# echo '-j SNAT [root@demo nat]# echo '-j SNAT - [root@demo nat]# echo '-j SNAT -- [root@demo nat]# echo '-j SNAT --t [root@demo nat]# echo '-j SNAT --to [root@demo nat]# echo '-j SNAT --to- [root@demo nat]# echo '-j SNAT --to-s [root@demo nat]# echo '-j SNAT --to-so [root@demo nat]# echo '-j SNAT --to-sou [root@demo nat]# echo '-j SNAT --to-sour [root@demo nat]# echo '-j SNAT --to-sourc [root@demo nat]# echo '-j SNAT --to-source [root@demo nat]# echo '-j SNAT --to-source [root@demo nat]# echo '-j SNAT --to-source 1 [root@demo nat]# echo '-j SNAT --to-source 10 [root@demo nat]# echo '-j SNAT --to-source 10. [root@demo nat]# echo '-j SNAT --to-source 10.0 [root@demo nat]# echo '-j SNAT --to-source 10.0. [root@demo nat]# echo '-j SNAT --to-source 10.0.2 [root@demo nat]# echo '-j SNAT --to-source 10.0.2. [root@demo nat]# echo '-j SNAT --to-source 10.0.2.1 [root@demo nat]# echo '-j SNAT --to-source 10.0.2.15[1@$[1@{[1@I[1@P[1@V[1@4[1@A[1@D[1@D[1@R[1@E[1@S[1@S[1@} ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# echo '-j SNAT --to-source ${IPV4ADDRESS}' > POSTROUTING [root@demo nat]# find /usr/share/doc/etcnet-0.9.6/ -iname postrouting -exec cat {} \; [root@demo nat]# iptables-save service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: Stopping iptables for eth0 Unloading rules for the "POSTROUTING" chain in the "nat" tableiptables v1.3.7: Unknown arg `--to-source' Try `iptables -h' or 'iptables --help' for more information. ERROR: /etc/net/scripts/config-fw: /sbin/iptables -t nat -D POSTROUTING -j SNAT --to-source ${IPV4ADDRESS} . ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .... Starting iptables for eth0 Loading rules for the "POSTROUTING" chain in the "nat" table. .OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# iptables-save # Generated by iptables-save v1.3.7 on Tue Jul 8 18:43:17 2008 *mangle :PREROUTING ACCEPT [724:504432] :INPUT ACCEPT [612:493282] :FORWARD ACCEPT [75:4034] :OUTPUT ACCEPT [502:63727] :POSTROUTING ACCEPT [722:103567] COMMIT # Completed on Tue Jul 8 18:43:17 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:43:17 2008 *nat :PREROUTING ACCEPT [48:8006] :POSTROUTING ACCEPT [47:4593] :OUTPUT ACCEPT [57:5732] -A POSTROUTING -j SNAT --to-source 10.0.2.15 COMMIT # Completed on Tue Jul 8 18:43:17 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 18:43:17 2008 *filter :INPUT ACCEPT [20:6710] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [22:6734] :stdin - [0:0] COMMIT # Completed on Tue Jul 8 18:43:17 2008 ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# iptables-save service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: Stopping iptables for eth0 Unloading rules for the "POSTROUTING" chain in the "nat" tableiptables v1.3.7: Unknown arg `--to-source' Try `iptables -h' or 'iptables --help' for more information. ERROR: /etc/net/scripts/config-fw: /sbin/iptables -t nat -D POSTROUTING -j SNAT --to-source ${IPV4ADDRESS} . ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .... Starting iptables for eth0 Loading rules for the "POSTROUTING" chain in the "nat" table. .OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# [root@demo nat]# [root@demo nat]# [root@demo nat]# hce\chkconfig --list acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off atieventsd 0:off 1:off 2:off 3:off 4:off 5:off 6:off avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off c-icap 0:off 1:off 2:off 3:off 4:off 5:off 6:off clamd 0:off 1:off 2:off 3:off 4:off 5:off 6:off configd 0:off 1:off 2:on 3:on 4:on 5:on 6:off consolesaver 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off ethtool 0:off 1:off 2:off 3:off 4:off 5:off 6:off fbsetfont 0:off 1:off 2:off 3:on 4:on 5:on 6:off gssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off hotplug 0:off 1:off 2:on 3:on 4:on 5:on 6:off httpd-alterator 0:off 1:off 2:on 3:on 4:on 5:on 6:off httpd2 0:off 1:off 2:off 3:off 4:off 5:off 6:off idmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off ifplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ifrename 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ipw3945d 0:off 1:off 2:off 3:off 4:off 5:off 6:off jetty5 0:off 1:off 2:off 3:off 4:off 5:off 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheaders 0:off 1:off 2:on 3:on 4:on 5:on 6:off klogd 0:off 1:off 2:on 3:on 4:on 5:on 6:off lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdadm 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off portmap 0:off 1:off 2:on 3:on 4:on 5:on 6:off postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off pptptunnel 0:off 1:off 2:off 3:off 4:off 5:off 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off splash 0:off 1:off 2:on 3:on 4:on 5:on 6:off squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sysfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslogd 0:off 1:off 2:on 3:on 4:on 5:on 6:off tomcat5 0:off 1:off 2:off 3:off 4:off 5:off 6:off udevd 0:off 1:off 2:on 3:on 4:on 5:on 6:off udevd-final 0:off 1:off 2:on 3:on 4:on 5:on 6:off ulogd 0:off 1:off 2:on 3:on 4:on 5:on 6:off update_wms 0:off 1:off 2:off 3:on 4:on 5:on 6:off winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off wine 0:off 1:off 2:on 3:on 4:on 5:on 6:off x11_autosetup 0:off 1:off 2:off 3:on 4:off 5:on 6:off x11presetdrv 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd based services: chargen-tcp: off chargen-udp: off cups-lpd: off daytime-tcp: off daytime-udp: off discard-tcp: off discard-udp: off echo-tcp: off echo-udp: off time-tcp: off time-udp: off ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# chkconfig --list iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# [root@demo nat]# [root@demo nat]# [root@demo nat]# [root@demo nat]# cat /etc/resolv.conf # Generated by dhcpcd for interface eth0 search intranet.mpgu.edu.ru nameserver 10.0.2.3 ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# iptables -A FORWARD -j filett  [root@demo nat]# iptables -[1@-[1@t[1@ [1@f[1@i[1@l[1@t[1@e[1@r[1@ [root@demo nat]# iptables -t filter -A FORWARD -d linux.org.ru -j DROPLOG --loglevel-level [root@demo nat]# iptables -t filter -A FORWARD -d linux.org.ru -j LOG --log-level 2debugloggingwarning ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# iptables -t filter -A FORWARD -d linux.org.ru -j LOG --log-level warningDROP ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# netcat linux.org.ru 80 [root@demo nat]# [1@c[1@a[1@l[1@ [1@|[1@ HTTP/1.1 400 Bad Request Date: Tue, 08 Jul 2008 15:19:53 GMT Server: Apache/2.2.8 (Fedora) Content-Length: 352 Connection: close Content-Type: text/html; charset=iso-8859-1 400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.
Request header field is missing ':' separator.

Su Mo Tu We Th Fr Sa       1  2  3  4  5 6  7  8  9 10 11 12

]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# tail /var/log/syslog/ tail: error reading `/var/log/syslog/': Is a directory ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# tail /var/log/syslog/ alert boot messages.1.bz2 sudo alert.1.bz2 messages spooler [root@demo nat]# tail /var/log/syslog/messages Jul 8 18:44:00 demo last message repeated 4 times Jul 8 18:50:03 demo crond[10275]: (root) CMD ( [ -f /var/run/clamav/clamd.pid ] && /usr/bin/freshclam --quiet --daemon-notify) Jul 8 19:01:01 demo crond[10284]: (root) CMD (run-parts /etc/cron.hourly) Jul 8 19:08:00 demo kernel: atkbd.c: Spurious NAK on isa0060/serio0. Some program might be trying access hardware directly. Jul 8 19:10:11 demo kernel: atkbd.c: Spurious NAK on isa0060/serio0. Some program might be trying access hardware directly. Jul 8 19:12:34 demo kernel: atkbd.c: Spurious NAK on isa0060/serio0. Some program might be trying access hardware directly. Jul 8 19:16:43 demo kernel: ipt_LOG: not logging via system console since somebody else already registered for PF_INET Jul 8 19:19:09 demo kernel: atkbd.c: Spurious NAK on isa0060/serio0. Some program might be trying access hardware directly. Jul 8 19:19:13 demo kernel: IN=eth1 OUT=eth0 SRC=172.16.0.2 DST=217.76.32.61 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=16897 DF PROTO=TCP SPT=1395 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Jul 8 19:19:16 demo kernel: IN=eth1 OUT=eth0 SRC=172.16.0.2 DST=217.76.32.61 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=16898 DF PROTO=TCP SPT=1395 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# dhcpcd ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# apt-cache search dhcp ppp-dhcp - DHCP plugin for ppp avahi-autoipd - Assigning link-local IP addresses service dhcpcd - DHCP Client Daemon dhcp-common - Dynamic Host Configuration Protocol (DHCP) distribution dhcp-server - The ISC DHCP server daemon vlan-utils - Userspace utilities for controlling VLANs on ethernet devices ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# apt-get install dhcp-server Reading Package Lists... 0% Reading Package Lists... 100% Reading Package Lists... Done Building Dependency Tree... 0% Building Dependency Tree... 0% Building Dependency Tree... 50% Building Dependency Tree... 50% Building Dependency Tree... 98% Building Dependency Tree... Done The following extra packages will be installed: dhcp-common The following NEW packages will be installed: dhcp-common dhcp-server 0 upgraded, 2 newly installed, 0 removed and 6 not upgraded. Need to get 0B/615kB of archives. After unpacking 1865kB of additional disk space will be used. Do you want to continue? [Y/n] Y 0% [Working] 33% [Working] 66% [Working] Committing changes... Preparing... ( 50%)# ( 50%)## ( 50%)### ( 50%)#### ( 50%)##### ( 50%)###### ( 50%)####### ( 50%)######## ( 50%)######### ( 50%)########## ( 50%)########### ( 50%)############ ( 50%)############# ( 50%)############## ( 50%)############### ( 50%)################ ( 50%)################# ( 50%)################## ( 50%)################### ( 50%)#################### ( 50%)##################### ( 50%)###################### ( 50%)####################### ( 50%)######################## ( 50%)######################### ( 50%)########################## ( 50%)########################### ( 50%)############################ ( 50%)############################# ( 50%)############################## ( 50%)############################### ( 50%)################################ (100%)################################# (100%)################################## (100%)################################### (100%)#################################### (100%)##################################### (100%)###################################### (100%)####################################### (100%)######################################## (100%)######################################### (100%)########################################## (100%)########################################### (100%)############################################ (100%)############################################# (100%)############################################## (100%)############################################### (100%)################################################ (100%)################################################# (100%)################################################## (100%)################################################### (100%)#################################################### (100%)##################################################### (100%)###################################################### (100%)####################################################### (100%)######################################################## (100%)######################################################### (100%)########################################################## (100%)########################################################### (100%)############################################################ (100%)############################################################# (100%)############################################################## (100%)############################################################### (100%)############################################################### [100%] 1: dhcp-common ( 2%)# ( 7%)## ( 7%)### ( 7%)#### ( 8%)##### ( 10%)###### ( 11%)####### ( 16%)######## ( 16%)######### ( 16%)########## ( 22%)########### ( 22%)############ ( 22%)############# ( 22%)############## ( 27%)############### ( 27%)################ ( 27%)################# ( 33%)################## ( 33%)################### ( 33%)#################### ( 33%)##################### ( 36%)###################### ( 36%)####################### ( 39%)######################## ( 39%)######################### ( 43%)########################## ( 43%)########################### ( 43%)############################ ( 49%)############################# ( 49%)############################## ( 49%)############################### ( 54%)################################ ( 54%)################################# ( 54%)################################## ( 54%)################################### ( 60%)#################################### ( 60%)##################################### ( 60%)###################################### ( 65%)####################################### ( 65%)######################################## ( 65%)######################################### ( 65%)########################################## ( 68%)########################################### ( 69%)############################################ ( 71%)############################################# ( 72%)############################################## ( 76%)############################################### ( 76%)################################################ ( 76%)################################################# ( 81%)################################################## ( 81%)################################################### ( 81%)#################################################### ( 86%)##################################################### ( 86%)###################################################### ( 86%)####################################################### ( 90%)######################################################## ( 90%)######################################################### ( 90%)########################################################## ( 96%)########################################################### ( 96%)############################################################ ( 96%)############################################################# ( 97%)############################################################## ( 99%)############################################################### (100%)############################################################### [ 50%] 2: dhcp-server ( 10%)# ( 10%)## ( 10%)### ( 10%)#### ( 10%)##### ( 10%)###### ( 20%)####### ( 20%)######## ( 20%)######### ( 20%)########## ( 20%)########### ( 20%)############ ( 29%)############# ( 29%)############## ( 29%)############### ( 29%)################ ( 29%)################# ( 29%)################## ( 29%)################### ( 39%)#################### ( 39%)##################### ( 39%)###################### ( 39%)####################### ( 39%)######################## ( 39%)######################### ( 49%)########################## ( 49%)########################### ( 49%)############################ ( 49%)############################# ( 49%)############################## ( 49%)############################### ( 58%)################################ ( 58%)################################# ( 58%)################################## ( 58%)################################### ( 58%)#################################### ( 58%)##################################### ( 68%)###################################### ( 68%)####################################### ( 68%)######################################## ( 68%)######################################### ( 68%)########################################## ( 68%)########################################### ( 78%)############################################ ( 78%)############################################# ( 78%)############################################## ( 78%)############################################### ( 78%)################################################ ( 78%)################################################# ( 78%)################################################## ( 88%)################################################### ( 88%)#################################################### ( 88%)##################################################### ( 88%)###################################################### ( 88%)####################################################### ( 88%)######################################################## ( 90%)######################################################### ( 90%)########################################################## ( 94%)########################################################### ( 94%)############################################################ ( 97%)############################################################# ( 97%)############################################################## ( 98%)############################################################### (100%)############################################################### [100%] Done. ]0;root@demo: /etc/net/ifaces/eth0/fw/iptables/nat[root@demo nat]# cd /etc/dhcp dhcp/ dhcpcd.sh [root@demo nat]# cd /etc/dhcp/dhcpd.conf.sample  ]0;root@demo: /etc/dhcp[root@demo dhcp]# ls dhcpd.conf.sample ]0;root@demo: /etc/dhcp[root@demo dhcp]# cp dhcpd.conf.sample dhcpd.conf.sample  ]0;root@demo: /etc/dhcp[root@demo dhcp]# vim dhcpd.conf 7[?47h[?1h=[?12;25h[?12l[?25h[?25l"dhcpd.conf" "dhcpd.conf" 16L, 396C[>c# See dhcpd.conf(5) for further configuration ddns-update-style none; subnet 192.168.0.0 netmask 255.255.255.0 { option routers192.168.0.1; option subnet-mask 255.255.255.0;option nis-domain"domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1;range dynamic-bootp 192.168.0.128 192.168.0.254; default-lease-time 21600; max-lease-time 43200; } ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 1,1 All[?12l[?25h[?25l5 [?12l[?25h[?25l5j  6,1-4 All[?12l[?25h[?25lk  5,1 All[?12l[?25h[?25lw  5,8 All[?12l[?25h[?25lc [?12l[?25h[?25lcf [?12l[?25h[?25lcf  -- INSERT --5,8 Allnetmask 255.255.255.0 {[?12l[?25h[?25l1netmask 255.255.255.0 {5,9 All[?12l[?25h[?25l7netmask 255.255.255.0 {5,10 All[?12l[?25h[?25l2netmask 255.255.255.0 {5,11 All[?12l[?25h[?25l.netmask 255.255.255.0 {5,12 All[?12l[?25h[?25l1netmask 255.255.255.0 {5,13 All[?12l[?25h[?25l6netmask 255.255.255.0 {5,14 All[?12l[?25h[?25l.netmask 255.255.255.0 {5,15 All[?12l[?25h[?25l0netmask 255.255.255.0 {5,16 All[?12l[?25h[?25l.netmask 255.255.255.0 {5,17 All[?12l[?25h[?25l0netmask 255.255.255.0 {5,18 All[?12l[?25h[?25l netmask 255.255.255.0 {5,19 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 5,18 All[?12l[?25h[?25lu 1 change; before #1 13 seconds ago 192.168.0.0 netmask 255.255.255.0 {5,8 All[?12l[?25h[?25l^R 1 change; after #1 19 seconds ago 172.16.0.0 netmask 255.255.255.0 {5,8 All[?12l[?25h[?25l2 [?12l[?25h[?25l2w  5,12 All[?12l[?25h[?25lw  5,14 All[?12l[?25h[?25lw  5,15 All[?12l[?25h[?25lw  5,16 All[?12l[?25h[?25lw  5,17 All[?12l[?25h[?25lj  6,14-17 All[?12l[?25h[?25lw  6,19-29 All[?12l[?25h[?25lc [?12l[?25h[?25lc2 [?12l[?25h[?25lc2t [?12l[?25h[?25lc2t.  -- INSERT --6,19-29 All.0.1;[?12l[?25h[?25li.0.1;6,20-30 All[?12l[?25h[?25l-- REPLACE --6,20-30 All[?12l[?25h[?25l-- INSERT --6,20-30 All[?12l[?25h[?25l.0.1;6,19-29 All[?12l[?25h[?25l1.0.1;6,20-30 All[?12l[?25h[?25l7.0.1;6,21-31 All[?12l[?25h[?25l2.0.1;6,22-32 All[?12l[?25h[?25l..0.1;6,23-33 All[?12l[?25h[?25l1.0.1;6,24-34 All[?12l[?25h[?25l6.0.1;6,25-35 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 6,24-34 All[?12l[?25h[?25l3 [?12l[?25h[?25l3j  9,26-34 All[?12l[?25h[?25ld [?12l[?25h[?25ldd   ~ 9,2-5 All[?12l[?25h[?25l3 [?12l[?25h[?25l3w  9,16-19 All[?12l[?25h[?25lw  9,22-29 All[?12l[?25h[?25lw  9,23-30 All[?12l[?25h[?25ld [?12l[?25h[?25ldt [?12l[?25h[?25ldt"  ";[?12l[?25h[?25li  -- INSERT --9,23-30 All[?12l[?25h[?25ld";9,24-31 All[?12l[?25h[?25le";9,25-32 All[?12l[?25h[?25lm";9,26-33 All[?12l[?25h[?25lo";9,27-34 All[?12l[?25h[?25l.";9,28-35 All[?12l[?25h[?25lc";9,29-36 All[?12l[?25h[?25ll";9,30-37 All[?12l[?25h[?25la";9,31-38 All[?12l[?25h[?25ls";9,32-39 All[?12l[?25h[?25ls";9,33-40 All[?12l[?25h[?25l.";9,34-41 All[?12l[?25h[?25la";9,35-42 All[?12l[?25h[?25ll";9,36-43 All[?12l[?25h[?25lt";9,37-44 All[?12l[?25h[?25ll";9,38-45 All[?12l[?25h[?25li";9,39-46 All[?12l[?25h[?25ln";9,40-47 All[?12l[?25h[?25lu";9,41-48 All[?12l[?25h[?25lx";9,42-49 All[?12l[?25h[?25l.";9,43-50 All[?12l[?25h[?25lr";9,44-51 All[?12l[?25h[?25lu";9,45-52 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 9,44-51 All[?12l[?25h[?25lj  10,40-44 All[?12l[?25h[?25lb  10,39-43 All[?12l[?25h[?25lb  10,38-42 All[?12l[?25h[?25lb  10,37-41 All[?12l[?25h[?25lb  10,36-40 All[?12l[?25h[?25lb  10,33-37 All[?12l[?25h[?25lb  10,32-36 All[?12l[?25h[?25lb  10,29-33 All[?12l[?25h[?25lc [?12l[?25h[?25lcf [?12l[?25h[?25lcf:  [?12l[?25h[?25l~@k  11,0-1 All[?12l[?25h[?25l~@k  10,29-33 All[?12l[?25h[?25lc [?12l[?25h[?25lct [?12l[?25h[?25lct;  -- INSERT --10,29-33 All;[?12l[?25h[?25li;10,30-34 All[?12l[?25h[?25l;10,29-33 All[?12l[?25h[?25l1;10,30-34 All[?12l[?25h[?25l0;10,31-35 All[?12l[?25h[?25l.;10,32-36 All[?12l[?25h[?25l0;10,33-37 All[?12l[?25h[?25l.;10,34-38 All[?12l[?25h[?25l2;10,35-39 All[?12l[?25h[?25l.;10,36-40 All[?12l[?25h[?25l3;10,37-41 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 10,36-40 All[?12l[?25h[?25lj  11,0-1 All[?12l[?25h[?25lj  12,37-40 All[?12l[?25h[?25l3 [?12l[?25h[?25l3b  12,31-34 All[?12l[?25h[?25l3 [?12l[?25h[?25l3b  12,26-29 All[?12l[?25h[?25lb  12,25-28 All[?12l[?25h[?25lb  12,22-25 All[?12l[?25h[?25lc [?12l[?25h[?25lct [?12l[?25h[?25lct  -- INSERT --12,22-25 All 192.168.0.254;[?12l[?25h[?25l1 192.168.0.254;12,23-26 All[?12l[?25h[?25l7 192.168.0.254;12,24-27 All[?12l[?25h[?25l2 192.168.0.254;12,25-28 All[?12l[?25h[?25l. 192.168.0.254;12,26-29 All[?12l[?25h[?25l1 192.168.0.254;12,27-30 All[?12l[?25h[?25l6 192.168.0.254;12,28-31 All[?12l[?25h[?25l. 192.168.0.254;12,29-32 All[?12l[?25h[?25l0 192.168.0.254;12,30-33 All[?12l[?25h[?25l. 192.168.0.254;12,31-34 All[?12l[?25h[?25l0 192.168.0.254;12,32-35 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 12,31-34 All[?12l[?25h[?25lw  12,33-36 All[?12l[?25h[?25lj  13,26-29 All[?12l[?25h[?25lj  14,22-25 All[?12l[?25h[?25ll  [?12l[?25h[?25lk  13,26-29 All[?12l[?25h[?25lk  12,33-36 All[?12l[?25h[?25lh  12,32-35 All[?12l[?25h[?25lh  12,31-34 All[?12l[?25h[?25li  -- INSERT --12,31-34 All[?12l[?25h[?25l10 192.168.0.254;12,32-35 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 12,31-34 All[?12l[?25h[?25lw  12,34-37 All[?12l[?25h[?25lc [?12l[?25h[?25lct [?12l[?25h[?25lct;  -- INSERT --12,34-37 All;[?12l[?25h[?25l1;12,35-38 All[?12l[?25h[?25l7;12,36-39 All[?12l[?25h[?25l2;12,37-40 All[?12l[?25h[?25l.;12,38-41 All[?12l[?25h[?25l1;12,39-42 All[?12l[?25h[?25l6;12,40-43 All[?12l[?25h[?25l.;12,41-44 All[?12l[?25h[?25l0;12,42-45 All[?12l[?25h[?25l.;12,43-46 All[?12l[?25h[?25l9;12,44-47 All[?12l[?25h[?25l9;12,45-48 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 12,44-47 All[?12l[?25h[?25lj  13,26-29 All[?12l[?25h[?25l# See dhcpd.conf(5) for further configuration ddns-update-style none; subnet 172.16.0.0 netmask 255.255.255.0 { option routers172.16.0.1; option subnet-mask 255.255.255.0;option domain-name "demo.class.altlinux.ru"; option domain-name-servers 10.0.2.3;range dynamic-bootp 172.16.0.10 172.16.0.99; default-lease-time 21600; max-lease-time 43200; } ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 13,26-29 All[?12l[?25h[?25lddns-update-style none; subnet 172.16.0.0 netmask 255.255.255.0 { option routers172.16.0.1; option subnet-mask 255.255.255.0;option domain-name "demo.class.altlinux.ru"; option domain-name-servers 10.0.2.3;range dynamic-bootp 172.16.0.10 172.16.0.99; default-lease-time 21600; max-lease-time 43200; } ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 13,26-29 Bot[?12l[?25h[?25lg [?12l[?25h[?25l gg  # See dhcpd.conf(5) for further configuration1,1 All[?12l[?25h[?25l^G "dhcpd.conf" [Modified] 15 lines --6%-- 1,1 All[?12l[?25h[?25l2 [?12l[?25h[?25l2j  3,1 All[?12l[?25h[?25lG  {}15,1 All[?12l[?25h[?25lo  -- INSERT --16,1 All{}[?12l[?25h[?25l17,1 All[?12l[?25h[?25ls17,2 All[?12l[?25h[?25lu17,3 All[?12l[?25h[?25lb17,4 All[?12l[?25h[?25ln17,5 All[?12l[?25h[?25le17,6 All[?12l[?25h[?25lt17,7 All[?12l[?25h[?25l17,8 All[?12l[?25h[?25l117,9 All[?12l[?25h[?25l017,10 All[?12l[?25h[?25l.17,11 All[?12l[?25h[?25l017,12 All[?12l[?25h[?25l.17,13 All[?12l[?25h[?25l017,14 All[?12l[?25h[?25l.17,15 All[?12l[?25h[?25l017,16 All[?12l[?25h[?25l17,17 All[?12l[?25h[?25ln17,18 All[?12l[?25h[?25le17,19 All[?12l[?25h[?25lt17,20 All[?12l[?25h[?25lm17,21 All[?12l[?25h[?25la17,22 All[?12l[?25h[?25ls17,23 All[?12l[?25h[?25lk17,24 All[?12l[?25h[?25l17,25 All[?12l[?25h[?25l217,26 All[?12l[?25h[?25l517,27 All[?12l[?25h[?25l517,28 All[?12l[?25h[?25l.17,29 All[?12l[?25h[?25l017,30 All[?12l[?25h[?25l.17,31 All[?12l[?25h[?25l017,32 All[?12l[?25h[?25l.17,33 All[?12l[?25h[?25l017,34 All[?12l[?25h[?25l.17,35 All[?12l[?25h[?25l17,34 All[?12l[?25h[?25l17,35 All[?12l[?25h[?25l{17,36 All[?12l[?25h[?25l17,35 All[?12l[?25h[?25l(17,36 All[?12l[?25h[?25l)17,35 All[?12l[?25h[?25l()17,37 All[?12l[?25h[?25l(17,36 All[?12l[?25h[?25l17,35 All[?12l[?25h[?25l{17,36 All[?12l[?25h[?25l}17,35 All[?12l[?25h[?25l{}17,37 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 17,36 All[?12l[?25h[?25l: :[?12l[?25hw[?25l :w[?12l[?25hq[?25l :wq[?12l[?25h [?25l"dhcpd.conf" "dhcpd.conf" 17L, 403C written [?1l>[?12l[?25h[?47l8]0;root@demo: /etc/dhcp[root@demo dhcp]# ]0;root@demo: /etc/dhcp[root@demo dhcp]# service dhcpd start Starting dhcpd service: [ DONE(B ] ]0;root@demo: /etc/dhcp[root@demo dhcp]# cat cdhcpd.conf # See dhcpd.conf(5) for further configuration ddns-update-style none; subnet 172.16.0.0 netmask 255.255.255.0 { option routers 172.16.0.1; option subnet-mask 255.255.255.0; option domain-name "demo.class.altlinux.ru"; option domain-name-servers 10.0.2.3; range dynamic-bootp 172.16.0.10 172.16.0.99; default-lease-time 21600; max-lease-time 43200; } subnet 10.0.0.0 netmask 255.0.0.0 {} ]0;root@demo: /etc/dhcp[root@demo dhcp]# cat dhcpd.confservice dhcpd startvim dhcpd.confservice dhcpd startcat dhcpd.conf [4@(reverse-i-search)`': (reverse-i-search)`': t': cat dhcpd.confc': cd /etc/dhcp/p': tcpdump -n -i eth1 host 80.68.240.144 (reverse-i-search)`tcp': [root@demo dhcp]# [root@demo dhcp]# [root@demo dhcp]# t [root@demo dhcp]# tc [root@demo dhcp]# tcp [root@demo dhcp]# tcpd [root@demo dhcp]# tcpdu [root@demo dhcp]# tcpdum [root@demo dhcp]# tcpdump [root@demo dhcp]# tcpdump [root@demo dhcp]# tcpdump - [root@demo dhcp]# tcpdump -n [root@demo dhcp]# tcpdump -n [root@demo dhcp]# tcpdump -n - [root@demo dhcp]# tcpdump -n -i [root@demo dhcp]# tcpdump -n -i [root@demo dhcp]# tcpdump -n -i e [root@demo dhcp]# tcpdump -n -i et [root@demo dhcp]# tcpdump -n -i eth [root@demo dhcp]# tcpdump -n -i eth1 [root@demo dhcp]# tcpdump -n -i eth1 [root@demo dhcp]# tcpdump -n -i eth1 h [root@demo dhcp]# tcpdump -n -i eth1 ho [root@demo dhcp]# tcpdump -n -i eth1 hos [root@demo dhcp]# tcpdump -n -i eth1 host [root@demo dhcp]# tcpdump -n -i eth1 host [root@demo dhcp]# tcpdump -n -i eth1 host 80.68.240.144.68.240.14468.240.1448.240.144.240.144240.14440.1440.144.14414444 [root@demo dhcp]# tcpdump -n -i eth1 host 4ya.ru [root@demo dhcp]# tcpdump -n ]0;root@demo: /etc/dhcp[root@demo dhcp]# iptables-save # Generated by iptables-save v1.3.7 on Tue Jul 8 19:41:02 2008 *mangle :PREROUTING ACCEPT [4573:4494995] :INPUT ACCEPT [4401:4474833] :FORWARD ACCEPT [133:11894] :OUTPUT ACCEPT [3484:475786] :POSTROUTING ACCEPT [3811:531955] COMMIT # Completed on Tue Jul 8 19:41:02 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 19:41:02 2008 *nat :PREROUTING ACCEPT [60:9997] :POSTROUTING ACCEPT [48:4843] :OUTPUT ACCEPT [179:12814] -A POSTROUTING -j SNAT --to-source 10.0.2.15 COMMIT # Completed on Tue Jul 8 19:41:02 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 19:41:02 2008 *filter :INPUT ACCEPT [3789:3981551] :FORWARD ACCEPT [56:7756] :OUTPUT ACCEPT [2982:412059] :stdin - [0:0] -A FORWARD -d 217.76.32.61 -j LOG -A FORWARD -d 217.76.32.61 -j DROP COMMIT # Completed on Tue Jul 8 19:41:02 2008 ]0;root@demo: /etc/dhcp[root@demo dhcp]# tail /var/log/messages Jul 8 19:37:07 demo dhcpd: Sending on Socket/fallback/fallback-net Jul 8 19:37:07 demo dhcpd: Sending on Socket/fallback/fallback-net Jul 8 19:37:07 demo dhcpd: Wrote 0 leases to leases file. Jul 8 19:37:07 demo dhcpd: dhcpd startup succeeded Jul 8 19:37:17 demo kernel: atkbd.c: Spurious NAK on isa0060/serio0. Some program might be trying access hardware directly. Jul 8 19:37:45 demo kernel: atkbd.c: Spurious NAK on isa0060/serio0. Some program might be trying access hardware directly. Jul 8 19:38:46 demo dhcpd: DHCPDISCOVER from 08:00:27:b7:69:b9 via eth1 Jul 8 19:38:47 demo dhcpd: DHCPOFFER on 172.16.0.99 to 08:00:27:b7:69:b9 (localhost.localdomain) via eth1 Jul 8 19:38:47 demo dhcpd: DHCPREQUEST for 172.16.0.99 (172.16.0.1) from 08:00:27:b7:69:b9 (localhost.localdomain) via eth1 Jul 8 19:38:47 demo dhcpd: DHCPACK on 172.16.0.99 to 08:00:27:b7:69:b9 (localhost.localdomain) via eth1 ]0;root@demo: /etc/dhcp[root@demo dhcp]# tail /var/log/messages [root@demo dhcp]# iptables-save [root@demo dhcp]# iptables-save cat dhcpd.confiptables-save [9@tail /var/log/messages [root@demo dhcp]# tail /var/log/messages [root@demo dhcp]#  [4@(reverse-i-search)`': (reverse-i-search)`': [24@t': tail /var/log/messagesc': cd /etc/dhcp/p': tcpdump -n -i eth1 host 80.68.240.144 (reverse-i-search)`tcp': [1@d (reverse-i-search)`tcpd': [1@u (reverse-i-search)`tcpdu': [root@demo dhcp]# [root@demo dhcp]# [root@demo dhcp]# t [root@demo dhcp]# tc [root@demo dhcp]# tcp [root@demo dhcp]# tcpd [root@demo dhcp]# tcpdu [root@demo dhcp]# tcpdum [root@demo dhcp]# tcpdump [root@demo dhcp]# tcpdump [root@demo dhcp]# tcpdump - [root@demo dhcp]# tcpdump -n [root@demo dhcp]# tcpdump -n  [root@demo dhcp]# tcpdump -i eth1 host 80.68.240.144ya.ru ]0;root@demo: /etc/dhcp[root@demo dhcp]# service network restart Computing interface groups: ... 3 interfaces found Processing /etc/net/vlantab: empty. Stopping group 1/realphys (2 interfaces) Stopping eth0: Stopping iptables for eth0 Unloading rules for the "POSTROUTING" chain in the "nat" tableiptables v1.3.7: Unknown arg `--to-source' Try `iptables -h' or 'iptables --help' for more information. ERROR: /etc/net/scripts/config-fw: /sbin/iptables -t nat -D POSTROUTING -j SNAT --to-source ${IPV4ADDRESS} . ..OK Stopping eth1: ..OK Stopping group 0/virtual (1 interfaces) Stopping lo: .OK Stopping iptables for default Flushing the "OUTPUT" chain in the "filter" table Flushing the "FORWARD" chain in the "filter" table Flushing the "INPUT" chain in the "filter" table Flushing the "POSTROUTING" chain in the "nat" table Flushing the "OUTPUT" chain in the "nat" table Flushing the "PREROUTING" chain in the "nat" table Flushing the "POSTROUTING" chain in the "mangle" table Flushing the "OUTPUT" chain in the "mangle" table Flushing the "FORWARD" chain in the "mangle" table Flushing the "INPUT" chain in the "mangle" table Flushing the "PREROUTING" chain in the "mangle" table Deleting the "stdin" chain from the "filter" table Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Starting iptables for default Setting ACCEPT policy for the "INPUT" chain in the "filter" table Setting ACCEPT policy for the "FORWARD" chain in the "filter" table Setting ACCEPT policy for the "OUTPUT" chain in the "filter" table Creating the "stdin" chain in the "filter" table Computing interface groups: ... 3 interfaces found Starting group 0/virtual (1 interfaces) Starting lo: ....OK Starting group 1/realphys (2 interfaces) Starting eth0: .... Starting iptables for eth0 Loading rules for the "POSTROUTING" chain in the "nat" table. .OK Starting eth1: .....OK Processing /etc/net/vlantab: empty. ]0;root@demo: /etc/dhcp[root@demo dhcp]# service network restart [root@demo dhcp]#  [4@(reverse-i-search)`': (reverse-i-search)`': t': service network restart (reverse-i-search)`tc': cd /etc/dhcp/p': tcpdump -n -i eth1 host 80.68.240.144 (reverse-i-search)`tcp': ]0;root@demo: /etc/dhcp[root@demo dhcp]# iptables-save # Generated by iptables-save v1.3.7 on Tue Jul 8 19:43:03 2008 *mangle :PREROUTING ACCEPT [4597:4502649] :INPUT ACCEPT [4423:4481335] :FORWARD ACCEPT [133:11894] :OUTPUT ACCEPT [3508:482312] :POSTROUTING ACCEPT [3855:544847] COMMIT # Completed on Tue Jul 8 19:43:03 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 19:43:03 2008 *nat :PREROUTING ACCEPT [62:11149] :POSTROUTING ACCEPT [50:5269] :OUTPUT ACCEPT [184:13707] -A POSTROUTING -j SNAT --to-source 10.0.2.15 COMMIT # Completed on Tue Jul 8 19:43:03 2008 # Generated by iptables-save v1.3.7 on Tue Jul 8 19:43:03 2008 *filter :INPUT ACCEPT [22:6502] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [24:6526] :stdin - [0:0] COMMIT # Completed on Tue Jul 8 19:43:03 2008 ]0;root@demo: /etc/dhcp[root@demo dhcp]# [4@(reverse-i-search)`': (reverse-i-search)`': [15@t': iptables-savec': cd /etc/dhcp/p': tcpdump -n -i eth1 host 80.68.240.144 (reverse-i-search)`tcp': [1@d (reverse-i-search)`tcpd': [1@u (reverse-i-search)`tcpdu': [root@demo dhcp]# [root@demo dhcp]# [root@demo dhcp]# t [root@demo dhcp]# tcpdump -n -i eth1 host 80.68.240.144ya.linux.org.ru [root@demo dhcp]# [root@demo dhcp]# t [root@demo dhcp]# tc [root@demo dhcp]# tcp [root@demo dhcp]# tcpd [root@demo dhcp]# tcpdu [root@demo dhcp]# tcpdum [root@demo dhcp]# tcpdump [root@demo dhcp]# tcpdump [root@demo dhcp]# tcpdump - [root@demo dhcp]# tcpdump -n [root@demo dhcp]# tcpdump -n [1@ [root@demo dhcp]# tcpdump -i eth1 host linux.org.ru tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 19:43:40.923714 IP 172.16.0.99.4378 > linux.org.ru.http: S 668120931:668120931(0) win 5840 19:43:40.934759 IP linux.org.ru.http > 172.16.0.99.4378: S 720896001:720896001(0) ack 668120932 win 8192 19:43:40.935954 IP 172.16.0.99.4378 > linux.org.ru.http: . ack 1 win 5840 19:43:40.950012 IP 172.16.0.99.4378 > linux.org.ru.http: P 1:169(168) ack 1 win 5840 19:43:40.950542 IP linux.org.ru.http > 172.16.0.99.4378: . ack 169 win 8760 19:43:40.955974 IP linux.org.ru.http > 172.16.0.99.4378: P 1:534(533) ack 169 win 8760 19:43:40.956036 IP linux.org.ru.http > 172.16.0.99.4378: F 534:534(0) ack 169 win 8760 19:43:40.970101 IP 172.16.0.99.4378 > linux.org.ru.http: . ack 534 win 6432 19:43:40.970128 IP 172.16.0.99.4378 > linux.org.ru.http: F 169:169(0) ack 535 win 6432 19:43:40.970747 IP linux.org.ru.http > 172.16.0.99.4378: . ack 170 win 8760 10 packets captured 10 packets received by filter 0 packets dropped by kernel ]0;root@demo: /etc/dhcp[root@demo dhcp]# cd /etc/dhcp dhcp/ dhcpcd.sh [root@demo dhcp]# cd /etc/dhcpd/dhcpd.conf dhcpd.conf dhcpd.conf.sample [root@demo dhcp]# cd /etc/dhcp/dhcpd.conf ]0;root@demo: /etc/dhcp[root@demo dhcp]# cd /var/ligb/ alterator/ clamav-db/ dosemu/ kdm/ menu/ rpm/ tomcat5/ apt/ dav/ games/ klogd/ misc/ rsbac/ ulogd/ autoipd/ dbus/ hotplug/ locate/ nfs/ run/ wine/ cache/ dhcp/ hwclock/ log/ nvidia/ samba/ xdm/ clamav/ dhcpcd/ jetty5/ logrotate/ osec/ ssl/ xkb/ [root@demo dhcp]# cd /var/lib/dhcp dhcp/ dhcpcd/ [root@demo dhcp]# cd /var/lib/dhcp/ ]0;root@demo: /var/lib/dhcp[root@demo dhcp]# ls dhcpd ]0;root@demo: /var/lib/dhcp[root@demo dhcp]# cd dhcpd/ ]0;root@demo: /var/lib/dhcp/dhcpd[root@demo dhcpd]# ls dev etc lib state var ]0;root@demo: /var/lib/dhcp/dhcpd[root@demo dhcpd]# find . - . ./state ./state/dhcpd.leases ./state/dhcpd.leases~ ./dev ./etc ./etc/host.conf ./etc/services ./etc/hosts ./etc/resolv.conf ./etc/nsswitch.conf ./etc/localtime ./lib ./lib/libnsl.so.1 ./lib/libnss_hesiod.so.2 ./lib/libresolv.so.2 ./lib/libnss_nisplus.so.2 ./lib/libnss_mdns4_minimal.so.2 ./lib/libnss_nis.so.2 ./lib/libnss_mdns4.so.2 ./lib/libnss_files.so.2 ./lib/libnss_dns.so.2 ./var ./var/yp ./var/yp/binding ./var/nis ]0;root@demo: /var/lib/dhcp/dhcpd[root@demo dhcpd]# cat state/dhcpd.leases # All times in this file are in UTC (GMT), not your local timezone. This is # not a bug, so please don't ask about it. There is no portable way to # store leases in the local timezone, so please don't request this as a # feature. If this is inconvenient or confusing to you, we sincerely # apologize. Seriously, though - don't ask. # The format of this file is documented in the dhcpd.leases(5) manual page. # This lease file was written by isc-dhcp-V3.0.6 lease 172.16.0.99 { starts 2 2008/07/08 15:38:47; ends 2 2008/07/08 21:38:47; binding state active; next binding state free; hardware ethernet 08:00:27:b7:69:b9; uid "\001\010\000'\267i\271"; client-hostname "localhost.localdomain"; } ]0;root@demo: /var/lib/dhcp/dhcpd[root@demo dhcpd]# pwd /var/lib/dhcp/dhcpd ]0;root@demo: /var/lib/dhcp/dhcpd[root@demo dhcpd]# cd ]0;root@demo: /root[root@demo ~]# vim /etc/dhcp/dhcpd.conf 7[?47h[?1h=[?12;25h[?12l[?25h[?25l"/etc/dhcp/dhcpd.conf" "/etc/dhcp/dhcpd.conf" 17L, 403C[>c# See dhcpd.conf(5) for further configuration ddns-update-style none; subnet 172.16.0.0 netmask 255.255.255.0 { option routers172.16.0.1; option subnet-mask 255.255.255.0;option domain-name "demo.class.altlinux.ru"; option domain-name-servers 10.0.2.3;range dynamic-bootp 172.16.0.10 172.16.0.99; default-lease-time 21600; max-lease-time 43200; } subnet 10.0.0.0 netmask 255.0.0.0 {} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 1,1 All[?12l[?25h[?25lG  17,1 All[?12l[?25h[?25lo  -- INSERT --18,1 All[?12l[?25h[?25l19,1 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 19,0-1 All[?12l[?25h[?25lu 2 fewer lines; before #1 3 seconds ago  ~ ~ 17,1 All[?12l[?25h[?25lO  -- INSERT --17,1 All-- INSERT --17,1 All[?12l[?25h[?25l-- INSERT --18,1 All[?12l[?25h[?25l ~ -- INSERT --17,1 All[?12l[?25h[?25l^[ [?12l[?25h[?25l 17,0-1 All[?12l