No registered users in community Materiały
in last 10 minutes
in last 10 minutes
SIK - Temat F - przykłady
Polecenie route Linux-a
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
$ route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.15
# + dodajemy gateway/router 192.168.1.15 dla sieci 192.168.2
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 192.168.1.15 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
# + efekt powyższej operacji
$ route del default gw 192.168.1.254
$ route add default gw 10.0.2.2
# + usuwanie i dodawanie default gw
Polecenie iptables Linux-a; zapora stworzona skryptem /etc/rc.d/rc.firewall; porty 10000 i 21/tcp otwarte
$ iptables -L --line-num # + tutaj iptables pokazuje tylko reguły zapory stworzonej przez rc.firewall Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp 3 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:10000 4 ACCEPT udp -- anywhere anywhere state NEW udp dpt:10000 5 ACCEPT all -- anywhere anywhere state NEW 6 TRUSTED all -- anywhere anywhere state NEW Chain FORWARD (policy DROP) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 DROP icmp -- anywhere anywhere state INVALID Chain TRUSTED (1 references) num target prot opt source destination 1 ACCEPT icmp -- anywhere anywhere icmp echo-request 2 DROP icmp -- anywhere anywhere 3 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable $ iptables -L -v --line-num # + bardziej "gadatliwa" wersja tego co wyżej... Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 284 291K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 2 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ftp 3 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:10000 4 0 0 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:10000 5 0 0 ACCEPT all -- lo any anywhere anywhere state NEW 6 421 48422 TRUSTED all -- any any anywhere anywhere state NEW Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 248 packets, 27692 bytes) num pkts bytes target prot opt in out source destination 1 0 0 DROP icmp -- any any anywhere anywhere state INVALID Chain TRUSTED (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 2 0 0 DROP icmp -- any any anywhere anywhere 3 421 48422 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Przykład użycia prot UDP spod Tcl-a (na użytek niektórych zadań, np. F.17)
## klient
load tcludp.so udp
set s [udp_open 10001]
fconfigure $s -remote {faculty.wmi.amu.edu.pl 10000}
fileevent $s readable "obsluga $s"; # obsługa odpowiedzi od serwera...
proc obsluga s {
set x [read $s]; set peer [fconfigure $s -peer]
puts "$peer : $x"
}
set licznik 0
puts -nonewline $s "licznik=$licznik"; incr licznik; flush $s
# tu klient wysyła datagramy do serwera
## serwer
load tcludp.so udp
set sock [udp_open 10000]
fileevent $sock readable "obsluga $sock"; # budowanie odpowiedzi na pytanie klienta...
proc obsluga s {
set x [read $s]; set peer [fconfigure $s -peer]
puts "$peer : $x"
fconfigure $s -remote $peer
puts -nonewline $s "$x (odp)"; flush $s
}
vwait qqq