普通の　Linux: debian 'nat box';morizot twoftpd-run scp

全体は

internet
|
|
|
router
192.168.1.1
|
|
|
192.168.1.x
debian nat box run dhcpd & iptables
192.168.11.1
|
|
|
192.168.11.x
puppy

debian では
cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug eth1
iface eth1 inet static
address 192.168.11.1
netmask 255.255.255.0
dns-nameservers 192.168.11.1

udhcpdをインストールして

cat /etc/udhcpd.conf
start 192.168.11.20 #default: 192.168.0.20
end 192.168.11.25 #default: 192.168.0.254

interface eth1 #default: eth0

opt dns 192.168.1.1
option subnet 255.255.255.0
opt router 192.168.11.1
#opt wins 192.168.10.10
#option dns 129.219.13.81 # appened to above DNS servers for a total of 3
#option domain local

option lease 864000 # 10 days of seconds

http://easyfwgen.morizot.net/gen/で　firewallのルールを発生させます。

すると

cat fire-mori.bat 　というルールができます。
以下です。

SYSCTL="/sbin/sysctl -w"

IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"

INET_IFACE="eth0"

LOCAL_IFACE="eth1"
LOCAL_IP="192.168.11.1"
LOCAL_NET="192.168.11.0/24"
LOCAL_BCAST="192.168.11.255"

LO_IFACE="lo"
LO_IP="127.0.0.1"

if [ "$1" = "save" ]
then
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
$IPTS > /etc/sysconfig/iptables
echo "done"
exit 0
elif [ "$1" = "restore" ]
then
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
$IPTR < /etc/sysconfig/iptables
echo "done"
exit 0
fi

echo "Loading kernel modules ..."

/sbin/modprobe ip_tables

/sbin/modprobe ip_conntrack

/sbin/modprobe ip_nat_ftp

/sbin/modprobe ip_conntrack_ftp

/sbin/modprobe ip_conntrack_irc

if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
else
$SYSCTL net.ipv4.ip_forward="1"
fi

if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
else
$SYSCTL net.ipv4.tcp_syncookies="1"
fi

if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
else
$SYSCTL net.ipv4.conf.all.rp_filter="1"
fi

if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
else
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
fi

if [ "$SYSCTL" = "" ]
then
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
else
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
fi

if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
else
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
fi

if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
else
$SYSCTL net.ipv4.conf.all.log_martians="1"
fi

echo "Flushing Tables ..."

$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

$IPT -F
$IPT -t nat -F
$IPT -t mangle -F

$IPT -X
$IPT -t nat -X
$IPT -t mangle -X

if [ "$1" = "stop" ]
then
echo "Firewall completely flushed! Now running with no firewall."
exit 0
fi

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

echo "Create and populate custom rule chains ..."

$IPT -N bad_packets

$IPT -N bad_tcp_packets

$IPT -N icmp_packets

$IPT -N udp_inbound

$IPT -N udp_outbound

$IPT -N tcp_inbound

$IPT -N tcp_outbound

$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG \
--log-prefix "Illegal source: "

$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP

$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG \
--log-prefix "Invalid packet: "

$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP

$IPT -A bad_packets -p tcp -j bad_tcp_packets

$IPT -A bad_packets -p ALL -j RETURN

$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN

$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn: "
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP

$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP

$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP

$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

$IPT -A bad_tcp_packets -p tcp -j RETURN

$IPT -A icmp_packets --fragment -p ICMP -j LOG \
--log-prefix "ICMP Fragment: "
$IPT -A icmp_packets --fragment -p ICMP -j DROP

$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP

$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

$IPT -A icmp_packets -p ICMP -j RETURN

$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP

$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 \
-j ACCEPT

$IPT -A udp_inbound -p UDP -j RETURN

$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT

$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT

$IPT -A tcp_inbound -p TCP -j RETURN

$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT

echo "Process INPUT chain ..."

$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT

$IPT -A INPUT -p ALL -j bad_packets

$IPT -A INPUT -p ALL -d 224.0.0.1 -j DROP

$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT

$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT

$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets

$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP

$IPT -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-prefix "INPUT packet died: "

echo "Process FORWARD chain ..."

$IPT -A FORWARD -p ALL -j bad_packets

$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound

$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound

$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT

$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT

$IPT -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-prefix "FORWARD packet died: "

echo "Process OUTPUT chain ..."

$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP

$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT

$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT

$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT

$IPT -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-prefix "OUTPUT packet died: "

echo "Load rules for nat table ..."

$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

echo "Load rules for mangle table ..."

# 以下は自分のつけたし
echo '------------------------------------'
iptables-save
echo '$$$$$$$$$$$$$$$$$$$$$$$$$$$$'

iptables -L

上で書いたルールはとても人間業とはおもえないです。
複雑すぎます。

これで以下がでてきます。
Loading kernel modules ...
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.log_martians = 1
Flushing Tables ...
Create and populate custom rule chains ...
Process INPUT chain ...
Process FORWARD chain ...
Process OUTPUT chain ...
Load rules for nat table ...
Load rules for mangle table ...

-----------------------------
# Generated by iptables-save v1.4.14 on Mon Jun 30 10:19:10 2014
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 30 10:19:10 2014
# Generated by iptables-save v1.4.14 on Mon Jun 30 10:19:10 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:bad_packets - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_inbound - [0:0]
:tcp_outbound - [0:0]
:udp_inbound - [0:0]
:udp_outbound - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -j bad_packets
-A INPUT -d 224.0.0.1/32 -j DROP
-A INPUT -s 192.168.11.0/24 -i eth1 -j ACCEPT
-A INPUT -d 192.168.11.255/32 -i eth1 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -j tcp_inbound
-A INPUT -i eth0 -p udp -j udp_inbound
-A INPUT -i eth0 -p icmp -j icmp_packets
-A INPUT -m pkttype --pkt-type broadcast -j DROP
-A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "INPUT packet died: "
-A FORWARD -j bad_packets
-A FORWARD -i eth1 -p tcp -j tcp_outbound
-A FORWARD -i eth1 -p udp -j udp_outbound
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "FORWARD packet died: "
-A OUTPUT -p icmp -m state --state INVALID -j DROP
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.11.1/32 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "OUTPUT packet died: "
-A bad_packets -s 192.168.11.0/24 -i eth0 -j LOG --log-prefix "Illegal source: "
-A bad_packets -s 192.168.11.0/24 -i eth0 -j DROP
-A bad_packets -m state --state INVALID -j LOG --log-prefix "Invalid packet: "
-A bad_packets -m state --state INVALID -j DROP
-A bad_packets -p tcp -j bad_tcp_packets
-A bad_packets -j RETURN
-A bad_tcp_packets -i eth1 -p tcp -j RETURN
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "New not syn: "
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOG --log-prefix "Stealth scan: "
-A bad_tcp_packets -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A bad_tcp_packets -p tcp -j RETURN
-A icmp_packets -p icmp -f -j LOG --log-prefix "ICMP Fragment: "
-A icmp_packets -p icmp -f -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A icmp_packets -p icmp -j RETURN
-A tcp_inbound -p tcp -m tcp --dport 22 -j ACCEPT
-A tcp_inbound -p tcp -j RETURN
-A tcp_outbound -p tcp -j ACCEPT
-A udp_inbound -p udp -m udp --dport 137 -j DROP
-A udp_inbound -p udp -m udp --dport 138 -j DROP
-A udp_inbound -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A udp_inbound -p udp -j RETURN
-A udp_outbound -p udp -j ACCEPT
COMMIT
# Completed on Mon Jun 30 10:19:10 2014
# Generated by iptables-save v1.4.14 on Mon Jun 30 10:19:10 2014
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jun 30 10:19:10 2014

$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere all-systems.mcast.net
ACCEPT all -- 192.168.11.0/24 anywhere
ACCEPT all -- anywhere 192.168.11.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix "INPUT packet died: "

Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix "FORWARD packet died: "

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- localhost anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- debian7.local anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix "OUTPUT packet died: "

Chain bad_packets (2 references)
target prot opt source destination
LOG all -- 192.168.11.0/24 anywhere LOG level warning prefix "Illegal source: "
DROP all -- 192.168.11.0/24 anywhere
LOG all -- anywhere anywhere state INVALID LOG level warning prefix "Invalid packet: "
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcpflags:! FIN,SYN,RST,ACK/SYN state NEW LOG level warning prefix "New not syn: "
DROP tcp -- anywhere anywhere tcpflags:! FIN,SYN,RST,ACK/SYN state NEW
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning prefix "Stealth scan: "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LOG level warning prefix "Stealth scan: "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warning prefix "Stealth scan: "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG LOG level warning prefix "Stealth scan: "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG tcp -- anywhere anywhere tcpflags: SYN,RST/SYN,RST LOG level warning prefix "Stealth scan: "
DROP tcp -- anywhere anywhere tcpflags: SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN/FIN,SYN LOG level warning prefix "Stealth scan: "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN/FIN,SYN
RETURN tcp -- anywhere anywhere

Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f anywhere anywhere LOG level warning prefix "ICMP Fragment: "
DROP icmp -f anywhere anywhere
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere

Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere

Chain tcp_outbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere

Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
RETURN udp -- anywhere anywhere

Chain udp_outbound (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere

Puppy　では
ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:00:39:E3:38:99
inet addr:192.168.11.25 Bcast:192.168.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:61 errors:0 dropped:0 overruns:0 frame:0
TX packets:215 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9759 (9.5 KiB) TX bytes:24275 (23.7 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

/etc/resolv.conf
# Generated by dhcpcd for interface eth0
nameserver 192.168.1.1

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 eth0

本来は　puppyから
cat scp.bat
scp -r $1 tusi@192.168.11.1:/home/tusi
をつかいたいのですが、　deianではsshdが動いないので　puppyのpure-ftpd
でファイルのやりとりをしました。

そのため　twoftpd-run　をdebianにどうにゅうしました。
最初にインストールするとき
/var/ftp/

/nonexistent/
のフォルダがないと言われたのでそれをつくてから
インストールしたらいいです。
なお　再起動すると
ｄｈｃｐｄと　twoftpd-runははじめから動いてます。
だからfire-mori.bat だからだけをうごかしたらいいです。

iptables-persistent を使うのも手なんですけど。
http://d.hatena.ne.jp/mercysluck/20120211/p1　より
iptables-save > /etc/iptables/rules
service iptables-persistent start　　　　　　　　　<--- iptables-restore </etc/iptables/rules

普通の　Linux

2014年11月25日火曜日

debian 'nat box';morizot twoftpd-run scp

0 件のコメント:

コメントを投稿

自己紹介

過去の投稿

普通の Linux