|
|
发表于 2004-12-29 21:39:58
|
显示全部楼层
QUOTE (lzbnet @ Dec 28 2004, 11:01 PM)
楼上的带了多少用户?是否加载了带宽分配和复杂的防火墙规则?
请看
QUOTE
ip firewall rule input> printFlags: X - disabled, I - invalid, D - dynamic 0 ;;; Drop telnet or ssh from public in-interface=PublicNIC dst-address=:22-23 protocol=tcp action=drop log=yes 1 ;;; drop SNMP Trap(TCP) in-interface=PublicNIC dst-address=:161-162 protocol=tcp action=drop log=yes 2 ;;; drop SNMP Trap(UDP) in-interface=PublicNIC dst-address=:161-162 protocol=udp action=drop log=yes 3 ;;; Reject proxy connections dst-address=:8080 protocol=tcp action=reject log=yes 4 ;;; Allow established TCP connections protocol=tcp connection-state=established action=accept 5 ;;; Related connections connection-state=related action=accept 6 ;;; Drop Blaster Worm. dst-address=:135-139 protocol=tcp action=drop log=yes 7 ;;; Drop Blaster Worm dst-address=:445 protocol=tcp action=drop 8 ;;; Drop Messenger Worm dst-address=:135-139 protocol=udp action=drop log=yes 9 ;;; Drop DNS Query from WAN in-interface=PublicNIC dst-address=:53 protocol=udp action=drop log=yes 10 ;;; Allow UDP connections protocol=udp action=accept 11 ;;; Allow limited pings protocol=icmp limit-count=100 limit-burst=2 limit-time=5s action=accept 12 ;;; Drop excess pings protocol=icmp action=drop 13 ;;; Allow access from 'trusted' network 192.168.1.0/24 src-address=192.168.1.0/24 action=accept 14 ;;; Reject and log everything else action=reject log=yes
QUOTE
ip firewall rule forward> printFlags: X - disabled, I - invalid, D - dynamic 0 ;;; drop p2p track 6969 in-interface=LocalNIC dst-address=:6969 out-interface=PublicNIC protocol=tcp action=drop 1 ;;; drop p2p track 8080 in-interface=LocalNIC dst-address=:8080 out-interface=PublicNIC protocol=tcp action=drop 2 ;;; drop all p2p application packets p2p=all-p2p action=drop 3 ;;; drop p2p tcp port range: 16881-16889 in-interface=LocalNIC dst-address=:16881-16889 out-interface=PublicNIC protocol=tcp action=drop 4 ;;; drop blaster worm dst-address=:135-139 protocol=tcp action=drop log=yes 5 ;;; drop messenger worm dst-address=:135-139 protocol=udp action=drop log=yes 6 in-interface=LocalNIC dst-address=61.135.128.208/30 out-interface=PublicNIC protocol=tcp action=accept 7 in-interface=LocalNIC dst-address=61.135.128.212/30 out-interface=PublicNIC protocol=tcp action=accept 8 in-interface=LocalNIC dst-address=202.165.102.113/32 out-interface=PublicNIC protocol=tcp action=accept 9 in-interface=LocalNIC dst-address=202.165.102.114/32 out-interface=PublicNIC protocol=tcp action=accept 10 in-interface=LocalNIC dst-address=202.165.102.136/29 out-interface=PublicNIC protocol=tcp action=accept 11 ;;; Block 3721 in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=3721 action=drop log=yes 12 ;;; Block 3721-CnsMinH.cab in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=CnsMinH.cab action=drop log=yes 13 ;;; Block 3721 IP in-interface=LocalNIC dst-address=61.135.128.208/29 out-interface=PublicNIC protocol=tcp action=drop 14 in-interface=LocalNIC dst-address=202.165.102.127/32 out-interface=PublicNIC protocol=tcp action=drop 15 in-interface=LocalNIC dst-address=202.165.102.128/32 out-interface=PublicNIC protocol=tcp action=drop 16 in-interface=LocalNIC dst-address=202.165.102.112/28 out-interface=PublicNIC protocol=tcp action=drop 17 in-interface=LocalNIC dst-address=202.165.102.128/28 out-interface=PublicNIC protocol=tcp action=drop 18 in-interface=LocalNIC dst-address=202.43.217.32/32 out-interface=PublicNI> protocol=tcp action=drop 19 in-interface=LocalNIC dst-address=202.43.217.33/32 out-interface=PublicNI> protocol=tcp action=drop 20 in-interface=LocalNIC dst-address=202.43.217.107/32 out-interface=PublicNIC protocol=tcp action=drop 21 in-interface=LocalNIC dst-address=202.43.217.108/32 out-interface=PublicNIC protocol=tcp action=drop 22 in-interface=LocalNIC dst-address=202.43.217.115/32 out-interface=PublicNIC protocol=tcp action=drop 23 in-interface=LocalNIC dst-address=202.43.217.116/32 out-interface=PublicNIC protocol=tcp action=drop 24 ;;; Block POPUP window of taobao1 (this URL is www.unionsky.cn) in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=unionsky.cn action=drop log=yes 25 ;;; Block POPUP window of taobao1 (this IP is 218.108.245.135) in-interface=LocalNIC dst-address=218.108.245.135/32 out-interface=PublicNIC protocol=tcp action=drop 26 ;;; Block POPUP window of taobao2 (this URL is www.allyes.com) in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=allyes.com action=drop log=yes 27 ;;; Block POPUP window of taobao2 (this ip is 210.52.214.204) in-interface=LocalNIC dst-address=210.52.214.204/32 out-interface=PublicNIC protocol=tcp action=drop 28 ;;; Block hotbar.com (this URL is hotbar.com) in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=hotbar action=drop log=yes 29 ;;; Block hotbar.com (this ip is 165.254.12.100) in-interface=LocalNIC dst-address=165.254.12.100/32 out-interface=PublicNIC protocol=tcp action=drop 30 ;;; Drop fere2.com in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=fere2.com action=drop log=yes 31 ;;; Drop joyrain.com in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=joyrain.com action=drop log=yes 32 ;;; Drop 3322.org in-interface=LocalNIC out-interface=PublicNIC content=3322.org action=drop 33 ;;; Block netpassword.net in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=netpassword.net action=drop log=yes 34 ;;; Drop MMS online video in-interface=LocalNIC dst-address=:1755 out-interface=PublicNIC protocol=tcp action=drop 35 ;;; Block sina-nmGamex.cab in-interface=LocalNIC out-interface=PublicNIC protocol=tcp content=nmGamex.cab action=drop log=yes
QUOTE
ip firewall mangle> printFlags: X - disabled, I - invalid, D - dynamic 0 ;;; Mark p2p connections (192.168.1.0/24) src-address=192.168.1.0/24 in-interface=LocalNIC p2p=all-p2p action=passthrough mark-connection=p2p_con 1 ;;; Mark p2p Flow connection=p2p_con action=accept mark-flow=p2p_limit
QUOTE
queue tree> printFlags: X - disabled, I - invalid, D - dynamic 0 name="p2p_down_limit" parent=LocalNIC flow=p2p_limit limit-at=0 queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0 1 name="p2p_up_limit" parent=PublicNIC flow=p2p_limit limit-at=0 queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
QUOTE
queue simple> printFlags: X - disabled, I - invalid, D - dynamic 0 name="From Asante 256/128 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.13/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/131072 1 name=".155 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.155/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536 2 name=".154 384/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.154/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=393216/65536 3 name=".153 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.153/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536 4 name=".152 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.152/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536 5 name=".151 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.151/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536 ...... 30 name=".185 256/64 kbps" target-address=0.0.0.0/0 dst-address=192.168.1.185/32 interface=PublicNIC queue=default priority=8 limit-at=0/0 max-limit=262144/65536
30个客户端,内网服务器3台,分别提供内外网email, web, sql服务 |
|
楼主: yftg
|Archiver|手机版|小黑屋|软路由
( 渝ICP备15001194号-1|
渝公网安备 50011602500124号 )
IP卡
狗仔卡
显身卡
