Sophos-Konsole
Version vom 20. September 2016, 12:18 Uhr von Thomas (Diskussion | Beiträge) (→view automatic firewall rules)
ssh
- ssh loginuser@sophos30
loginuser@sophos30:/home/login >
root access
- su -
sophos30:/root #
cc
command-line client
ifstat
- ifstat
#kernel
Interface RX Pkts/Rate TX Pkts/Rate RX Data/Rate TX Data/Rate
RX Errs/Drop TX Errs/Drop RX Over/Rate TX Coll/Rate
lo 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
eth0 17 0 15 0 1218 0 2254 0
0 0 0 0 0 0 0 0
eth1 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
eth2 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
iftop
- iftop
iptables
view automatic firewall rules
- iptables -L AUTO_FORWARD
Chain AUTO_FORWARD (1 references) target prot opt source destination CONFIRMED all -- 192.168.3.0/24 10.2.2.0/24 policy match dir in pol ipsec mode tunnel CONFIRMED all -- 10.2.2.0/24 192.168.3.0/24 policy match dir out pol ipsec mode tunnel CONFIRMED all -- 192.168.77.0/24 10.2.2.0/24 policy match dir in pol ipsec mode tunnel CONFIRMED all -- 10.2.2.0/24 192.168.77.0/24 policy match dir out pol ipsec mode tunnel DROP icmp -- anywhere anywhere icmptype 8 code 0 policy match dir in pol none CONFIRMED icmp -- anywhere anywhere icmptype 8 code 0 DROP icmp -- anywhere anywhere icmptype 0 code 0 policy match dir in pol none CONFIRMED icmp -- anywhere anywhere icmptype 0 code 0
view own firewall rules
- iptables -L USR_FORWARD
Chain USR_FORWARD (1 references) target prot opt source destination CONFIRMED tcp -- 10.2.2.0/24 anywhere tcp spts:tcpmux:65535 multiport dports http,https CONFIRMED tcp -- 192.168.2.0/24 anywhere tcp spts:tcpmux:65535 dpt:domain CONFIRMED udp -- 192.168.2.0/24 anywhere udp spts:tcpmux:65535 dpt:domain CONFIRMED tcp -- 192.168.2.0/24 anywhere tcp spts:tcpmux:65535 dpt:net-assistant CONFIRMED udp -- 192.168.2.0/24 anywhere udp spts:tcpmux:65535 dpt:net-assistant CONFIRMED tcp -- 192.168.2.0/24 anywhere tcp spts:tcpmux:65535 multiport dports ms-wbt-server,5900,ms-wbt-server,5900,ssh,telnet,ica CONFIRMED tcp -- 192.168.2.0/24 anywhere tcp spts:tcpmux:65535 multiport dports smtps,imaps,imap,pop3,smtp,pop3s CONFIRMED udp -- 192.168.2.0/24 anywhere udp spts:tcpmux:65535 dpt:tftp CONFIRMED tcp -- 192.168.2.0/24 anywhere tcp spts:tcpmux:65535 dpt:ftp CONFIRMED tcp -- 192.168.2.0/24 anywhere tcp spts:tcpmux:65535 multiport dports http-alt,http,ndl-aas,https
ipsec
status
- ipsec status
000 "L_REF_IpsL2tForTic_0": 192.168.2.199[192.168.2.199]:17/1701...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "L_REF_IpsL2tForTic_0": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "L_REF_IpsL2tForTic_1": 192.168.2.199[192.168.2.199]:17/0...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "L_REF_IpsL2tForTic_1": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "S_REF_IpsSitSophosipfi_0": 10.2.2.0/24===192.168.2.199[192.168.2.199]...192.168.2.151[192.168.2.151]===192.168.77.0/24; unrouted; eroute owner: #0
000 "S_REF_IpsSitSophosipfi_0": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "S_REF_IpsSitVpnasasop_0": 10.2.2.0/24===192.168.2.199[192.168.2.199]...192.168.2.198[192.168.2.198]===192.168.3.0/24; erouted; eroute owner: #43
000 "S_REF_IpsSitVpnasasop_0": newest ISAKMP SA: #42; newest IPsec SA: #43;
000
000 #44: "S_REF_IpsSitSophosipfi_0" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 13s
000 #44: pending Phase 2 for "S_REF_IpsSitSophosipfi_0" replacing #0
000 #43: "S_REF_IpsSitVpnasasop_0" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1919s; newest IPSEC; eroute owner
000 #43: "S_REF_IpsSitVpnasasop_0" esp.4bfe2b0a@192.168.2.198 (0 bytes) esp.73ee7324@192.168.2.199 (0 bytes); tunnel
000 #42: "S_REF_IpsSitVpnasasop_0" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 6243s; newest ISAKMP
- ipsec status L_REF_IpsL2tForTic_0
000 "L_REF_IpsL2tForTic_0": 192.168.2.199[192.168.2.199]:17/1701...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "L_REF_IpsL2tForTic_0": newest ISAKMP SA: #0; newest IPsec SA: #0;