Asi jsem se v ned\u00c4\u009bli nezm\u0102\u00adnil, \u0139\u017ee FoTom\u0139\u017bv server (tedy po\u00c4\u008d\u0102\u00adta\u00c4\u008d, kter\u0102\u02dd pou\u0139\u017e\u0102\u00advaj\u0102\u00ad pro sambu s u\u0139\u017eivateli na t\u0102\u0160 s\u0102\u00adti) si n\u00c4\u009bjak neopingnul nic v czfree i kdy\u0139\u017e routu m\u00c4\u009bl nastavenou korektn\u00c4\u009b. P\u0139\u0099esn\u00c4\u009bji \u0139\u0099e\u00c4\u008deno to hl\u0102\u0104silo tohle:<\/p>\n
# ping 10.27.0.8
\nping: sendmsg: Operation not permitted
\nping: sendmsg: Operation not permitted
\nping: sendmsg: Operation not permitted
\n…<\/p>\n
Funk\u00c4\u008dnost nastaven\u0102\u00ad na hrani\u00c4\u008dn\u0102\u00adm routeru do czfree (tedy tom slacku) jsem si ov\u00c4\u009b\u0139\u0099il tak, \u0139\u017ee jsem je\u0139\u0104t\u00c4\u009b u n\u00c4\u009bj doma nastavil v jeho windows xp routu p\u0139\u0099\u0102\u00admo na ten slack a to pak fungovalo.<\/p>\n
Tedy bylo jasn\u0102\u0160, \u0139\u017ee probl\u0102\u0160m byl n\u00c4\u009bkde v tom serveru. T\u0102\u00adpnu jsem to na firewall a prav\u00c4\u009b jsem p\u0139\u0099i\u0139\u0104el na to, \u0139\u017ee m\u0102\u0104m pravdu. Dnes jsem o tom docela dost uva\u0139\u017eoval a dokonce jsem na cvi\u00c4\u008den\u0102\u00ad z p\u0139\u0099edm\u00c4\u009btu Unix (kter\u0102\u02dd mne mimochodem bude docela dost bavit \ud83d\ude09 byl celou dobu na jednom termin\u0102\u0104lu p\u0139\u0099ipojen\u0102\u02dd k n\u00c4\u009bmu na serveru (ono to bylo hezk\u0102\u02dd kole\u00c4\u008dko jak jsem se k n\u00c4\u009bmu p\u0139\u0099ipojoval – nejd\u0139\u0099\u0102\u00adv ke mn\u00c4\u009b na server, potom p\u0139\u0099es wifi k n\u00c4\u009bmu na slacka a pak teprve k n\u00c4\u009bmu na router – zm\u0102\u00adnil jsem se u\u0139\u017e \u0139\u017ee m\u0102\u0104 ten firewall tak paranoidn\u00c4\u009b nakonfigurovan\u0102\u02dd, \u0139\u017ee i to ssh, co\u0139\u017e je jedin\u0102\u02dd port otev\u0139\u0099en\u0102\u02dd sm\u00c4\u009brem ven m\u0102\u0104 omezen\u0102\u02dd jen z n\u00c4\u009bkolika m\u0102\u0104lo IP?).<\/p>\n
Jak u\u0139\u017e jsem ale poznamenal v\u0102\u02dd\u0139\u0104e, p\u0139\u0099i\u0139\u0104el jsem na to a\u0139\u017e p\u0139\u0099ed chv\u0102\u00adl\u0102\u00ad. U\u0139\u017e jsem vypnul dokonce po\u00c4\u008d\u0102\u00adta\u00c4\u008d, \u0139\u017ee p\u0139\u017bjdu sp\u0102\u0104t, ale ve van\u00c4\u009b mne napadlo pou\u0139\u017e\u0102\u00adt v\u0139\u0104emocn\u0102\u02dd google a taky, \u0139\u017ee jsem d\u0139\u017bvod t\u0102\u0160 divn\u0102\u0160 hl\u0102\u0104\u0139\u0104ky<\/a> nakonec na\u0139\u0104el. Pod\u0102\u00adval jsem se tedy do jeho output chainu a hned jsem poznal, pro\u00c4\u008d mi nefungovalo, kdy\u0139\u017e jsem dal default politiku na v\u0139\u0104echno ACCEPT. Ono se toti\u0139\u017e na konci v\u0139\u0104echno pos\u0102\u00adl\u0102\u0104 do logdrop user chainu. Zap\u0102\u0104tral jsem je\u0139\u0104t\u00c4\u009b tro\u0139\u0104ku a po chvilce jsem na\u0139\u0104el p\u0139\u0099\u0102\u00adsp\u00c4\u009bvek v diskusi pod \u00c4\u008dl\u0102\u0104nkem na rootu, kde n\u00c4\u009bkdo popsal p\u0139\u0099esn\u00c4\u009b to co jsem pot\u0139\u0099eboval: p\u0139\u0099id\u0102\u0104n\u0102\u00ad pravidla do u\u0139\u017e rozjet\u0102\u0160ho firewallu<\/a> n\u00c4\u009bkam doprost\u0139\u0099ed tabulky. V\u0102\u02ddsledn\u0102\u0160 p\u0139\u0099\u0102\u00adkazy pak vypadaly takhle:<\/p>\n iptables -I OUTPUT 4 -o eth0 -d 10.0.0.0\/8 -j ACCEPT Asi jsem se v ned\u00c4\u009bli nezm\u0102\u00adnil, \u0139\u017ee FoTom\u0139\u017bv server (tedy po\u00c4\u008d\u0102\u00adta\u00c4\u008d, kter\u0102\u02dd pou\u0139\u017e\u0102\u00advaj\u0102\u00ad pro sambu s u\u0139\u017eivateli na t\u0102\u0160 s\u0102\u00adti) si n\u00c4\u009bjak neopingnul nic v czfree i kdy\u0139\u017e routu m\u00c4\u009bl nastavenou korektn\u00c4\u009b. P\u0139\u0099esn\u00c4\u009bji \u0139\u0099e\u00c4\u008deno to hl\u0102\u0104silo tohle: # ping 10.27.0.8 ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[],"class_list":["post-82","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/nax.cz\/index.php?rest_route=\/wp\/v2\/posts\/82","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nax.cz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nax.cz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nax.cz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nax.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=82"}],"version-history":[{"count":0,"href":"https:\/\/nax.cz\/index.php?rest_route=\/wp\/v2\/posts\/82\/revisions"}],"wp:attachment":[{"href":"https:\/\/nax.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=82"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nax.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=82"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nax.cz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=82"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\niptables -I INPUT 2 -i eth0 -s 10.0.0.0\/8 -j ACCEPT
\niptables -I FORWARD 2 -i eth0 -o eth0 -d 10.0.0.0\/8 -j ACCEPT<\/p>\n","protected":false},"excerpt":{"rendered":"