V pravidlach je povolena aj mac adresa servera, na ktorom bezi cacti. Cacti je nastaveny a funguje perfektne, ale len vtedy ak je vypnute posledne pravidlo 39 a to pravidlo hovori, ze vsetko co nieje povolene pred nim, tak zahod. To znamena ak ho vypnem, tak firewall nema vyznam ak ho zapnem, tak cacti vypisuje chybu SNMP. Vedel by mi niekto poradit co mam vo firewalle nastavit, aby mi fungoval aj cacti ?
vopred vdaka
Kód: Vybrat vše
0 ;;; Drop INVALID connection
chain=input action=drop connection-state=invalid
1 chain=forward action=drop connection-state=invalid
2 ;;; Allow ESTABILISHED and RELATED connection
chain=forward action=accept connection-state=established
3 chain=input action=accept connection-state=established
4 chain=forward action=accept connection-state=related
5 chain=input action=accept connection-state=related
6 ;;; Allow DNS requests
chain=input action=accept protocol=udp in-interface=!pppoe-out1
dst-port=53
7 chain=input action=accept protocol=tcp in-interface=!pppoe-out1
dst-port=53
8 ;;; Allow ping
chain=input action=accept protocol=icmp icmp-options=8:0-255
9 ;;; Allow REMOTE ADMINISTRATION from trusted networks
chain=input action=accept protocol=tcp in-interface=pppoe-out1
dst-port=8291
10 X chain=input action=accept protocol=tcp src-address=89.xx.xx.xx
dst-port=8291
11 chain=input action=accept protocol=tcp in-interface=!pppoe-out1
dst-port=80
12 X chain=input action=accept protocol=tcp src-address=89.xx.xx.xx
dst-port=80
13 ;;; jany
chain=forward action=accept out-interface=pppoe-out1
src-mac-address=00:E0:4C:47:A3:EE
14 ;;; jany novy pc
chain=forward action=accept out-interface=pppoe-out1
src-mac-address=00:24:1D:8D:23:0D
..atd az po pravidlo 37 to su MAC adresy klientov
..
..
..
38 ;;; DRP everithing else
chain=forward action=drop out-interface=pppoe-out1
39 chain=input action=drop
