[ubuntu-jp:2121] Re: ubuntu Server pingとsshの質問です。
Nobuyuki Inaba
nobuyuki.inaba @ gmail.com
2009年 10月 9日 (金) 01:23:21 BST
いなばです。
/etc/network/interfacesの内容は以下のようになってます。
-----------------------------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address aaa.bbb.ccc.198
netmask 255.255.255.248
network aaa.bbb.ccc.192
broadcast aaa.bbb.ccc.199
gateway aaa.bbb.ccc.194
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers abc.def.hij.klm
aaa.bbb.ccc. は実際の数字を変更してます
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
sudo iptables -L を実行しますと
Chain INPUT (policy ACCEPT)
target prot opt source destination
と表示されます。
「外部」というのは http://www.atmarkit.co.jp/aig/02security/dmz.html
で言うところの,内部ネットワークのことですよね?
はいそうです。説明不足ですみません。
/etc/hosts.allowは
sendmail: all
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
/etc/hosts.deny は
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
となっています。
ubuntu-jp メーリングリストの案内