网络配置状态信息搜集
来自Jack's Lab
目录 |
1 Ethernet
2 Wireless
无线由 /etc/init.d/network 脚本的最后,调用 /sbin/wifi 启动 (他们都用到了这个脚本 /lib/network/config.sh)
配置文件在:
root@XiaoQiang:/# cat /etc/config/wireless
config wifi-device 'wl0'
option type 'broadcom'
option channel '0'
option txpwr 'mid'
config wifi-iface
option device 'wl0'
option network 'lan'
option mode 'ap'
option ssid 'XMSB_5G'
option encryption 'mixed-psk'
option key 'qwer1234'
config wifi-device 'wl1'
option type 'broadcom'
option channel '0'
option txpwr 'mid'
config wifi-iface
option device 'wl1'
option network 'lan'
option mode 'ap'
option ssid 'XMSB'
option encryption 'mixed-psk'
option key 'qwer1234'
3 dnsmasq
root@XiaoQiang:/# cat /var/etc/dnsmasq.conf # auto-generated config file from /etc/config/dhcp conf-dir=/etc/dnsmasq.d/ address=/workforme.stat.localdomain/127.0.0.1 dhcp-authoritative domain-needed filterwin2k clear-on-reload localise-queries read-ethers bogus-priv expand-hosts neg-ttl=10 max-ttl=10 cache-size=3000 dns-forward-max=1000 server=/lan/ dhcp-leasefile=/data/dhcp.leases local-ttl=0 addn-hosts=/tmp/hosts dhcp-range=lan,192.168.31.100,192.168.31.249,255.255.255.0,12h dhcp-option-force=lan,43,XIAOMI_ROUTER no-dhcp-interface=eth0.2 address=/XiaoQiang/192.168.31.1 ptr-record=1.31.168.192.in-addr.arpa,XiaoQiang resolv-file=/tmp/resolv.conf.dummy root@XiaoQiang:/# ps | grep dns 3643 nobody 1220 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf 5609 root 34028 S /usr/sbin/pdnsd --daemon -p /var/run/pdnsd.pid 24027 root 1476 S grep dns
4 pdnsd
root@XiaoQiang:/# cat /etc/pdnsd.conf
global {
daemon=on;
verbosity=3;
debug=off;
status_ctl=on;
randomize_recs=on;
perm_cache=40960;
cache_dir=/userdisk/pdnsd;
max_ttl=204800;
run_as=root;
paranoid=on;
server_port=54;
run_ipv4=on;
par_queries=2;
server_ip=lo;
query_method=tcp_udp;
timeout=6;
tcp_qtimeout=2;
}
server {
label="isp";
file="/tmp/resolv.conf.auto";
reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ;
timeout=3;
interval=60;
uptest=query;
query_test_name="a.com";
purge_cache=off;
caching=on;
}
server {
label="114";
ip=114.114.114.114,114.114.115.115,114.114.114.119,114.114.115.119,114.114.114.110,114.114.115.110;
reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ;
edns_query=on;
timeout=3;
interval=60;
uptest=query;
query_test_name="a.com";
purge_cache=off;
caching=on;
}
server {
label="Google";
ip=8.8.8.8,8.8.4.4;
reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ;
edns_query=on;
timeout=3;
interval=60;
uptest=query;
query_test_name="a.com";
purge_cache=off;
caching=on;
}
server {
label="OpenDNS";
ip=208.67.222.222,208.67.220.220;
reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ;
edns_query=on;
timeout=3;
interval=60;
uptest=query;
query_test_name="a.com";
purge_cache=off;
caching=on;
}
source {
ttl=86400;
owner="localhost.";
serve_aliases=on;
file="/etc/hosts";
}
5 iptables
配置文件在 /etc/config/firewall
root@XiaoQiang:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain MINIUPNPD (1 references) target prot opt source destination Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere reject all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_input all -- anywhere anywhere zone_wan_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all -- anywhere anywhere zone_wan_output all -- anywhere anywhere Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination macfilter_wan all -- anywhere anywhere Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination macfilter_admin tcp -- anywhere XiaoQiang multiport dports www,https,telnet,ssh Chain input_wan_rule (1 references) target prot opt source destination Chain macfilter_admin (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain macfilter_lan (0 references) target prot opt source destination Chain macfilter_wan (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain zone_lan_dest_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ zone_lan_src_REJECT all -- anywhere anywhere Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* user chain for input */ zone_lan_src_ACCEPT all -- anywhere anywhere Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* user chain for output */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_src_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination MINIUPNPD all -- anywhere anywhere forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT tcp -- anywhere anywhere tcp dpt:socks /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:4662 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2080 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2062 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT udp -- anywhere anywhere udp dpt:4661 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:3027 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:888 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:666 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2037 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2061 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2048 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2066 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_REJECT (2 references) target prot opt source destination reject all -- anywhere anywhere
