网络配置状态信息搜集
来自Jack's Lab
(版本间的差异)
(→Wireless) |
(→pdnsd) |
||
第88行: | 第88行: | ||
== pdnsd == | == pdnsd == | ||
+ | <source lang=bash> | ||
+ | root@XiaoQiang:/# cat /etc/pdnsd.conf | ||
+ | global { | ||
+ | daemon=on; | ||
+ | verbosity=3; | ||
+ | debug=off; | ||
+ | status_ctl=on; | ||
+ | randomize_recs=on; | ||
+ | perm_cache=40960; | ||
+ | cache_dir=/userdisk/pdnsd; | ||
+ | max_ttl=204800; | ||
+ | run_as=root; | ||
+ | paranoid=on; | ||
+ | server_port=54; | ||
+ | run_ipv4=on; | ||
+ | par_queries=2; | ||
+ | server_ip=lo; | ||
+ | query_method=tcp_udp; | ||
+ | timeout=6; | ||
+ | tcp_qtimeout=2; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | label="isp"; | ||
+ | file="/tmp/resolv.conf.auto"; | ||
+ | reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; | ||
+ | timeout=3; | ||
+ | interval=60; | ||
+ | uptest=query; | ||
+ | query_test_name="a.com"; | ||
+ | purge_cache=off; | ||
+ | caching=on; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | label="114"; | ||
+ | ip=114.114.114.114,114.114.115.115,114.114.114.119,114.114.115.119,114.114.114.110,114.114.115.110; | ||
+ | reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; | ||
+ | edns_query=on; | ||
+ | timeout=3; | ||
+ | interval=60; | ||
+ | uptest=query; | ||
+ | query_test_name="a.com"; | ||
+ | purge_cache=off; | ||
+ | caching=on; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | label="Google"; | ||
+ | ip=8.8.8.8,8.8.4.4; | ||
+ | reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; | ||
+ | edns_query=on; | ||
+ | timeout=3; | ||
+ | interval=60; | ||
+ | uptest=query; | ||
+ | query_test_name="a.com"; | ||
+ | purge_cache=off; | ||
+ | caching=on; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | label="OpenDNS"; | ||
+ | ip=208.67.222.222,208.67.220.220; | ||
+ | reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; | ||
+ | edns_query=on; | ||
+ | timeout=3; | ||
+ | interval=60; | ||
+ | uptest=query; | ||
+ | query_test_name="a.com"; | ||
+ | purge_cache=off; | ||
+ | caching=on; | ||
+ | } | ||
+ | |||
+ | source { | ||
+ | ttl=86400; | ||
+ | owner="localhost."; | ||
+ | serve_aliases=on; | ||
+ | file="/etc/hosts"; | ||
+ | } | ||
+ | </source> | ||
<br><br> | <br><br> |
2014年7月21日 (一) 15:08的版本
目录 |
1 Ethernet
2 Wireless
无线由 /etc/init.d/network 脚本的最后,调用 /sbin/wifi 启动 (他们都用到了这个脚本 /lib/network/config.sh)
配置文件在:
root@XiaoQiang:/# cat /etc/config/wireless config wifi-device 'wl0' option type 'broadcom' option channel '0' option txpwr 'mid' config wifi-iface option device 'wl0' option network 'lan' option mode 'ap' option ssid 'XMSB_5G' option encryption 'mixed-psk' option key 'qwer1234' config wifi-device 'wl1' option type 'broadcom' option channel '0' option txpwr 'mid' config wifi-iface option device 'wl1' option network 'lan' option mode 'ap' option ssid 'XMSB' option encryption 'mixed-psk' option key 'qwer1234'
3 dnsmasq
root@XiaoQiang:/# cat /var/etc/dnsmasq.conf # auto-generated config file from /etc/config/dhcp conf-dir=/etc/dnsmasq.d/ address=/workforme.stat.localdomain/127.0.0.1 dhcp-authoritative domain-needed filterwin2k clear-on-reload localise-queries read-ethers bogus-priv expand-hosts neg-ttl=10 max-ttl=10 cache-size=3000 dns-forward-max=1000 server=/lan/ dhcp-leasefile=/data/dhcp.leases local-ttl=0 addn-hosts=/tmp/hosts dhcp-range=lan,192.168.31.100,192.168.31.249,255.255.255.0,12h dhcp-option-force=lan,43,XIAOMI_ROUTER no-dhcp-interface=eth0.2 address=/XiaoQiang/192.168.31.1 ptr-record=1.31.168.192.in-addr.arpa,XiaoQiang resolv-file=/tmp/resolv.conf.dummy root@XiaoQiang:/# ps | grep dns 3643 nobody 1220 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf 5609 root 34028 S /usr/sbin/pdnsd --daemon -p /var/run/pdnsd.pid 24027 root 1476 S grep dns
4 pdnsd
root@XiaoQiang:/# cat /etc/pdnsd.conf global { daemon=on; verbosity=3; debug=off; status_ctl=on; randomize_recs=on; perm_cache=40960; cache_dir=/userdisk/pdnsd; max_ttl=204800; run_as=root; paranoid=on; server_port=54; run_ipv4=on; par_queries=2; server_ip=lo; query_method=tcp_udp; timeout=6; tcp_qtimeout=2; } server { label="isp"; file="/tmp/resolv.conf.auto"; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } server { label="114"; ip=114.114.114.114,114.114.115.115,114.114.114.119,114.114.115.119,114.114.114.110,114.114.115.110; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; edns_query=on; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } server { label="Google"; ip=8.8.8.8,8.8.4.4; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; edns_query=on; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } server { label="OpenDNS"; ip=208.67.222.222,208.67.220.220; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; edns_query=on; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } source { ttl=86400; owner="localhost."; serve_aliases=on; file="/etc/hosts"; }
5 iptables
配置文件在 /etc/config/firewall
root@XiaoQiang:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain MINIUPNPD (1 references) target prot opt source destination Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere reject all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_input all -- anywhere anywhere zone_wan_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all -- anywhere anywhere zone_wan_output all -- anywhere anywhere Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination macfilter_wan all -- anywhere anywhere Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination macfilter_admin tcp -- anywhere XiaoQiang multiport dports www,https,telnet,ssh Chain input_wan_rule (1 references) target prot opt source destination Chain macfilter_admin (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain macfilter_lan (0 references) target prot opt source destination Chain macfilter_wan (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain zone_lan_dest_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ zone_lan_src_REJECT all -- anywhere anywhere Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* user chain for input */ zone_lan_src_ACCEPT all -- anywhere anywhere Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* user chain for output */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_src_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination MINIUPNPD all -- anywhere anywhere forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT tcp -- anywhere anywhere tcp dpt:socks /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:4662 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2080 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2062 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT udp -- anywhere anywhere udp dpt:4661 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:3027 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:888 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:666 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2037 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2061 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2048 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2066 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_REJECT (2 references) target prot opt source destination reject all -- anywhere anywhere