如何選擇合適我的VPN或查看現在的VPN
我用的系統是centos 5.2 ,深圳、香港都有固定IP,應該方面主要是數據備份(深圳香港互相備份)、Miranda IM、VOIP這些,請問我該如何選擇VPN呢,我對linux還不是很熟悉,卻要接手這方面的工作,各位能給些建議嗎
或能不能告訴我如何查看現在使用的是何種VPN架構,現在是一老外架構好了
我的netstat -lntp 顯示如下:
# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 6424/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 6424/dovecot
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 2988/snmpd
tcp 0 0 127.0.0.1:2601 0.0.0.0:* LISTEN 2802/zebra
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6319/mysqld
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 192.168.xx.1:139 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 20665/X
tcp 0 0 127.0.0.1:2604 0.0.0.0:* LISTEN 2817/ospfd
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 6246/clamd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 6424/dovecot
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN 6548/asterisk
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 20665/X
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 6512/master
tcp 0 0 192.168.xx.21:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 192.168.xx.2:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 192.168.xx.2:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 58.2x1.xx.xx:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 192.168.xx.1:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3021/cupsd
tcp 0 0 58.2x1.xx.xx:3128 0.0.0.0:* LISTEN 6562/(squid)
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 6562/(squid)
tcp 0 0 192.168.xx.1:3128 0.0.0.0:* LISTEN 6562/(squid)
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 6406/postmaster
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6512/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2741/named
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3107/pptpd
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 192.168.xx.1:445 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 :::993 :::* LISTEN 6424/dovecot
tcp 0 0 :::995 :::* LISTEN 6424/dovecot
tcp 0 0 :::143 :::* LISTEN 6424/dovecot
tcp 0 0 :::6000 :::* LISTEN 20665/X
tcp 0 0 :::80 :::* LISTEN 3151/httpd
tcp 0 0 :::22 :::* LISTEN 30534/sshd
tcp 0 0 :::5432 :::* LISTEN 6406/postmaster
tcp 0 0 ::1:953 :::* LISTEN 2741/named
# netstat -antup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 6424/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 6424/dovecot
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 2988/snmpd
tcp 0 0 127.0.0.1:2601 0.0.0.0:* LISTEN 2802/zebra
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6319/mysqld
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 192.168.xx.1:139 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 20665/X
tcp 0 0 127.0.0.1:2604 0.0.0.0:* LISTEN 2817/ospfd
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 6246/clamd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 6424/dovecot
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN 6548/asterisk
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 20665/X
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 6512/master
tcp 0 0 192.168.xx.21:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 192.168.xx.2:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 192.168.xx.2:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 58.2x1.xx.xx:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 192.168.xx.1:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2741/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3021/cupsd
tcp 0 0 58.2x1.xx.xx:3128 0.0.0.0:* LISTEN 6562/(squid)
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 6562/(squid)
tcp 0 0 192.168.xx.1:3128 0.0.0.0:* LISTEN 6562/(squid)
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 6406/postmaster
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6512/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2741/named
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3107/pptpd
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 192.168.xx.1:445 0.0.0.0:* LISTEN 6592/smbd
tcp 0 0 58.2x1.xx.xx:3128 116.2x.xx.xx:51818 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:3128 116.2x.xx.xx:51819 TIME_WAIT -
tcp 0 0 58.2x1.xx.xx:3128 116.x.xx.xx:50287 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:3128 116.2x.xx.xx:51817 TIME_WAIT -
tcp 0 0 58.2x1.xx.xx:3128 116.2x.xx.xx:51820 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:3128 116.x.xx.xx:50280 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:3128 116.2x.xx.xx:51826 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:3128 116.x.xx.xx:50290 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:37296 207.4x.xx.1xx:1863 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:995 192.168.xx.215:2329 TIME_WAIT -
tcp 1 0 127.0.0.1:47739 127.0.0.1:5432 CLOSE_WAIT 6548/asterisk
tcp 0 0 58.2x1.xx.xx:41803 207.4x.xx.xx:1863 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:44559 207.4x.xx.xx:1863 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.2:35911 192.168.xx.6:3128 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.2:33481 192.168.xx.6:3128 TIME_WAIT -
tcp 0 0 192.168.xx.1:139 192.168.xx.205:1029 ESTABLISHED 19281/smbd
tcp 0 0 58.2x1.xx.xx:995 192.168.xx.209:1204 TIME_WAIT -
tcp 0 0 192.168.xx.1:445 192.168.xx.209:1029 ESTABLISHED 17124/smbd
tcp 0 1 192.168.xx.2:59208 192.168.xx.6:3128 SYN_SENT 6562/(squid)
tcp 0 0 192.168.xx.1:445 192.168.xx.203:1046 ESTABLISHED 19280/smbd
tcp 0 0 192.168.xx.1:445 192.168.xx.215:1033 ESTABLISHED 17177/smbd
tcp 0 0 192.168.xx.1:445 192.168.xx.211:3890 ESTABLISHED 16914/smbd
tcp 0 0 58.2x1.xx.xx:993 192.168.xx.203:1176 ESTABLISHED 30068/imap-login
tcp 0 0 58.2x1.xx.xx:993 192.168.xx.203:1174 ESTABLISHED 26900/imap-login
tcp 0 0 192.168.xx.2:49946 192.168.xx.6:3128 TIME_WAIT -
tcp 0 0 192.168.xx.2:49922 192.168.xx.6:3128 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.1:3128 192.168.xx.216:2258 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.1:3128 192.168.xx.216:2267 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:993 119.1xx.xx.2xx:1432 ESTABLISHED 14853/imap-login
tcp 0 0 192.168.xx.1:3128 192.168.xx.216:2276 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.1:3128 192.168.xx.216:2279 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.1:3128 192.168.xx.216:2229 TIME_WAIT -
tcp 0 0 58.2x1.xx.xx:1194 119.1xx.xx.2xx:53244 ESTABLISHED 2847/openvpn
tcp 0 0 58.2x1.xx.xx:993 119.1xx.xx.2xx:1542 ESTABLISHED 19379/imap-login
tcp 0 0 58.2x1.xx.xx:54113 207.4x.1xx.xx:1863 ESTABLISHED 6562/(squid)
tcp 0 0 58.2x1.xx.xx:995 192.168.xx.216:2278 TIME_WAIT -
tcp 0 0 192.168.xx.1:445 192.168.xx.208:1043 ESTABLISHED 19327/smbd
tcp 0 0 192.168.xx.1:3128 192.168.xx.216:1038 ESTABLISHED 6562/(squid)
tcp 0 0 192.168.xx.1:445 192.168.xx.216:1029 ESTABLISHED 16984/smbd
tcp 0 0 58.2x1.xx.xx:55298 64.x.xx.2x:1863 ESTABLISHED 6562/(squid)
tcp 0 0 :::993 :::* LISTEN 6424/dovecot
tcp 0 0 :::995 :::* LISTEN 6424/dovecot
tcp 0 0 :::143 :::* LISTEN 6424/dovecot
tcp 0 0 :::6000 :::* LISTEN 20665/X
tcp 0 0 :::80 :::* LISTEN 3151/httpd
tcp 0 0 :::22 :::* LISTEN 30534/sshd
tcp 0 0 :::5432 :::* LISTEN 6406/postmaster
tcp 0 0 ::1:953 :::* LISTEN 2741/named
tcp 0 10532 ::ffff:58.2x1.xx.xx:22 ::ffff:121.1x.1xx.xxx:43982 ESTABLISHED 8826/sshd: xxxxxxx
udp 0 0 0.0.0.0:514 0.0.0.0:* 2631/syslogd
udp 0 0 192.168.xx.1:137 0.0.0.0:* 6595/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 6595/nmbd
udp 0 0 192.168.xx.1:138 0.0.0.0:* 6595/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 6595/nmbd
udp 0 0 0.0.0.0:33815 0.0.0.0:* 6562/(squid)
udp 0 0 0.0.0.0:161 0.0.0.0:* 2988/snmpd
udp 0 0 0.0.0.0:2727 0.0.0.0:* 6548/asterisk
udp 0 0 0.0.0.0:4520 0.0.0.0:* 6548/asterisk
udp 0 0 192.168.xx.21:53 0.0.0.0:* 2741/named
udp 0 0 0.0.0.0:53 0.0.0.0:* 2741/named
udp 0 0 192.168.xx.2:53 0.0.0.0:* 2741/named
udp 0 0 192.168.xx.2:53 0.0.0.0:* 2741/named
udp 0 0 58.2x1.xx.xx:53 0.0.0.0:* 2741/named
udp 0 0 192.168.xx.1:53 0.0.0.0:* 2741/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2741/named
udp 0 0 0.0.0.0:3130 0.0.0.0:* 6562/(squid)
udp 0 0 0.0.0.0:67 0.0.0.0:* 8797/dhcpd
udp 0 0 0.0.0.0:5060 0.0.0.0:* 6548/asterisk
udp 0 0 0.0.0.0:69 0.0.0.0:* 3037/xinetd
udp 0 0 0.0.0.0:4569 0.0.0.0:* 6548/asterisk
udp 0 0 127.0.0.1:35811 127.0.0.1:35811 ESTABLISHED 6406/postmaster
udp 0 0 0.0.0.0:631 0.0.0.0:* 3021/cupsd
udp 0 0 192.168.xx.21:123 0.0.0.0:* 3059/ntpd
udp 0 0 192.168.xx.2:123 0.0.0.0:* 3059/ntpd
udp 0 0 192.168.xx.2:123 0.0.0.0:* 3059/ntpd
udp 0 0 58.2x1.xx.xx:123 0.0.0.0:* 3059/ntpd
udp 0 0 192.168.xx.1:123 0.0.0.0:* 3059/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 3059/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 3059/ntpd
udp 0 0 :::177 :::* 6647/kdm
udp 0 0 :::53 :::* 2741/named
udp 0 0 fe80::2e0:4xxf:fxxb:123 :::* 3059/ntpd
udp 0 0 fe80::2e0:4xxf:fxx0:698:123 :::* 3059/ntpd
udp 0 0 ::1:123 :::* 3059/ntpd
udp 0 0 :::123 :::* 3059/ntpd
[ 本帖最後由 xiaowushiyi 於 2009-7-8 10:01 編輯 ]
《解決方案》
目前的VPN是
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3107/pptpd
PPTP的vpn
建議參考一下路由規則或者是iptables的規則設置信息
《解決方案》
iptables -L 的結果如下
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
WAN-INPUT all -- anywhere anywhere
LAN-INPUT all -- anywhere anywhere
LAN-INPUT all -- anywhere anywhere
LAN-INPUT all -- anywhere anywhere
LAN-INPUT all -- anywhere anywhere
VPN-INPUT all -- anywhere anywhere
VPN-INPUT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `INPUT:'
DROP-ALL all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp any
WAN-FORWARD all -- anywhere anywhere
LAN-FORWARD all -- anywhere anywhere
LAN-FORWARD all -- anywhere anywhere
LAN-FORWARD all -- anywhere anywhere
LAN-FORWARD all -- anywhere anywhere
VPN-FORWARD all -- anywhere anywhere
VPN-FORWARD all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `FORWARD:'
DROP-ALL all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ACCEPT-ALL (46 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp
ACCEPT udp -- anywhere anywhere state NEW udp
ACCEPT all -- anywhere anywhere
Chain DROP-ALL (13 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain LAN-FORWARD (4 references)
target prot opt source destination
ACCEPT-ALL all -- 192.168.0.0/16 anywhere
LOG all -- anywhere anywhere LOG level warning prefix `LAN-FORWARD:'
ACCEPT-ALL all -- anywhere anywhere
Chain LAN-INPUT (4 references)
target prot opt source destination
ACCEPT-ALL all -- 192.168.0.0/16 anywhere
ACCEPT-ALL udp -- 0.0.0.0 255.255.255.255 udp spt:bootpc dpt:bootps
LOG all -- anywhere anywhere LOG level warning prefix `LAN-INPUT:'
DROP-ALL all -- anywhere anywhere
Chain QQ-SERVER (0 references)
target prot opt source destination
Chain REJECT-ALL (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain VPN-FORWARD (2 references)
target prot opt source destination
ACCEPT-ALL all -- 192.168.xx.0/24 192.168.xx.0/24
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:ncube-lm
LOG all -- anywhere anywhere LOG level warning prefix `VPN-FORWARD:'
DROP-ALL all -- anywhere anywhere
Chain VPN-INPUT (2 references)
target prot opt source destination
ACCEPT-ALL all -- 192.168.80.0/24 anywhere
LOG all -- anywhere anywhere LOG level warning prefix `VPN-INPUT:'
DROP-ALL all -- anywhere anywhere
Chain WAN-FORWARD (1 references)
target prot opt source destination
ACCEPT-ALL all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:5900
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:8010
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:ncube-lm
LOG all -- anywhere anywhere LOG level warning prefix `WAN-FORWARD:'
DROP-ALL all -- anywhere anywhere
Chain WAN-INPUT (1 references)
target prot opt source destination
DROP-ALL all -- anywhere ALL-SYSTEMS.MCAST.NET
DROP-ALL udp -- anywhere 255.255.255.255
DROP-ALL tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
DROP-ALL tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP-ALL udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP-ALL udp -- anywhere anywhere udp dpt:microsoft-ds
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT-ALL udp -- anywhere anywhere udp dpt:openvpn
ACCEPT-ALL all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:iax
ACCEPT-ALL udp -- anywhere anywhere udp dpt:iax
ACCEPT-ALL udp -- anywhere anywhere udp dpt:l2tp
ACCEPT-ALL sctp -- anywhere anywhere
ACCEPT-ALL gre -- anywhere anywhere
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:smtps
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT-ALL udp -- anywhere anywhere udp dpt:ntp
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:http
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:https
WAN-INPUT-TRUSTED udp -- anywhere anywhere udp dpt:snmp
WAN-INPUT-TRUSTED tcp -- anywhere anywhere tcp dpts:5900:5902
WAN-INPUT-TRUSTED tcp -- anywhere anywhere tcp dpts:nuxsl:cvsup
tcp -- anywhere anywhere tcp dpts:5900:5902 state NEW recent: SET name: vnc1 side: source
ACCEPT-ALL tcp -- anywhere anywhere tcp dpts:5900:5902 state NEW !recent: CHECK seconds: 120 hit_count: 15 name: vnc1 side: source
tcp -- anywhere anywhere tcp dpts:5980:cvsup state NEW recent: SET name: vnc2 side: source
ACCEPT-ALL tcp -- anywhere anywhere tcp dpts:5980:cvsup state NEW !recent: CHECK seconds: 120 hit_count: 15 name: vnc2 side: source
WAN-INPUT-TRUSTED tcp -- anywhere anywhere tcp dpt:ssh
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: ssh side: source
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:ssh state NEW !recent: CHECK seconds: 60 hit_count: 3 name: ssh side: source
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:postgres
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT-ALL udp -- anywhere anywhere udp dpts:ndmp:65535
ACCEPT-ALL udp -- anywhere anywhere udp dpt:domain
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:domain
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:websm
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:etlservicemgr
ACCEPT-ALL tcp -- anywhere anywhere tcp dpts:8070:8079
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:sip
ACCEPT-ALL udp -- anywhere anywhere udp dpt:sip
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:squid
ACCEPT-ALL tcp -- anywhere anywhere tcp dpt:pptp
ACCEPT-ALL tcp -- anywhere anywhere tcp dpts:30000:65530
ACCEPT-ALL udp -- anywhere anywhere udp dpts:30000:65530
LOG all -- anywhere anywhere LOG level warning prefix `WAN-INPUT:'
DROP-ALL all -- anywhere anywhere
《解決方案》
規則還不少呢,呵呵
《解決方案》
好像還有 openvpn的應用
tcp 0 0 58.2x1.xx.xx:1194 119.1xx.xx.2xx:53244 ESTABLISHED 2847/openvpn
這台伺服器跑的應用還挺多的,樓主可要看好了 啊
《解決方案》
應該是挺多的,有voip vpn maranda IM DC samba ,所以鬱悶呢,我對此不是很熟悉,頭大了
