Generalitati::.
Generalitati::. - 2010 - .::Downloads
|
Lista Forumurilor Pe Tematici
|
Generalitati::. | Inregistrare | Login
POZE GENERALITATI::.
Nu sunteti logat.
|
Nou pe simpatie:
runnyroxy
 | Femeie
25 ani
Suceava
cauta Barbat
26 - 57 ani |
|
ronaldinho10
Moderator
 Inregistrat: acum 17 ani
Postari: 10028
|
|
#!/bin/bash
# script de routare
# sterge tot
iptables -F
iptables -F -t nat
iptables -F -t mangle
echo "0" > /proc/sys/net/ipv4/ip_forward
# activeaza tot
modprobe ip_nat_irc
modprobe ip_nat_ftp
# activeaza ip forward intre placile de retea
echo "1" > /proc/sys/net/ipv4/ip_forward
# squid redirect
# iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 80 -j REDIRECT --to 172.21.0.1:8080
#dnat catre ip real
iptables -t nat -A PREROUTING -i eth0 -d xx.xx.xx.xx -p tcp -j DNAT --to 192.168.2.30
# mapeaza ip-uri de retea locala catre ip-ul routerului
iptables -A POSTROUTING -t nat -o eth0 -s 192.168.2.1/24 -j SNAT --to-source xx.xx.xx.xx
# crestem putin TTL-ul
iptables -t mangle -A POSTROUTING -j TTL --ttl-inc 1
# accepta IP-ul primar, de pe placa eth0
iptables -A POSTROUTING -t nat -s xx.xx.xx.xx -j ACCEPT
# accepta IP-ul secundar, de pe placa eth2
iptables -A POSTROUTING -t nat -s 192.168.2.1 -j ACCEPT
# accepta IP-ul secundar, de pe placa eth3
iptables -A POSTROUTING -t nat -s 192.168.3.1 -j ACCEPT
# Accepta loopback-ul
iptables -A POSTROUTING -t nat -s 127.0.0.1 -j ACCEPT
# accepta serverele de NS
iptables -A POSTROUTING -t nat -s xx.xx.xx.xx -j ACCEPT
iptables -A POSTROUTING -t nat -s xx.xx.xx.xx -j ACCEPT
iptables -A POSTROUTING -t nat -s xx.xx.xx.xx -j ACCEPT
iptables -A POSTROUTING -t nat -s xx.xx.xx.xx -j ACCEPT
iptables -A POSTROUTING -t nat -s xx.xx.xx.xx -j ACCEPT
# Accepta IP-urile din reteaua locala
iptables -A POSTROUTING -t nat -s 192.168.2.1/24 -j ACCEPT
iptables -A POSTROUTING -t nat -s 192.168.3.1/24 -j ACCEPT
# Blocheaza orice altceva
iptables -A POSTROUTING -t nat -o eth0 -j DROP
# reguli firewall
# inchidem mysql pentru exterior
iptables -A INPUT -i eth0 -p udp --dport 3306 -j REJECT --reject-with icmp-admin-prohibited
iptables -A INPUT -i eth0 -p tcp --dport 3306 -j REJECT --reject-with icmp-admin-prohibited
# reguli ssh
iptables -A INPUT -p tcp -s xx.xx.xx.xx/32 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.1/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.3.1/24 --dport 22 -j ACCEPT
#vsftpd
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
# accepta ce e ok, restu drop
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state INVALID -j DROP
# reguli de forward pe mac address
# forward per mac
iptables -A FORWARD -s 10.24.0.11 -m mac --mac-source 00:0A:E6:59:A6:B7 -j ACCEPT
iptables -A FORWARD -d 10.24.0.11 -j ACCEPT
# blocheaza restul forward-ului
iptables -P FORWARD DROP
_______________________________________
Adevărata măsură a vieţii unui om nu se poate obţine decāt prin lipsa de măsură, dorind fără măsură, īndrăznind fără măsură, iubind fără măsură. ( Octavian Paler )
|
|
| pus acum 17 ani |
|