Sign In
Create Account
Back to top |
Chirurgia cranio-cerebrală minim invazivă
Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne. Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale. www.neurohope.ro |
Firewall
Last Updated: Nov 01 2006 23:28, Started by
catalaur
, Nov 01 2006 21:27
·
0
0
#1
Posted 01 November 2006 - 21:27
|
Se da sistemul de operare Linux Gentoo si urmatorul firewall:
#!/bin/bash iptables -X iptables -F iptables -t nat -F iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #NEW IPS ifconfig eth0:1 inet xx netmask 255.255.255.128 up #Allow establised connections and progs that use loop-back iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT iptables -A INPUT -i lo -j ACCEPT # OPENING PORTS iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -s xx/32 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p udp --dport 161 -j ACCEPT iptables -A INPUT -p tcp --dport 3128 -j ACCEPT iptables -A INPUT -p udp --dport 3128 -j ACCEPT iptables -A INPUT -p udp --dport 1200 -j ACCEPT iptables -A INPUT -p udp --dport 27000:27015 -j ACCEPT iptables -A INPUT -p tcp --dport 27020:27039 -j ACCEPT iptables -A INPUT -p udp --dport 27015 -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -j ACCEPT iptables -A INPUT -p tcp --dport 91 -s 10.0.0.2/32 -j ACCEPT ####### FTP ACCESS iptables -A INPUT -s 10.0.0.2 -j ACCEPT iptables -A INPUT -s xx-j ACCEPT # ICMP REPLY iptables -A INPUT -p icmp -i eth0 -j ACCEPT iptables -A INPUT -p icmp -i eth1 -j ACCEPT # ROUTING/SNAT echo 1 > /proc/sys/net/ipv4/ip_forward #iptables -t nat -A PREROUTING -s 10.0.2/32 -p tcp -j DNAT --to-destination 10.0.0.1:80 #iptables -A POSTROUTING -t nat -s 10.0.0.2/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.3/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.4/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.6/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.7/32 -j SNAT --to xx #iptables -A POSTROUTING -t nat -s 10.0.0.8/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.18/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.10/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.222/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.33/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.223/32 -j SNAT --to xx iptables -A POSTROUTING -t nat -s 10.0.0.16/32 -j SNAT --xx iptables -A POSTROUTING -t nat -s 10.0.0.2 -j SNAT --to-source xx iptables -A PREROUTING -t nat -d xx -j DNAT --to-destination 10.0.0.2 # ROUTING/NAT iptables -A FORWARD -s 10.0.0.2/32 -j ACCEPT iptables -A FORWARD -d 10.0.0.2/32 -j ACCEPT #ANDREI iptables -A FORWARD -s 10.0.0.8/32 -j ACCEPT iptables -A FORWARD -d 10.0.0.8/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.3/32 -m mac --mac-source 00:0E:A6:C6:2A:9F -j ACCEPT iptables -A FORWARD -d 10.0.0.3/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.4/32 -j ACCEPT iptables -A FORWARD -d 10.0.0.4/32 -j ACCEPT #iptables -A FORWARD -s 10.0.0.16/32 -j ACCEPT #iptables -A FORWARD -d 10.0.0.16/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.6/32 -m mac --mac-source xx-j ACCEPT iptables -A FORWARD -d 10.0.0.6/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.7/32 -m mac --mac-source xx-j ACCEPT iptables -A FORWARD -d 10.0.0.7/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.18/32 -j ACCEPT iptables -A FORWARD -d 10.0.0.18/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.222/32 -j ACCEPT iptables -A FORWARD -d 10.0.0.222/32 -j ACCEPT #iptables -A FORWARD -s 10.0.0.18/32 -m mac --mac-source xx -j ACCEPT #iptables -A FORWARD -d 10.0.0.18/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.10/32 -m mac --mac-source 0xx -j ACCEPT iptables -A FORWARD -d 10.0.0.10/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.33/32 -m mac --mac-source xx -j ACCEPT iptables -A FORWARD -d 10.0.0.33/32 -j ACCEPT # PORT FWD iptables -t nat -A PREROUTING -p udp --dport 55031 -i eth0 -j DNAT --to-destination 10.0.0.4:55031 iptables -t nat -A PREROUTING -p tcp --dport 55031 -i eth0 -j DNAT --to-destination 10.0.0.4:55031 iptables -t nat -A PREROUTING -p tcp --dport 1411 -i eth0 -j DNAT --to-destination 10.0.0.2:1411 iptables -t nat -A PREROUTING -p tcp --dport 1412 -i eth0 -j DNAT --to-destination 10.0.0.2:1412 iptables -t nat -A PREROUTING -p tcp --dport 1413 -i eth0 -j DNAT --to-destination 10.0.0.2:1413 #iptables -t nat -A PREROUTING -p udp --dport 8081 -i eth0 -j DNAT --to-destination 10.0.0.2:8081 iptables -t nat -A PREROUTING -p tcp --dport 55081 -i eth0 -j DNAT --to-destination 10.0.0.2:55081 iptables -t nat -A PREROUTING -p udp --dport 55081 -i eth0 -j DNAT --to-destination 10.0.0.2:55081 iptables -t nat -A PREROUTING -p tcp --dport 55082 -i eth0 -j DNAT --to-destination 10.0.0.2:55082 iptables -t nat -A PREROUTING -p udp --dport 55082 -i eth0 -j DNAT --to-destination 10.0.0.2:55082 Daca pun policy pe accept merge netul, insa asa cum este acum nu merge. Care sa fie cauza? |
#2
Posted 01 November 2006 - 22:54
|
Pune sectiunea iptables -A FORWARD inainte de iptables -t nat -A POSTROUTING si vezi ce se intimpla.
|
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.