Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Upgrade Ryzen 9 5900X -> Ryze...

Priza aplicata cu intrerupator cu...

Tor cu IP de UK

Sugestii road trip Moldova + Mara...
 Recomandare apartament 3 camere

Casa in constructie la tara, ce s...

Procesor cu pini indoiti, vandut ...

Examene competența lingvisti...
 Probleme vw golf 7

laptop acer nu merge tastatura

De ce ca Freelancer caștigi ...

La mulți ani @hvz!
 La mulți ani @cotzi!

Probleme testosteron

Capac culbutori fisurat

Solutii pentru backup date person...
 

Firewall

- - - - -
  • Please log in to reply
2 replies to this topic

#1
catalaur

catalaur

    Member

  • Grup: Members
  • Posts: 374
  • Înscris: 24.09.2005
Se da sistemul de operare Linux Gentoo si urmatorul firewall:

#!/bin/bash

iptables -X
iptables -F
iptables -t nat -F
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT


#NEW IPS

ifconfig eth0:1 inet xx netmask 255.255.255.128 up

#Allow establised connections and progs that use loop-back

iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

# OPENING PORTS

iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s xx/32  -j ACCEPT 
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 1200 -j ACCEPT
iptables -A INPUT -p udp --dport 27000:27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 27020:27039 -j ACCEPT
iptables -A INPUT -p udp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 91  -s 10.0.0.2/32 -j ACCEPT

####### FTP ACCESS
iptables -A INPUT -s 10.0.0.2  -j ACCEPT
iptables -A INPUT -s xx-j ACCEPT

# ICMP REPLY

iptables -A INPUT -p icmp -i eth0 -j ACCEPT
iptables -A INPUT -p icmp -i eth1 -j ACCEPT

# ROUTING/SNAT

echo 1 > /proc/sys/net/ipv4/ip_forward


#iptables -t nat -A PREROUTING -s 10.0.2/32 -p tcp -j DNAT --to-destination 10.0.0.1:80 
#iptables -A POSTROUTING -t nat -s 10.0.0.2/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.3/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.4/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.6/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.7/32 -j SNAT --to xx
#iptables -A POSTROUTING -t nat -s 10.0.0.8/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.18/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.10/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.222/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.33/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.223/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.16/32 -j SNAT --xx
iptables -A POSTROUTING -t nat -s  10.0.0.2 -j SNAT --to-source xx
iptables -A PREROUTING -t nat -d xx -j DNAT --to-destination 10.0.0.2

# ROUTING/NAT

iptables -A FORWARD -s 10.0.0.2/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.2/32 -j ACCEPT

#ANDREI

iptables -A FORWARD -s 10.0.0.8/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.8/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.3/32 -m mac --mac-source  00:0E:A6:C6:2A:9F -j ACCEPT
iptables -A FORWARD -d 10.0.0.3/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.4/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.4/32 -j ACCEPT

#iptables -A FORWARD -s 10.0.0.16/32 -j ACCEPT
#iptables -A FORWARD -d 10.0.0.16/32 -j ACCEPT


iptables -A FORWARD -s 10.0.0.6/32 -m mac --mac-source  xx-j ACCEPT
iptables -A FORWARD -d 10.0.0.6/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.7/32 -m mac --mac-source xx-j ACCEPT
iptables -A FORWARD -d 10.0.0.7/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.18/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.18/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.222/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.222/32 -j ACCEPT


#iptables -A FORWARD -s 10.0.0.18/32 -m mac --mac-source xx -j ACCEPT
#iptables -A FORWARD -d 10.0.0.18/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.10/32 -m mac --mac-source  0xx -j ACCEPT
iptables -A FORWARD -d 10.0.0.10/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.33/32 -m mac --mac-source xx -j ACCEPT
iptables -A FORWARD -d 10.0.0.33/32 -j ACCEPT


# PORT FWD

iptables -t nat -A PREROUTING -p udp --dport 55031 -i eth0 -j DNAT --to-destination 10.0.0.4:55031
iptables -t nat -A PREROUTING -p tcp --dport 55031 -i eth0 -j DNAT --to-destination 10.0.0.4:55031
iptables -t nat -A PREROUTING -p tcp --dport 1411 -i eth0 -j DNAT --to-destination 10.0.0.2:1411
iptables -t nat -A PREROUTING -p tcp --dport 1412 -i eth0 -j DNAT --to-destination 10.0.0.2:1412
iptables -t nat -A PREROUTING -p tcp --dport 1413 -i eth0 -j DNAT --to-destination 10.0.0.2:1413
#iptables -t nat -A PREROUTING -p udp --dport 8081 -i eth0 -j DNAT --to-destination 10.0.0.2:8081
iptables -t nat -A PREROUTING -p tcp --dport 55081 -i eth0 -j DNAT --to-destination 10.0.0.2:55081
iptables -t nat -A PREROUTING -p udp --dport 55081 -i eth0 -j DNAT --to-destination 10.0.0.2:55081
iptables -t nat -A PREROUTING -p tcp --dport 55082 -i eth0 -j DNAT --to-destination 10.0.0.2:55082
iptables -t nat -A PREROUTING -p udp --dport 55082 -i eth0 -j DNAT --to-destination 10.0.0.2:55082

Daca pun policy pe accept merge netul, insa asa cum este acum nu merge. Care sa fie cauza?

#2
cianura

cianura

    Senior Member

  • Grup: Senior Members
  • Posts: 2,754
  • Înscris: 19.01.2004
Pune sectiunea iptables -A FORWARD inainte de iptables -t nat -A POSTROUTING si vezi ce se intimpla.

#3
catalaur

catalaur

    Member

  • Grup: Members
  • Posts: 374
  • Înscris: 24.09.2005
Acelasi lucru...

Anunturi

Chirurgia spinală minim invazivă Chirurgia spinală minim invazivă

Chirurgia spinală minim invazivă oferă pacienților oportunitatea unui tratament eficient, permițându-le o recuperare ultra rapidă și nu în ultimul rând minimizând leziunile induse chirurgical.

Echipa noastră utilizează un spectru larg de tehnici minim invazive, din care enumerăm câteva: endoscopia cu variantele ei (transnazală, transtoracică, transmusculară, etc), microscopul operator, abordurile trans tubulare și nu în ultimul rând infiltrațiile la toate nivelurile coloanei vertebrale.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate