Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Achiziție lentile ochelari o...

Alegere rucsac 20 litri

Pareri legate de tunel solar - su...

Recomandare birou copii de 6 si d...
 Ieșire din indiviziune teren...

Imprimanta A4 si A3 cu scanner

Morți stupide (Italia)

Vom ajunge la deflatie?
 Partaj succesoral

IFN-urile mi-au distrus scorul FI...

Sfat achiziție laptop

Maneaua la concertele Coldplay
 Ce este cu aceasta inflație ...

Duster 2011 carplay

Portare inapoi la Telekom

Telecabina Piatra-Neamț - Ma...
 

Firewall

- - - - -
  • Please log in to reply
2 replies to this topic

#1
catalaur

catalaur

    Member

  • Grup: Members
  • Posts: 374
  • Înscris: 24.09.2005
Se da sistemul de operare Linux Gentoo si urmatorul firewall:

#!/bin/bash

iptables -X
iptables -F
iptables -t nat -F
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT


#NEW IPS

ifconfig eth0:1 inet xx netmask 255.255.255.128 up

#Allow establised connections and progs that use loop-back

iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

# OPENING PORTS

iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s xx/32  -j ACCEPT 
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 1200 -j ACCEPT
iptables -A INPUT -p udp --dport 27000:27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 27020:27039 -j ACCEPT
iptables -A INPUT -p udp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 91  -s 10.0.0.2/32 -j ACCEPT

####### FTP ACCESS
iptables -A INPUT -s 10.0.0.2  -j ACCEPT
iptables -A INPUT -s xx-j ACCEPT

# ICMP REPLY

iptables -A INPUT -p icmp -i eth0 -j ACCEPT
iptables -A INPUT -p icmp -i eth1 -j ACCEPT

# ROUTING/SNAT

echo 1 > /proc/sys/net/ipv4/ip_forward


#iptables -t nat -A PREROUTING -s 10.0.2/32 -p tcp -j DNAT --to-destination 10.0.0.1:80 
#iptables -A POSTROUTING -t nat -s 10.0.0.2/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.3/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.4/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.6/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.7/32 -j SNAT --to xx
#iptables -A POSTROUTING -t nat -s 10.0.0.8/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.18/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.10/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.222/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.33/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.223/32 -j SNAT --to xx
iptables -A POSTROUTING -t nat -s 10.0.0.16/32 -j SNAT --xx
iptables -A POSTROUTING -t nat -s  10.0.0.2 -j SNAT --to-source xx
iptables -A PREROUTING -t nat -d xx -j DNAT --to-destination 10.0.0.2

# ROUTING/NAT

iptables -A FORWARD -s 10.0.0.2/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.2/32 -j ACCEPT

#ANDREI

iptables -A FORWARD -s 10.0.0.8/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.8/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.3/32 -m mac --mac-source  00:0E:A6:C6:2A:9F -j ACCEPT
iptables -A FORWARD -d 10.0.0.3/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.4/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.4/32 -j ACCEPT

#iptables -A FORWARD -s 10.0.0.16/32 -j ACCEPT
#iptables -A FORWARD -d 10.0.0.16/32 -j ACCEPT


iptables -A FORWARD -s 10.0.0.6/32 -m mac --mac-source  xx-j ACCEPT
iptables -A FORWARD -d 10.0.0.6/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.7/32 -m mac --mac-source xx-j ACCEPT
iptables -A FORWARD -d 10.0.0.7/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.18/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.18/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.222/32 -j ACCEPT
iptables -A FORWARD -d 10.0.0.222/32 -j ACCEPT


#iptables -A FORWARD -s 10.0.0.18/32 -m mac --mac-source xx -j ACCEPT
#iptables -A FORWARD -d 10.0.0.18/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.10/32 -m mac --mac-source  0xx -j ACCEPT
iptables -A FORWARD -d 10.0.0.10/32 -j ACCEPT

iptables -A FORWARD -s 10.0.0.33/32 -m mac --mac-source xx -j ACCEPT
iptables -A FORWARD -d 10.0.0.33/32 -j ACCEPT


# PORT FWD

iptables -t nat -A PREROUTING -p udp --dport 55031 -i eth0 -j DNAT --to-destination 10.0.0.4:55031
iptables -t nat -A PREROUTING -p tcp --dport 55031 -i eth0 -j DNAT --to-destination 10.0.0.4:55031
iptables -t nat -A PREROUTING -p tcp --dport 1411 -i eth0 -j DNAT --to-destination 10.0.0.2:1411
iptables -t nat -A PREROUTING -p tcp --dport 1412 -i eth0 -j DNAT --to-destination 10.0.0.2:1412
iptables -t nat -A PREROUTING -p tcp --dport 1413 -i eth0 -j DNAT --to-destination 10.0.0.2:1413
#iptables -t nat -A PREROUTING -p udp --dport 8081 -i eth0 -j DNAT --to-destination 10.0.0.2:8081
iptables -t nat -A PREROUTING -p tcp --dport 55081 -i eth0 -j DNAT --to-destination 10.0.0.2:55081
iptables -t nat -A PREROUTING -p udp --dport 55081 -i eth0 -j DNAT --to-destination 10.0.0.2:55081
iptables -t nat -A PREROUTING -p tcp --dport 55082 -i eth0 -j DNAT --to-destination 10.0.0.2:55082
iptables -t nat -A PREROUTING -p udp --dport 55082 -i eth0 -j DNAT --to-destination 10.0.0.2:55082

Daca pun policy pe accept merge netul, insa asa cum este acum nu merge. Care sa fie cauza?

#2
cianura

cianura

    Senior Member

  • Grup: Senior Members
  • Posts: 2,754
  • Înscris: 19.01.2004
Pune sectiunea iptables -A FORWARD inainte de iptables -t nat -A POSTROUTING si vezi ce se intimpla.

#3
catalaur

catalaur

    Member

  • Grup: Members
  • Posts: 374
  • Înscris: 24.09.2005
Acelasi lucru...

Anunturi

Chirurgia cranio-cerebrală minim invazivă Chirurgia cranio-cerebrală minim invazivă

Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne.

Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate