Sign In
Create Account
Care ma ajuta cu o filtrare dupa mac?
Last Updated: Apr 18 2004 13:08, Started by
Alice
, Feb 18 2004 21:19
·
0
0
#1
Posted 18 February 2004 - 21:19
|
eth0 - intern
eth1 - extern Quote rc.firewall iptables -F iptables -t mangle -F iptables -A INPUT -p tcp -s ip_eu --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s alt_ip --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP iptables -A INPUT -p tcp -s ip_eu --dport 21 -j ACCEPT iptables -A INPUT -p tcp -s alt_ip --dport 21 -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP iptables -A INPUT -p tcp -i eth1 --dport 53 -j DROP iptables -A INPUT -p tcp -i eth1 --dport 137:139 -j DROP iptables -A INPUT -p udp -i eth1 --dport 137:139 -j DROP iptables -A INPUT -p tcp -i eth1 --dport 143 -j DROP iptables -A INPUT -p tcp -i eth0 --dport 143 -j DROP iptables -A INPUT -p tcp -i eth1 --dport 587 -j DROP iptables -A INPUT -p tcp -i eth0 --dport 587 -j DROP iptables -A INPUT -p tcp -i eth1 --dport 953 -j DROP iptables -A INPUT -p tcp -i eth0 --dport 953 -j DROP iptables -A INPUT -p tcp -i eth1 --dport 3306 -j DROP iptables -A INPUT -p tcp -i eth0 --dport 3306 -j DROP iptables -A PREROUTING -t mangle -p tcp --sport 22 -j TOS --set-tos Minimize-Delay iptables -A OUTPUT -t mangle -p tcp --sport 22 -j TOS --set-tos Minimize-Delay iptables -A FORWARD -t mangle -p tcp --dport 22 -j TOS --set-tos Minimize-Delay [si alte cateva prioritati pt. porturi] /etc/rc.d/rc.nat Quote rc.nat /usr/sbin/iptables -t nat -F #Client 1 MAC XX:XX:XX:XX:XX:XX - 33 iptables -t nat -A POSTROUTING -j SNAT -s 192.168.0.33 --to aaa.bbb.ccc.1 iptables -t nat -A PREROUTING -d aaa.bbb.ccc.1 -j DNAT --to 192.168.0.33 #iptables -P DROP #iptables -A PREROUTING -i eth0 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT #Client 2 MAC XX:XX:XX:XX:XX:XX - 17 iptables -t nat -A POSTROUTING -j SNAT -s 192.168.0.17 --to aaa.bbb.ccc.2 iptables -t nat -A PREROUTING -d aaa.bbb.ccc.2 -j DNAT --to 192.168.0.17 #iptables -A PREROUTING -i eth0 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT #Client 3 MAC XX:XX:XX:XX:XX:XX - 10 iptables -t nat -A POSTROUTING -j SNAT -s 192.168.0.10 --to aaa.bbb.ccc.3 iptables -t nat -A PREROUTING -d aaa.bbb.ccc.3 -j DNAT --to 192.168.0.10 #iptables -A PREROUTING -i eth0 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT [etc] Sugestii? Aaa.bbb.ccc e o clasa reala. |
Back to top
#4
Posted 14 April 2004 - 10:16
|
Vreau si eu sa fac aceeasi chestie, un link catre un script si un manual se poate?
|
#5
Posted 14 April 2004 - 19:58
|
eth0 - intern
eth1 - extern iptables -t nat -P PREROUTING DROP iptables -t nat -A PREROUTING -i eth0 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -j ACCEPT nu sunt sigur da' daca vrei ca doar un anumit mac sa intre pe eth0 si sa iasa in afara pe eth1 si sa faca schimb de informatii atunci cred ca asta e |
#6
Posted 16 April 2004 - 11:13
|
eth0 - extern
eth1 - intern am mai multe mac-uri (in jur de 35 mai exact), cum fac in cazul asta? |
#7
Posted 18 April 2004 - 13:08
|
eth0 - extern
eth1 - internla iptables -t nat -A PREROUTING -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT . . . ultima tre sa fie asta iptables -t nat -A PREROUTING -i eth0 -j ACCEPT |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.