[linux-network] RedHat Gateway konfigurasyonu

---------

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

From: Kenan Ozturk (kozturk@sirius-group.com)
Date: Thu 13 May 2004 - 14:04:19 EEST

Merhabalar,
 
Internet gateway ini SuSE 8.0 dan RedHat 9.0 a tasimak istedim. SuSE nin
firewall konfigurasyonu tool u ile bu cok kolay. Fakat Redhat uzerinde
firewall ayari icin bir tool bulunmuyor. Bunu iptables ile yaptım fakat
ise yaramadi. Sizce gozden kacirdigim nokta nedir. Ayni konfigurasyonu
SuSE uzerinde calistirdigimda sorun cikmiyor.
 
İptables konfigurasyonu su sekilde: (eth1 kablo net, eth2 LAN)
 
##############BEGIN
 
case "$1" in
 
start)
echo "Firewall Aktif Hale Getiriliyor..."
 
 
echo 1 > /proc/sys/net/ipv4/ip_forward
 
##DoS sald?r?lar?na kars? 3 onlemi alal?m
 
#makineyi pinge kapatal?m
 
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
 
#syn floodingten koruyal?m
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
 
#smurftan koruyal?m
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
 
#Maskeleme yapmak için modulu yulkeyelim
modprobe ipt_MASQUERADE
 
############# TUM PAKETLERI. YASAKLAYALIM
#################################
 
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
 
############ ESKI KURALLARI TEMIZLEYELIM
#################################
 
iptables -F
iptables -X
iptables -t nat -F
iptables -t mangle -F
 
########### YENI TABLOLARI EKLEYELIM
#####################################
 
iptables -N kotu_tcp_paketler
iptables -N gecersiz_paketler
 
############# ONCE KOTU OLAN PAKETLERI LOG EDIP DUSURELIM
################
 
iptables -A kotu_tcp_paketler -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "Kotu TCP Paket:"
iptables -A kotu_tcp_paketler -p tcp ! --syn -m state --state NEW -j
DROP
 
 
############# GECERSIZ OLAN PAKETLERI LOG EDIP DUSURELIM
################
 
iptables -A gecersiz_paketler -p tcp -m state --state INVALID -j LOG
--log-prefix "INVALID Paket:"
iptables -A gecersiz_paketler -p tcp -m state --state INVALID -j DROP
 
############ LOOPBACK YAPMASINA I.ZI.N VERELI.M
#############################
 
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
 
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 21 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 21 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 110 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
 
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth1 -j DROP
iptables -A FORWARD -i eth2 -o eth2 -j DROP
;;
stop)
echo "Firewall durduruluyor..."
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -F
iptables -t mangle -F
;;
* )
echo "Kullanim : $firewall {start|stop}"
exit 1
;;
esac
 
exit 0
 
 
#####END 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/2004

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

---------

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.