From: Huseyin Mercan (huseyinmercan@palmet.com)
Date: Thu 13 May 2004 - 16:14:05 EEST
Pardon gruplar arasi bir yanlislik yapmisim kusura bakmayin. Butun
gruptan ozur dilerim. :)
-----Original Message-----
From: linux-network-bounce@liste.linux.org.tr
[mailto:linux-network-bounce@liste.linux.org.tr] On Behalf Of Huseyin
Mercan
Sent: Thursday, May 13, 2004 4:08 PM
To: linux-network@liste.linux.org.tr
Subject: [linux-network] Re: RedHat Gateway konfigurasyonu
Eminim bu konuda size yardimci olacak bir cok kisi vardir ama ben birkac
gun once bir iki soru sordum kimse umursamadi saniyorum. Butun gruba
sitemlerimle... ( bu arada google da redhat 9.0 nat diye aratiginizda
bulabiliyorsunuz. Yani ben oradan buldum. Saygilarimla.
-----Original Message-----
From: linux-network-bounce@liste.linux.org.tr
[mailto:linux-network-bounce@liste.linux.org.tr] On Behalf Of Kenan
Ozturk
Sent: Thursday, May 13, 2004 2:04 PM
To: linux-network@linux.org.tr
Subject: [linux-network] RedHat Gateway konfigurasyonu
Merhabalar,
=20
Internet gateway ini SuSE 8.0 dan RedHat 9.0 a tasimak istedim. SuSE nin
firewall konfigurasyonu tool u ile bu cok kolay. Fakat Redhat uzerinde
firewall ayari icin bir tool bulunmuyor. Bunu iptables ile yapt=FDm =
fakat
ise yaramadi. Sizce gozden kacirdigim nokta nedir. Ayni konfigurasyonu
SuSE uzerinde calistirdigimda sorun cikmiyor.=20
=20
=DDptables konfigurasyonu su sekilde: (eth1 kablo net, eth2 LAN)
=20
##############BEGIN
=20
case "$1" in
=20
start)
echo "Firewall Aktif Hale Getiriliyor..."
=20
=20
echo 1 > /proc/sys/net/ipv4/ip_forward
=20
##DoS sald?r?lar?na kars? 3 onlemi alal?m
=20
#makineyi pinge kapatal?m
=20
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
=20
#syn floodingten koruyal?m
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
=20
#smurftan koruyal?m
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
=20
#Maskeleme yapmak i=E7in modulu yulkeyelim
modprobe ipt_MASQUERADE
=20
############# TUM PAKETLERI. YASAKLAYALIM=20
#################################
=20
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
=20
############ ESKI KURALLARI TEMIZLEYELIM=20
#################################
=20
iptables -F
iptables -X
iptables -t nat -F
iptables -t mangle -F
=20
########### YENI TABLOLARI EKLEYELIM=20
#####################################
=20
iptables -N kotu_tcp_paketler
iptables -N gecersiz_paketler
=20
############# ONCE KOTU OLAN PAKETLERI LOG EDIP DUSURELIM=20
################
=20
iptables -A kotu_tcp_paketler -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "Kotu TCP Paket:"
iptables -A kotu_tcp_paketler -p tcp ! --syn -m state --state NEW -j
DROP
=20
=20
############# GECERSIZ OLAN PAKETLERI LOG EDIP DUSURELIM=20
################
=20
iptables -A gecersiz_paketler -p tcp -m state --state INVALID -j LOG
--log-prefix "INVALID Paket:"
iptables -A gecersiz_paketler -p tcp -m state --state INVALID -j DROP
=20
############ LOOPBACK YAPMASINA I.ZI.N VERELI.M=20
#############################
=20
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
=20
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 21 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 21 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 110 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
=20
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth1 -j DROP
iptables -A FORWARD -i eth2 -o eth2 -j DROP
;;
stop)
echo "Firewall durduruluyor..."
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -F
iptables -t mangle -F
;;
* )
echo "Kullanim : $firewall {start|stop}"
exit 1
;;
esac
=20
exit 0
=20
=20
#####END
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/2004 =20