[Linux-ag] Dmz li firewall da Transparent Proxy sorunu

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: cem es (cem_es@hotmail.com)
Date: Mon 18 Oct 2004 - 14:09:21 EEST

Previous message: Hasan Alp iNAN: "RE: [Linux-sunucu] Fedora core 2 ile calisacak server"
Next in thread: cem es: "RE: [Linux-ag] Dmz li firewall da Transparent Proxy sorunu"

Merhabalar

Iptables ile Dmz'li bir firewall olusturdum internet paylasimi ve disardan
erisim istedigim gibi calisiyor tek sorunum transparent proxy, squid tek
basina sorunsuz calisiyor ama asagidaki kodda en alt satırdaki 80 portuna
gelen istekleri 3128 portuna yönlendirdigimde istemciler web sayfalarina
ulasamiyor.
INPUT kuralini ACCEPT yaptigimda ise transparent proxy calismaya basliyor
benim anladigim INPUT kurali ile ilgili bir sorun var ama 80 portu zaten
acik. Yardimci olursaniz sevinirim

# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

DMZ_IP_NET='192.168.2.1/24'
DMZ_NIC='eth0'

LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth2'

# load some modules (if needed)
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
#iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s $DMZ_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE

iptables -A FORWARD -j ACCEPT -i $DMZ_NIC -s $DMZ_IP_NET
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports on router for server/services
iptables -A INPUT -j ACCEPT -p tcp --dport 80
#HTTP
iptables -A INPUT -j ACCEPT -p tcp --dport 3389 #TS
iptables -A INPUT -j ACCEPT -p tcp --dport 21 #FTP
iptables -A INPUT -j ACCEPT -p tcp --dport 22 #SSH

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports to server on DMZ
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
iptables -A FORWARD -j ACCEPT -p tcp --dport 21

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.2.200:80
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to
192.168.2.200:3389
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to
192.168.2.200:21

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to
3128

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.com/

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: Hasan Alp iNAN: "RE: [Linux-sunucu] Fedora core 2 ile calisacak server"
Next in thread: cem es: "RE: [Linux-ag] Dmz li firewall da Transparent Proxy sorunu"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.