From: cem es (cem_es@hotmail.com)
Date: Mon 18 Oct 2004 - 14:16:31 EEST
2 gundur ugrasiyordum buraya yazdiktan sonra asagidaki satirlari ekledim
simdi calisiyor
iptables -A FORWARD -j ACCEPT -p tcp --dport 3128
iptables -A INPUT -j ACCEPT -p tcp --dport 3128
>From: "cem es" <cem_es@hotmail.com>
>Reply-To: linux-ag@liste.linux.org.tr
>To: linux-ag@liste.linux.org.tr
>Subject: [Linux-ag] Dmz li firewall da Transparent Proxy sorunu
>Date: Mon, 18 Oct 2004 14:09:21 +0300
>
>Merhabalar
>
>Iptables ile Dmz'li bir firewall olusturdum internet paylasimi ve disardan
>erisim istedigim gibi calisiyor tek sorunum transparent proxy, squid tek
>basina sorunsuz calisiyor ama asagidaki kodda en alt satırdaki 80 portuna
>gelen istekleri 3128 portuna yönlendirdigimde istemciler web sayfalarina
>ulasamiyor.
>INPUT kuralini ACCEPT yaptigimda ise transparent proxy calismaya basliyor
>benim anladigim INPUT kurali ile ilgili bir sorun var ama 80 portu zaten
>acik. Yardimci olursaniz sevinirim
>
># Disable forwarding
>echo 0 > /proc/sys/net/ipv4/ip_forward
>
>DMZ_IP_NET='192.168.2.1/24'
>DMZ_NIC='eth0'
>
>LAN_IP_NET='192.168.0.1/24'
>LAN_NIC='eth2'
>
># load some modules (if needed)
>modprobe ip_nat_ftp
>modprobe ip_conntrack_ftp
>
># Flush
>iptables -t nat -F POSTROUTING
>iptables -t nat -F PREROUTING
>iptables -t nat -F OUTPUT
>iptables -F
>
>iptables -P INPUT DROP
>#iptables -P INPUT ACCEPT
>iptables -P FORWARD DROP
>iptables -P OUTPUT ACCEPT
>
>
># Enable forwarding
>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>iptables -t nat -A POSTROUTING -s $DMZ_IP_NET -j MASQUERADE
>iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
>
>iptables -A FORWARD -j ACCEPT -i $DMZ_NIC -s $DMZ_IP_NET
>iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
>
>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
># Open ports on router for server/services
>iptables -A INPUT -j ACCEPT -p tcp --dport 80
>#HTTP
>iptables -A INPUT -j ACCEPT -p tcp --dport 3389 #TS
>iptables -A INPUT -j ACCEPT -p tcp --dport 21
>#FTP
>iptables -A INPUT -j ACCEPT -p tcp --dport 22
>#SSH
>
># STATE RELATED for router
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
># Open ports to server on DMZ
>iptables -A FORWARD -j ACCEPT -p tcp --dport 80
>iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
>iptables -A FORWARD -j ACCEPT -p tcp --dport 21
>
>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
>192.168.2.200:80
>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to
>192.168.2.200:3389
>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to
>192.168.2.200:21
>
>iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to
>3128
>
>_________________________________________________________________
>FREE pop-up blocking with the new MSN Toolbar - get it now!
>http://toolbar.msn.com/
>
>_______________________________________________
>Linux-ag mailing list
>Linux-ag@liste.linux.org.tr
>http://liste.linux.org.tr/mailman/listinfo/linux-ag
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.com/
_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag