From: Kai Geek (kaigeek@linuxmail.org)
Date: Fri 09 Dec 2005 - 17:27:11 EET
şöyle de birşey ile dediğin yapılabilir.
$touch ipfer
$chmod 777 ipfer
$vi ipfer
#!/bin/sh
echo -e "\n\nsettings for iptables IPFER Script"
INTIF="eth0"
INTNET="senin ip/252"
INTIP="wan IP/24"
EXTIF="ppp0"
#EXTIP="your.static.ip" (default)
echo "Load for NAT kernel modules"
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
echo "Enabling IP forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "External interface: $EXTIF"
echo "External interface IP address is: $EXTIP"
echo "Loading firewall server rules"
UNIVERSE="0.0.0.0/0"
iptables -P INPUT DROP
iptables -F INPUT
iptables -P OUTPUT DROP
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F -t nat
if [ "`iptables -L | grep drop-and-log-it`" ]; then
iptables -F drop-and-log-it
fi
iptables -X
iptables -Z
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-level info
iptables -A drop-and-log-it -j REJECT
echo -e " - Loading INPUT rules"
iptables -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
iptables -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
iptables -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT
$UNIVERSE -d $EXTIP --dport 80 -j ACCEPT
iptables -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
echo -e " - Loading OUTPUT rulesets"
iptables -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
iptables -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT
iptables -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT
iptables -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
iptables -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT
iptables -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
echo -e " - Loading FORWARD rulesets"
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -A FORWARD -j drop-and-log-it
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
echo -e " Firewall server rule loading complete\n\n"
#EOF
----- Original Message -----
From: "Sedat EKİNCİ" <bozbeyaz@aventgrup.net>
To: linux-ag@liste.linux.org.tr
Subject: Re: [Linux-ag] IPtables - Statik Routing
Date: Fri, 9 Dec 2005 17:05:48 +0200
>
> Evt, Tam olarak Odur. /252 den kastım 255.255.255.252 Netmask'ıdır.
> Yani bit Hesabıyla /30.
>
> 212.175.213.202 Kendi bilgisayarımın hostu.
> 212.175.213.201 Sunucumun Lan IP'si.
> 212.175.213.198 Sunucumun Wan IP'si.
> 212.175.213.197 İnternet Çıkış Adresim.
> (Hepsi /30 yani 255.255.255.252)
-- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox.Powered by Outblaze _______________________________________________ Linux-ag mailing list Linux-ag@liste.linux.org.tr http://liste.linux.org.tr/mailman/listinfo/linux-ag