RE: [Linux-ag] IPTABLES

---------

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

From: Kivanc Oskay (koskay@cozumbilgisayar.com.tr)
Date: Fri 08 Jul 2005 - 11:51:27 EEST

asagidaki gibi calistirdiktan sonra paylasimi sagladiginizi gorup daha sonra
uzerinde degisiklikler yapsaniz daha mi pratik olur acaba?

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -F -t nat

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
veya
iptables -A POSTROUTING -s [local_network/24] -j SNAT --to-source
[eth1_IP_adresi]

echo 1 > /proc/sys/net/ipv4/ip_forward 

--
Kivanc Oskay
System Support Specialist

Cozum Bilgisayar Ltd.

>-----Original Message-----
>From: linux-ag-bounces@liste.linux.org.tr 
>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of 
>Ahmet Selman INANC
>Sent: Friday, July 08, 2005 11:10 AM
>To: linux-ag@liste.linux.org.tr
>Subject: RE: [Linux-ag] IPTABLES
>
>Soylediginiz satir yanlis olmus onu iptables dan kaldrmistim fakat
>yolladigim mailde kalmis. Bisey denemek icin eklemistim o satiri. eth1
>gateway'im yani ADSL'den cikiyorum. LL'dan ise hat gidince 
>Roting uzerinden
>gateway degisiyor. 
>
>Fakat o satir onemli degil sanki onu kaldirdigimda da bisey 
>fark etmiyor.
>İptables kurallarini devreye alinca internet gidiyor. Yani
>
>Bunlardan birinde problem var fakat tam olarak cikartamadim. 
>Nerede yanlis
>yaptigimi
>
>>-A INPUT -i lo -j ACCEPT 
>>-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
>>-A INPUT -p ipv6-crypt -j ACCEPT 
>>-A INPUT -p ipv6-auth -j ACCEPT 
>>-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
>>-A INPUT -p udp -m udp --dport 631 -j ACCEPT 
>>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3500 -j ACCEPT
>>-A INPUT -j REJECT --reject-with icmp-host-prohibited
>
>
>
>
>Ahmet Selman INANC
>IT Specialist
>
>-----Original Message-----
>From: linux-ag-bounces@liste.linux.org.tr
>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of Kivanc Oskay
>Sent: Friday, July 08, 2005 10:51 AM
>To: linux-ag@liste.linux.org.tr
>Subject: RE: [Linux-ag] IPTABLES
>
>Selam,
>
>>-A POSTROUTING -o eth1 -j MASQUERADE 
>>-A POSTROUTING -o eth2 -j MASQUERADE
>
>bu satirlar biraz garip geldi bana, amac adsl den mi cikis 
>saglamak yoksa ll
>uzerinden mi, her ikisi de mi? bir de ip route ciktinizi merak 
>ediyorum.
>--
>Kivanc Oskay
>System Support Specialist
>
>Cozum Bilgisayar Ltd.
>
>>-----Original Message-----
>>From: linux-ag-bounces@liste.linux.org.tr 
>>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of 
>>Ahmet Selman INANC
>>Sent: Friday, July 08, 2005 10:01 AM
>>To: linux-ag@liste.linux.org.tr
>>Subject: [Linux-ag] IPTABLES
>>
>>
>>Merhaba;
>>
>>iptables kurallarim asagidaki gibi fakat bunu devreye alinca 
>>clientlarin
>>interneti calismiyor neyi yanlis yapiyor olabilir. ??
>>
>>Eth0 = LAN
>>Eth1 = ADSL
>>Eth2 = LL
>>
>>
>>-A INPUT -i lo -j ACCEPT 
>>-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
>>-A INPUT -p ipv6-crypt -j ACCEPT 
>>-A INPUT -p ipv6-auth -j ACCEPT 
>>-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
>>-A INPUT -p udp -m udp --dport 631 -j ACCEPT 
>>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3500 -j ACCEPT
>>-A INPUT -j REJECT --reject-with icmp-host-prohibited 
>>
>>
>>-A PREROUTING -d 212.212.212.212 -p tcp -m tcp --dport 21 -j DNAT
>>--to-destination 192.168.2.100:21
>>-A POSTROUTING -o eth1 -j MASQUERADE 
>>-A POSTROUTING -o eth2 -j MASQUERADE 
>>-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT 
>>--to-ports 3128 
>>-A PREROUTING -p tcp -m tcp -i eth0 --dport 1863 -j REDIRECT 
>>--to-ports 3128
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>Ahmet Selman INANC
>>IT Specialist
>>
>>
>
>
>_______________________________________________
>Linux-ag mailing list
>Linux-ag@liste.linux.org.tr
>http://liste.linux.org.tr/mailman/listinfo/linux-ag
>

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

---------

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.