From: Kivanc Oskay (koskay@cozumbilgisayar.com.tr)
Date: Fri 08 Jul 2005 - 11:57:15 EEST
>-----Original Message-----
>From: linux-ag-bounces@liste.linux.org.tr
>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of Kivanc Oskay
>Sent: Friday, July 08, 2005 11:51 AM
>To: linux-ag@liste.linux.org.tr
>Subject: RE: [Linux-ag] IPTABLES
>
>
>asagidaki gibi calistirdiktan sonra paylasimi sagladiginizi
>gorup daha sonra
>uzerinde degisiklikler yapsaniz daha mi pratik olur acaba?
>
>iptables -P INPUT ACCEPT
>iptables -P OUTPUT ACCEPT
>iptables -P FORWARD ACCEPT
>
>iptables -F FORWARD
>iptables -F INPUT
>iptables -F OUTPUT
>iptables -F -t nat
>
>iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>veya
>iptables -A POSTROUTING -s [local_network/24] -j SNAT --to-source
[eth1_IP_adresi]
**** düzeltme
iptables -t nat -A POSTROUTING -s [local_network/24] -j SNAT --to-source
[eth1_IP_adresi]
****
>
>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>--
>Kivanc Oskay
>System Support Specialist
>
>Cozum Bilgisayar Ltd.
>
>>-----Original Message-----
>>From: linux-ag-bounces@liste.linux.org.tr
>>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of
>>Ahmet Selman INANC
>>Sent: Friday, July 08, 2005 11:10 AM
>>To: linux-ag@liste.linux.org.tr
>>Subject: RE: [Linux-ag] IPTABLES
>>
>>Soylediginiz satir yanlis olmus onu iptables dan kaldrmistim fakat
>>yolladigim mailde kalmis. Bisey denemek icin eklemistim o satiri. eth1
>>gateway'im yani ADSL'den cikiyorum. LL'dan ise hat gidince
>>Roting uzerinden
>>gateway degisiyor.
>>
>>Fakat o satir onemli degil sanki onu kaldirdigimda da bisey
>>fark etmiyor.
>>İptables kurallarini devreye alinca internet gidiyor. Yani
>>
>>Bunlardan birinde problem var fakat tam olarak cikartamadim.
>>Nerede yanlis
>>yaptigimi
>>
>>>-A INPUT -i lo -j ACCEPT
>>>-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
>>>-A INPUT -p ipv6-crypt -j ACCEPT
>>>-A INPUT -p ipv6-auth -j ACCEPT
>>>-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
>>>-A INPUT -p udp -m udp --dport 631 -j ACCEPT
>>>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3500 -j ACCEPT
>>>-A INPUT -j REJECT --reject-with icmp-host-prohibited
>>
>>
>>
>>
>>Ahmet Selman INANC
>>IT Specialist
>>
>>-----Original Message-----
>>From: linux-ag-bounces@liste.linux.org.tr
>>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of Kivanc Oskay
>>Sent: Friday, July 08, 2005 10:51 AM
>>To: linux-ag@liste.linux.org.tr
>>Subject: RE: [Linux-ag] IPTABLES
>>
>>Selam,
>>
>>>-A POSTROUTING -o eth1 -j MASQUERADE
>>>-A POSTROUTING -o eth2 -j MASQUERADE
>>
>>bu satirlar biraz garip geldi bana, amac adsl den mi cikis
>>saglamak yoksa ll
>>uzerinden mi, her ikisi de mi? bir de ip route ciktinizi merak
>>ediyorum.
>>--
>>Kivanc Oskay
>>System Support Specialist
>>
>>Cozum Bilgisayar Ltd.
>>
>>>-----Original Message-----
>>>From: linux-ag-bounces@liste.linux.org.tr
>>>[mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of
>>>Ahmet Selman INANC
>>>Sent: Friday, July 08, 2005 10:01 AM
>>>To: linux-ag@liste.linux.org.tr
>>>Subject: [Linux-ag] IPTABLES
>>>
>>>
>>>Merhaba;
>>>
>>>iptables kurallarim asagidaki gibi fakat bunu devreye alinca
>>>clientlarin
>>>interneti calismiyor neyi yanlis yapiyor olabilir. ??
>>>
>>>Eth0 = LAN
>>>Eth1 = ADSL
>>>Eth2 = LL
>>>
>>>
>>>-A INPUT -i lo -j ACCEPT
>>>-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
>>>-A INPUT -p ipv6-crypt -j ACCEPT
>>>-A INPUT -p ipv6-auth -j ACCEPT
>>>-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
>>>-A INPUT -p udp -m udp --dport 631 -j ACCEPT
>>>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
>>>-A INPUT -p tcp -m state --state NEW -m tcp --dport 3500 -j ACCEPT
>>>-A INPUT -j REJECT --reject-with icmp-host-prohibited
>>>
>>>
>>>-A PREROUTING -d 212.212.212.212 -p tcp -m tcp --dport 21 -j DNAT
>>>--to-destination 192.168.2.100:21
>>>-A POSTROUTING -o eth1 -j MASQUERADE
>>>-A POSTROUTING -o eth2 -j MASQUERADE
>>>-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT
>>>--to-ports 3128
>>>-A PREROUTING -p tcp -m tcp -i eth0 --dport 1863 -j REDIRECT
>>>--to-ports 3128
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>Ahmet Selman INANC
>>>IT Specialist
>>>
>>>
>>
>>
>>_______________________________________________
>>Linux-ag mailing list
>>Linux-ag@liste.linux.org.tr
>>http://liste.linux.org.tr/mailman/listinfo/linux-ag
>>
>
>_______________________________________________
>Linux-ag mailing list
>Linux-ag@liste.linux.org.tr
>http://liste.linux.org.tr/mailman/listinfo/linux-ag
>
_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag