RE: [Linux-ag] Squid Erisim yasak

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: cem es (cem_es@hotmail.com)
Date: Sat 26 Mar 2005 - 10:03:48 EET

Previous message: veli akcakaya: "Re: [Linux-sunucu] Download"
Maybe in reply to: cem es: "[Linux-ag] Squid Erisim yasak"

Serdar Hocam ilginiz için tesekkur ederim.
Squid'in microsofta gicik kaptigini bende dusundum ama celme takacagida
aklima gelmedi neyse
Asagida iptables komutlarım, ip adreslerim ve nic'lerin ayarlari var

Hatanin nerde oldugunu bulamadim. Yardimci olursaniz sevinirim

adi ip subnet mask
gateway
eth0 192.168.2.215 255.255.255.0 10.0.0.100
eth1 10.0.0.100 255.255.255.0 10.0.0.138
eth2 192.0.0.230 255.255.255.0 10.0.0.100

Adsl Modem 10.0.0.138
Web server 192.168.2.201

# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

DMZ_IP_NET='192.168.2.1/24'
DMZ_NIC='eth0'

LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth2'

modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s $DMZ_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE

iptables -A FORWARD -j ACCEPT -i $DMZ_NIC -s $DMZ_IP_NET
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET

iptables -A INPUT -j ACCEPT -p tcp --dport 80
#HTTP
iptables -A INPUT -j ACCEPT -p tcp --dport 3389 #TS
iptables -A INPUT -j ACCEPT -p tcp --dport 21 #FTP
iptables -A INPUT -j ACCEPT -p tcp --dport 22 #SSH

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports to server on DMZ
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
iptables -A FORWARD -j ACCEPT -p tcp --dport 21
iptables -A FORWARD -j ACCEPT -p tcp --dport 3128

#redirecting outside world requests to server
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.2.201:80
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to
192.168.2.201:3389
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to
192.168.2.201:21

#redirecting HTTP LAN requests to squid
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to
3128

#redirect local requests to server
iptables -t nat -A PREROUTING -i eth2 -s $LAN_IP_NET -p tcp --dport 8888 -j
DNAT --to 192.168.2.201:80

_________________________________________________________________
En etkili ve güvenilir PC Korumayi tercih edin, rahat edin!
http://www.msn.com.tr/security/

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: veli akcakaya: "Re: [Linux-sunucu] Download"
Maybe in reply to: cem es: "[Linux-ag] Squid Erisim yasak"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.