From: cem es (cem_es@hotmail.com)
Date: Sat 26 Mar 2005 - 10:32:04 EET
Biraz onceki tirmalarken bozdugum script su anda kullandıigim script bu
Serdar Hocam ilgin için tesekkur ederim.
Squid'in microsofta gicik kaptigini bende dusundum ama celme takacagida
aklima gelmedi neyse
Asagida iptables komutlarım, ip adreslerim ve nic'lerin ayarlari var
Hatanin nerde oldugunu bulamadim. Yardimci olursaniz sevinirim
adi ip subnet mask
gateway
eth0 192.168.2.215 255.255.255.0 10.0.0.100
eth1 10.0.0.100 255.255.255.0 10.0.0.138
eth2 192.0.0.230 255.255.255.0 10.0.0.100
Adsl Modem 10.0.0.138
Web server 192.168.2.201
# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
DMZ_IP_NET='192.168.2.1/24'
DMZ_NIC='eth0'
LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth2'
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s $DMZ_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $DMZ_NIC -s $DMZ_IP_NET
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A INPUT -j ACCEPT -p tcp --dport 80
#HTTP
iptables -A INPUT -j ACCEPT -p tcp --dport 3389 #TS
iptables -A INPUT -j ACCEPT -p tcp --dport 21 #FTP
iptables -A INPUT -j ACCEPT -p tcp --dport 22 #SSH
iptables -A INPUT -j ACCEPT -p tcp --dport 3128
#HTTP
# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Open ports to server on DMZ
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
iptables -A FORWARD -j ACCEPT -p tcp --dport 21
iptables -A FORWARD -j ACCEPT -p tcp --dport 3128
#redirecting outside world requests to server
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.2.201:80
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to
192.168.2.201:3389
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to
192.168.2.201:21
#redirecting HTTP LAN requests to squid
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to
3128
#redirect local requests to server
iptables -t nat -A PREROUTING -i eth2 -s $LAN_IP_NET -p tcp --dport 8888 -j
DNAT --to 192.168.2.201:80
_________________________________________________________________
Hem e-postalarinizi, hem de Bilgisayarinizi MSN Güvenlik ile koruma altina
alin! http://www.msn.com.tr/security/
_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag