[Linux-ag] NAT ve SSL

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Umut D. (linuxlist@gmail.com)
Date: Sun 12 Feb 2006 - 01:49:32 EET

Previous message: İlker Erek Duran: "Re: [Linux-ag] nic half/full duplex problem..."
Next in thread: mesut: "Re: [Linux-ag] NAT ve SSL"

Merhaba,

Firewall ve NAT maksatli calisan Linux bilgisayarimin arkasindaki
kullanicilar normal web sayfalarini acabilmelerine ragmen SSL gerektiren
herhangi bir siteyi acamiyorlar, dolayisiyla bankalara giremiyorlar.

Bir kac faydali cikti asagida oldugu gibidir. Benim adresim 10.0.1.249,
router/linux 10.0.1.2, eth1 internal, ppp0 external

Takriben 12 saat oldu, halen ilerleme kaydedemedim. 2 farkli Windows XP Pro
ile denedim (aktivasyonlu, legacycheckleri yapilmis, volume key lisansı
onaylanmis, firewallari disable edilmis, hatta firefox kurulup onunla da
denenmis ve calismadigi gorulmus)

Tecrubesi olan?

# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 9583/named
tcp 0 0 10.0.1.2:53 0.0.0.0:*
LISTEN 9583/named
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 8592/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 9583/named
udp 0 0 0.0.0.0:32770 0.0.0.0:*
9583/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
9583/named
udp 0 0 10.0.1.2:53 0.0.0.0:*
9583/named
udp 0 0 0.0.0.0:67 0.0.0.0:*
8761/dhcpd
raw 0 0 0.0.0.0:1 0.0.0.0:*
7 8761/dhcpd

# cat /proc/sys/net/ipv4/ip_forward
1

# cat /var/lib/iptables/rules-save
*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A POSTROUTING -o ppp0 -j MASQUERADE
-A POSTROUTING -o ppp1 -j MASQUERADE
COMMIT

*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
COMMIT

*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.0.1.249 -i eth1 -j ACCEPT
-A FORWARD -s 10.0.1.249 -i eth1 -j ACCEPT
-A FORWARD -d 10.0.1.249 -o eth1 -j ACCEPT
COMMIT

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: İlker Erek Duran: "Re: [Linux-ag] nic half/full duplex problem..."
Next in thread: mesut: "Re: [Linux-ag] NAT ve SSL"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.