Re: [Linux-ag] censornet

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: necip celepci (yaneroz@gmail.com)
Date: Thu 21 Sep 2006 - 14:54:58 GMT

Previous message: Cem Vedat ISIK: "[Linux-ag] CGI ile Uzaktan dosya indirme esnasinda timeout problemi."
In reply to: necip celepci: "Re: [Linux-ag] censornet"
Next in thread: Kivanc Oskay: "RE: [Linux-ag] censornet"

arkadaşlar merhaba,
baya kafanızı ağrıtıyorum. sonunda okuduğum dökümanlardan iptables çıktısını
almayı vaşardım. baya da uzun bir liste. şimdi aşağıdaki listede ne yapmam
lazım ki eth0 a gelen 80. port isteklerini 8080 e göndereyim. baya bir drop
yapılmış gerçi ama?

help... pls

# Generated by iptables-save v1.2.9 on Thu Sep 21 20:48:27 2006
*nat
:PREROUTING ACCEPT [964:302778]
:POSTROUTING ACCEPT [1171:91118]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Sep 21 20:48:27 2006
# Generated by iptables-save v1.2.9 on Thu Sep 21 20:48:27 2006
*mangle
:PREROUTING ACCEPT [9404:2804321]
:INPUT ACCEPT [8840:2674241]
:FORWARD ACCEPT [54:2592]
:OUTPUT ACCEPT [10405:2673227]
:POSTROUTING ACCEPT [10546:2689613]
-A OUTPUT -p tcp -m tcp --dport 23 -j TOS --set-tos 0x10
-A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
COMMIT
# Completed on Thu Sep 21 20:48:27 2006
# Generated by iptables-save v1.2.9 on Thu Sep 21 20:48:27 2006
*filter
:INPUT DROP [605:201794]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [10405:2673227]
:ADMIN_ACCESS_A - [0:0]
:FORWARD_ACCESS_A - [0:0]
:INPUT_ACCESS_A - [0:0]
-A INPUT -i ! lo -p tcp -m tcp --dport 99 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 81 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 137:139 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 20:25 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 20:25 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 42 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 42 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 110 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 123 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -i eth0 -p icmp -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 17 -j DROP
-A INPUT -i eth1 -p icmp -j ACCEPT
-A INPUT -j ADMIN_ACCESS_A
-A INPUT -j INPUT_ACCESS_A
-A FORWARD -i eth0 -p tcp -m tcp --dport 80 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 80 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 81 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 81 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 443 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 443 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 488 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 488 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 563 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 563 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 777 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 777 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 3128 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 3128 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 8080 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 8080 -j DROP
-A FORWARD -p tcp -m state --state RELATED -j ACCEPT
-A FORWARD -p tcp -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -p icmp -j ACCEPT
-A FORWARD -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
-A FORWARD -i eth1 -p icmp -m icmp --icmp-type 13 -j DROP
-A FORWARD -i eth1 -p icmp -m icmp --icmp-type 17 -j DROP
-A FORWARD -i eth1 -p icmp -j ACCEPT
-A FORWARD -j FORWARD_ACCESS_A
-A ADMIN_ACCESS_A -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A ADMIN_ACCESS_A -i eth0 -p udp -m udp --dport 80 -j ACCEPT
-A INPUT_ACCESS_A -s 192.168.1.2 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Thu Sep 21 20:48:27 2006

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: Cem Vedat ISIK: "[Linux-ag] CGI ile Uzaktan dosya indirme esnasinda timeout problemi."
In reply to: necip celepci: "Re: [Linux-ag] censornet"
Next in thread: Kivanc Oskay: "RE: [Linux-ag] censornet"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.