From: Tufan BIYIKTAS (tufan.biyiktas@gmail.com)
Date: Wed 04 May 2005 - 01:36:15 EEST
ekteki scriptti /usr/local/bin e kopyala
./router olarak calitirdin mi internete cikarsin
sistem her acildiginda calismasi icin /etc/rc.local dosyasina
/usr/local/bin/router & yazmak gerekiyor.
İbrahim Ulutepe wrote:
> Selamlar ben bir bilgisayar öğretmeniyim. Bilgisayar labaratuvarındaki
> routerdan ağda verim alamadığım ve öğrencileri kısıtlayamadığım için
> bilgisayarlardan bir tanesinesine fedora core 2 kurdum ve iki
> ethernet kartı taktım. aşağıdaki gibi bir yapı oluşturdum
>
> eth0 -> 192.168.1.145 (routerdan gelen internet için bağlantı
> kablosunun girdiği kart)
> eth1 -> 192.168.1.146 (huba giden ve bağlantıyı bu server olarak
> kullanacağım ethernet kartı )
>
> Benim yapamadığım şey şu ben eth0 daki pakletleri eth1 e yönlendirmek
> ve bağlantıyı hub a dağıtmak istiyorum. bunun için iptables ile ilgili
> dokümanları karıştırdım. bütün sunucularımı sağlıklı bir biçimde
> kurdum ve çalışıyorlar. fakat bir türlü paketleri aktaramadım.
>
> Aranızdan bir yardım sever bana bu konuda ayrıntılı bir açıklama
> yapabilirse sevinirim günlerdir uğraşıyorum. ama yapamadım. teşekkür
> ederim.
> _______________________________________________
> Linux-sunucu mailing list
> Linux-sunucu@liste.linux.org.tr
> http://liste.linux.org.tr/mailman/listinfo/linux-sunucu
>
#!/bin/bash
####################################################################
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
####################################################################
EXTIF="eth0"
INTIF="eth1"
echo "External Interface: $EXTIF"
echo "Internal Interface: $INTIF"
####################################################################
echo -en "Loading modules: "
echo "- Verifying that all kernel modules are ok"
$DEPMOD -a
echo -en "ip_tables, "
$MODPROBE ip_tables
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp
echo -e " Done.\n"
########################################################################
# CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
########################################################################
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
#########################################################################
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
# echo " Enabling DynamicAddr.."
# echo "1" > /proc/sys/net/ipv4/ip_dynaddr
##########################################################################
##########################################################################
# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet but not
# allow non-initiated traffic into your internal network.
#
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#
###########################################################################
###########################################################################
# Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
############################################################################
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 80 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 110 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 25 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 443 -j ACCEPT
$IPTABLES -A FORWARD -j LOG
###########################################################################
#echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
############################################################################
_______________________________________________
Linux-sunucu mailing list
Linux-sunucu@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-sunucu