+ Responder ao Tópico



  1. 28-04-2003, 11:39 #1
    chroot
    Visitante

    Padrão Ipchains + Iptables

    Alguem poderia me dizer como passo estas regras para iptables ?



    EXTIF=eth1
    ANY=0.0.0.0/0

    /sbin/modprobe ipchains

    ipchains -P input ACCEPT
    ipchains -P output ACCEPT
    ipchains -P forward DENY

    ipchains -F forward
    ipchains -F input
    ipchains -F output

    ipchains -A input -i $EXTIF -d $ANY 22 -p tcp -j ACCEPT
    ipchains -A input -i $EXTIF -d $ANY 113 -p tcp -j ACCEPT
    ipchains -A input -i $EXTIF -d $ANY 500 -p tcp -j ACCEPT
    ipchains -A input -i $EXTIF -d $ANY 500 -p udp -l -j ACCEPT
    ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
    ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
    ipchains -A forward -s 10.1.0.0/16 -d 10.0.0.0/8 -j ACCEPT
    ipchains -A forward -s 10.0.0.0/8 -d 10.1.0.0/16 -j ACCEPT
    ipchains -A forward -j MASQ
    echo 1 > /proc/sys/net/ipv4/ip_forward
    Citação Citação
  2. 28-04-2003, 15:30 #2
    Danilo_Montagna
    Visitante

    Padrão Ipchains + Iptables

    =================em ipchains===============
    EXTIF=eth1
    ANY=0.0.0.0/0
    =================em iptables===============
    EXTIF="eth1"
    ANY="0.0.0.0/0"
    IPTABLES="/sbin/iptables"
    =======================================

    =================em ipchains==============
    /sbin/modprobe ipchains

    ipchains -P input ACCEPT
    ipchains -P output ACCEPT
    ipchains -P forward DENY

    ipchains -F forward
    ipchains -F input
    ipchains -F output
    ==================em iptables==============
    /sbin/modprobe iptable_nat
    /sbin/modprobe ip_conntrack_ftp
    /sbin/modprobe ip_nat_ftp

    $IPTABLES -F
    $IPTABLES -F -t nat
    $IPTABLES -X
    $IPTABLES -X -t nat
    $IPTABLES -Z
    $IPTABLES -Z -t nat

    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -P FORWARD DROP
    $IPTABLES -P OUTPUT ACCEPT
    ====================================

    =================em ipchains===============
    ipchains -A input -i $EXTIF -d $ANY 22 -p tcp -j ACCEPT
    ipchains -A input -i $EXTIF -d $ANY 113 -p tcp -j ACCEPT
    ipchains -A input -i $EXTIF -d $ANY 500 -p tcp -j ACCEPT
    ipchains -A input -i $EXTIF -d $ANY 500 -p udp -l -j ACCEPT
    ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
    ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
    ipchains -A forward -s 10.1.0.0/16 -d 10.0.0.0/8 -j ACCEPT
    ipchains -A forward -s 10.0.0.0/8 -d 10.1.0.0/16 -j ACCEPT
    ipchains -A forward -j MASQ
    ====================em iptables===============
    $IPTABLES -A INPUT -p tcp -i $EXTIF -d $ANY --dport 0:1023 -j DROP
    $IPTABLES -A INPUT -p udp -i $EXTIF -d $ANY --dport 0:1023 -j DROP

    $IPTABLES -A FORWARD -s 10.1.0.0/16 -d 10.0.0.0/8 -j ACCEPT

    $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/8 -o $EXTIF -j MASQUERADE

    =============em ipchains e iptables===========
    echo 1 > /proc/sys/net/ipv4/ip_forward
    ======================================

    obs.: como sua politica padrao do FORWARD esta setada como DROP no caso do uso com iptables... para cada porta que estacoes precisarem sair para a internet sera necessario abrir por porta ou protocolo..

    [ Esta mensagem foi editada por: Danilo_Montagna em 28-04-2003 15:33 ]
    Citação Citação
  3. 28-04-2003, 16:21 #3
    chroot
    Visitante

    Padrão Ipchains + Iptables

    Muito obrigado pela ajuda Danilo

    um forte abraço
    Citação Citação



« Tópico Anterior | Próximo Tópico »