- Ipchains + Iptables
+ Responder ao Tópico
-
Ipchains + Iptables
Alguem poderia me dizer como passo estas regras para iptables ?
EXTIF=eth1
ANY=0.0.0.0/0
/sbin/modprobe ipchains
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -F forward
ipchains -F input
ipchains -F output
ipchains -A input -i $EXTIF -d $ANY 22 -p tcp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY 113 -p tcp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY 500 -p tcp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY 500 -p udp -l -j ACCEPT
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
ipchains -A forward -s 10.1.0.0/16 -d 10.0.0.0/8 -j ACCEPT
ipchains -A forward -s 10.0.0.0/8 -d 10.1.0.0/16 -j ACCEPT
ipchains -A forward -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
-
Danilo_Montagna
Visitante
Ipchains + Iptables
=================em ipchains===============
EXTIF=eth1
ANY=0.0.0.0/0
=================em iptables===============
EXTIF="eth1"
ANY="0.0.0.0/0"
IPTABLES="/sbin/iptables"
=======================================
=================em ipchains==============
/sbin/modprobe ipchains
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -F forward
ipchains -F input
ipchains -F output
==================em iptables==============
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -X -t nat
$IPTABLES -Z
$IPTABLES -Z -t nat
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
====================================
=================em ipchains===============
ipchains -A input -i $EXTIF -d $ANY 22 -p tcp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY 113 -p tcp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY 500 -p tcp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY 500 -p udp -l -j ACCEPT
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
ipchains -A forward -s 10.1.0.0/16 -d 10.0.0.0/8 -j ACCEPT
ipchains -A forward -s 10.0.0.0/8 -d 10.1.0.0/16 -j ACCEPT
ipchains -A forward -j MASQ
====================em iptables===============
$IPTABLES -A INPUT -p tcp -i $EXTIF -d $ANY --dport 0:1023 -j DROP
$IPTABLES -A INPUT -p udp -i $EXTIF -d $ANY --dport 0:1023 -j DROP
$IPTABLES -A FORWARD -s 10.1.0.0/16 -d 10.0.0.0/8 -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/8 -o $EXTIF -j MASQUERADE
=============em ipchains e iptables===========
echo 1 > /proc/sys/net/ipv4/ip_forward
======================================
obs.: como sua politica padrao do FORWARD esta setada como DROP no caso do uso com iptables... para cada porta que estacoes precisarem sair para a internet sera necessario abrir por porta ou protocolo..
[ Esta mensagem foi editada por: Danilo_Montagna em 28-04-2003 15:33 ]
-
Ipchains + Iptables
Muito obrigado pela ajuda Danilo
um forte abraço