2ethernet masquerade (ethernet nat masquerade ipchains linux)
Ключевые слова: ethernet, nat, masquerade, ipchains, linux, (найти похожие документы)
- RU.LINUX (2:5077/15.22) ------------------------------------------ RU.LINUX -
From : Roman A. Stepanov 2:5020/400 24 Mar 00 18:13:26
Subj : 2ethernet masquerade
-------------------------------------------------------------------------------
From: "Roman A. Stepanov" <indepco@online.ru>
Hi, All!
Смотри как сделал я:
#!/bin/sh
# Script writed and tested by Monster (26.09.99)
LOCAL_NET2.168.11.0
LOCAL_MASK%5.255.255.0
PATH=/sbin:/usr/sbin:/usr/local/bin:$PATH
echo 1 > /proc/sys/net/ipv4/ip_forward
# Flush ALL chains
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -F inet-in
# Delete inet-in and create it anew
ipchains -X inet-in
ipchains -N inet-in
# Enable free input from loopback
ipchains -A input -i lo -j ACCEPT
# Enable free ping packets routing
ipchains -A input -p ICMP -j ACCEPT
# Accept all local packets
ipchains -A input -i eth0 -s ${LOCAL_NET}/${LOCAL_MASK} -j ACCEPT
# Accept all UDP packets
ipchains -A input -p UDP -j ACCEPT
# Route all packets from Internet to inet-in chain
ipchains -A input -i ppp0 -s ! ${LOCAL_NET}/${LOCAL_MASK} -j inet-in
#Realisation of transparent proxy (added by (P), 08.10.99)
# ipchains -A input -p TCP -i ! lo -s ${LOCAL_NET}/${LOCAL_MASK} -d !
${LOCAL_NET}/${LOCAL_MASK} www -j REDIRECT 3128
# Chain default policies
ipchains -P input DENY
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
# Adding rules to inet-in chain
ipchains -A inet-in -p TCP -d 0/0 ssh -j ACCEPT
ipchains -A inet-in -p TCP ! -y -j ACCEPT
# Setting priorities
ipchains -A output -p TCP -d 0/0 telnet -t 0x01 0x10
ipchains -A output -p TCP -d 0/0 ssh -t 0x01 0x10
ipchains -A output -p TCP -d 0/0 www -t 0x01 0x10
ipchains -A output -p TCP -d 0/0 ftp -t 0x01 0x02
# Turning on masquerading
ipchains -A forward -s ${LOCAL_NET}/${LOCAL_MASK} -d !
${LOCAL_NET}/${LOCAL_MASK} -j MASQ
Роман.
"Главное - чтобы костюмчик сидел!"
Гордон Фримен.
--- ifmail v.2.15dev4
* Origin: Golden Telecom (2:5020/400)