|
slavisac
Član broj: 8537
Poruke: 146
*.smin.my-its.net.
|
Interesuje me kako u linux boxu da odradim iptables i nat da prosledjuje sve sa jednog na drugi interfejs bez ikakvog ogranicavanja i bez zabrane bilo kog porta
imam skript koji koristim ali nesto mi ne funkcionise najbolje
#acivate ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
# Delete current iptable rules
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
# Apply new rules
# wlan0 na eth0
iptables -A FORWARD -i wlan0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
#obrnuto
iptables -A FORWARD -i eth0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
#dsl1
iptables -A FORWARD -i dsl1 -o ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp+ -o dsl1 -j ACCEPT
#wlan0 na ppp+
iptables -A FORWARD -i wlan0 -o ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp+ -o wlan0 -j ACCEPT
#wlan0 na wlan2
#iptables -A FORWARD -i wlan0 -o wlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A FORWARD -i wlan2 -o wlan0 -j ACCEPT
#wlan2 na eth0
iptables -A FORWARD -i wlan2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan2 -j ACCEPT
#pppoe gorward
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1534 -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ptables -t nat -A POSTROUTING -o dsl1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o wlan2 -j MASQUERADE
hocu da se sa interfejsa wlan2 vidi cela mrez na interfejsu eth0 i obrnuto takodje u segmentu mreze koji je nakacen na eth0 imam vpn server hocu i da omogucim da se sa wlan2 konektuju na njega.
|
| 10.04.2006. u 23:42 |
| |
|
vladared
Vladimir Crveni
Sistem Administrator
Novi Sad
Član broj: 50291
Poruke: 550
*.recnikonline.com.
Sajt: www.opensolutions.rs
|
a umesto ovih islnih iptables -F NEŠTO da probaš na prvo mesto da ukucaš:
iptables -F
pa onda daješ parametre šta ACCEPT, jer koliko ja kapiram ti mu prvo odobriš pa onda Flushuješ to, tako da ne znam koliko je to onda dobro...
|
| 14.04.2006. u 07:06 |
| |
Registrovani: 101 ( peca26000, Miso Kovacevic, jsmith, kimipile, NoneVi, bucke, cileanac, vojin90, Miroslav Cvejić, milovanmaric, kelja, JPF, buco22, miivasti13, zadar1, dejanptt87, kokac, dr.kis, *mile*, iccenter, VRadule, kazil, pajper1, spartanac86, koteks, enigma78, maric1, StudioIbro, Zvezdan Joksovic, NastyBoy, PassingBy, acme, Boris B., Talaris, Srecko83, zaraza, Zoran Rodic, tomiotok, DaliborP, Marko_L, filka, filka, bttp, miLOSm, Deep|Blue, raco, weeboo, dr.zmaj, hobbista, karateka, vamsi, Milan86, Kuca-buke, ninjamirko, srdjansto, pmiroslav, phoneflashing, eloiza, eldin0007, hall3, MARK123, rsinisa, todorl, Nemanja Avramović, Picsel, peca89bg, Galenika, Sirenica, mokelet, Sopocanac2, johny_fiasco, Ivan Dimkovic, mmix, slavkos, Stapaloto, djaniru, magic, Mikky, Radovan_Dz, Sapphire, smars, vesna stevic, djolep, robert63, Milan Gligorijevic, dr katz, winnermax76, bul, n1ath5je, captPicard, WoooZy, espresso, I.c.I., DusanSukovic, Ivan1x2, toci, MaliBatica, angovt, MARDALIJA, kasaad, ozzyy )
iptables jos jedno forward all