[LUGOS] iptables in ip forward
Boštjan Jerko
mlist at japina.eu
Thu Jan 10 10:05:28 CET 2008
On Jan 8, 2008, at 10:54 PM, Rok Potočnik wrote:
>
> ja... al -A al pa se raje -I, ce mas pol kak restriktivn rule k
> onemogoci da pride sploh kak paket do njega v tem chainu... lahk
> posljes
> izpisesk iptables-save (magar privat) pa da vidmo kaj se da narest.
> Drgac pa potrebujes sledece pogoje...
> - ip_forward na 1
> - rule z DNAT-om
> - ce mas v filter tabeli v forward chainu kje kak DROP, mors se to
> omogocit
>
> naceloma bi moralo delati sledece:
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \
> --to-destination 192.168.0.10
>
> iptables -I FORWARD -p tcp --dport 1025 -j ACCEPT
>
Ostala pravila so:
iptables -A INPUT -j DROP -p tcp --destination-port domain
iptables -A INPUT -j DROP -p tcp --destination-port smtp
iptables -A INPUT -j DROP -p tcp --destination-port 139
iptables -A INPUT -j DROP -p tcp --destination-port 250
Ampak jaz potrebujem redirect s porta 1025 na port 22.
LP,
Boštjan
More information about the lugos-list
mailing list