[LUGOS] iptables in ip forward
Rok Potočnik
r at rula.net
Thu Jan 10 13:03:39 CET 2008
Boštjan Jerko wrote:
> On Jan 8, 2008, at 10:54 PM, Rok Potočnik wrote:
>> ja... al -A al pa se raje -I, ce mas pol kak restriktivn rule k
>> onemogoci da pride sploh kak paket do njega v tem chainu... lahk
>> posljes
>> izpisesk iptables-save (magar privat) pa da vidmo kaj se da narest.
>> Drgac pa potrebujes sledece pogoje...
>> - ip_forward na 1
>> - rule z DNAT-om
>> - ce mas v filter tabeli v forward chainu kje kak DROP, mors se to
>> omogocit
>>
>> naceloma bi moralo delati sledece:
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \
>> --to-destination 192.168.0.10
>>
>> iptables -I FORWARD -p tcp --dport 1025 -j ACCEPT
>>
>
> Ostala pravila so:
>
> iptables -A INPUT -j DROP -p tcp --destination-port domain
> iptables -A INPUT -j DROP -p tcp --destination-port smtp
> iptables -A INPUT -j DROP -p tcp --destination-port 139
> iptables -A INPUT -j DROP -p tcp --destination-port 250
>
> Ampak jaz potrebujem redirect s porta 1025 na port 22.
>
ja, potlej pac zamenjas port z 22, oz tist rule v PREROUTING chainu popravis
iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \
--to-destination 192.168.0.10:22
iptables -I FORWARD -p tcp --dport 22 -j ACCEPT
--
LP, Rok
More information about the lugos-list
mailing list