Re: Ayda internet

[Jonathan Chaves Avalos]

Lo que te recomiendo es que pongas nat y proxy tranparente, de esta manera
 redirigis todo el trafico que va al puerto 80 o 8080 al 3128 (que es el
default de squid)
Estos son ejemplos de scripts que te van a ayudar, que los tenia pro ahi,
y de hecho no se  donde los habia agarrado , pero de aqui puedes  sacar
ideas para formar tu propio script.



# Configuration for Masquerade(NAT) and Firewall

#!/bin/bash
# /usr/local/sbin/setiptables.bash

# Acceptable ports
APORTS="20 21 22 25 53 80 110 143 8080"
EX_ETH=eth0                     #       External Interface
IN_ETH=eth1                     #       Local Interface

# Clear all iptables
/etc/init.d/iptables stop

# iptables --flush
# iptables --delete-chain

# Masquerade
iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE

# Configure iptables.
# INPUT Chain
for AP in $APORTS
do
    iptables -A INPUT -i $EX_ETH -p tcp --dport $AP -j ACCEPT
    iptables -A INPUT -i $EX_ETH -p udp --dport $AP -j ACCEPT
done

# Any other packets must be dropped.
iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j DROP


# FORWARD Chain
iptables -A FORWARD -i $EX_ETH -m state --state NEW,INVALID -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward



Segundo script.




# Configuration for Masquerade(NAT), Firewall and Transparent Proxy

#!/bin/bash
# /usr/local/sbin/setiptables.bash

# Acceptable ports
APORTS="20 21 22 25 53 80 110 143 8080"
# Reject ports Kazaa(1214), Gnnutella (6346 6347)
RPORTS="1214 6346 6347"

EX_ETH=eth0                     #       External Interface
IN_ETH=eth1                     #       Local Interface
LOCAL_IP=192.168.0.2            #       Local Host IP
LOCAL_NET=192.168.0.0/24        #       Local Network
EXTERNAL_NET=202.144.158.192/28 #       External Network
PROXY_IP=192.168.0.2            #       Proxy Server IP (Transparent Proxy)
PROXY_PORT=8080                 #       Proxy Server Port No

# Clear all iptables
/etc/init.d/iptables stop

iptables --flush
iptables --delete-chain

# Masquerade
iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE

# Transparent Proxy
iptables -t nat -A PREROUTING -i $IN_ETH \
       -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT

# Transparent Proxy (to a Remote Box)
# iptables -t nat -A PREROUTING -i $IN_ETH -s ! $LOCAL_IP -p tcp \
#       --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
# iptables -t nat -A POSTROUTING -o eth0 -s $LOCAL_NET -d $PROXY_IP \
#       -j SNAT --to $LOCAL_IP
# iptables -A FORWARD -s $LOCAL_NET -d $PROXY_IP -i $IN_ETH -o $EX_ETH \
#       -p tcp --dport $PROXY_PORT -j ACCEPT

# Accept
for AP in $APORTS
do
    iptables -A INPUT -i $EX_ETH -p tcp --dport $AP -j ACCEPT
    iptables -A INPUT -i $EX_ETH -p udp --dport $AP -j ACCEPT
done

# Reject
for RP in $RPORTS
do
    iptables -A INPUT -p tcp --dport $RP -j REJECT
    iptables -A INPUT -p udp --dport $RP -j REJECT
done

# Any other packets must be dropped.
iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j DROP

# FORWARD Chain
iptables -A FORWARD -i $EX_ETH -m state --state NEW,INVALID -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward





 Y si utilizas squid ( http://www.squid-cache.org/ ) debes cambiar en 
/etc/squid/squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on





Tuanis



-- 
Desuscripci�n: escriba a [EMAIL PROTECTED], tema 'unsubscribe'
Problemas a: [EMAIL PROTECTED]  http://www.linux.or.cr/listas