Tova dostatuchno li e kato NAT? Yavor Atanasov
# Generated by iptables-save v1.2.2 on Fri Feb 8 19:06:19 2002 *nat :PREROUTING ACCEPT [5:630] :POSTROUTING ACCEPT [6:569] :OUTPUT ACCEPT [5:521] [0:0] -A POSTROUTING -s 192.168.XXX.168 -o eth1 -j MASQUERADE [0:0] -A POSTROUTING -s 192.168.XXX.125 -o eth1 -j MASQUERADE [0:0] -A POSTROUTING -s 192.168.XXX.241 -o eth1 -j MASQUERADE [0:0] -A POSTROUTING -s 192.168.XXX.243 -o eth1 -j MASQUERADE COMMIT # Completed on Fri Feb 8 19:06:19 2002 # Generated by iptables-save v1.2.2 on Fri Feb 8 19:06:19 2002 *mangle :PREROUTING ACCEPT [141:9258] :OUTPUT ACCEPT [99:16786] COMMIT # Completed on Fri Feb 8 19:06:19 2002 # Generated by iptables-save v1.2.2 on Fri Feb 8 19:06:19 2002 *filter :INPUT DROP [2:88] :FORWARD DROP [3:160] :OUTPUT DROP [8:1344] :CHECKBADFLAG - [0:0] :ICMPINBOUND - [0:0] :ICMPOUTBOUND - [0:0] :LBADFLAG - [0:0] :LDROP - [0:0] :LINVALID - [0:0] :LPINGFLOOD - [0:0] :LREJECT - [0:0] :LSPECIALPORT - [0:0] :LSYNFLOOD - [0:0] :SMB - [0:0] :SPECIALPORTS - [0:0] :TCPACCEPT - [0:0] [0:0] -A INPUT -m state --state INVALID -j LINVALID [16:913] -A INPUT -p tcp -j CHECKBADFLAG [2:238] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -d 127.0.0.0/255.0.0.0 -j LREJECT [16:913] -A INPUT -s 192.168.XXX.0/255.255.255.0 -i eth0 -j ACCEPT [0:0] -A INPUT -s 192.168.XXX.0/255.255.255.0 -j LREJECT [0:0] -A INPUT -i eth1 -p icmp -j ICMPINBOUND [0:0] -A INPUT -p udp -m udp --dport 33434:33523 -j LDROP [0:0] -A INPUT -i eth1 -j SMB [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j TCPACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 25 -j TCPACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 53 -j TCPACCEPT [0:0] -A INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j TCPACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 443 -j TCPACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 110 -j TCPACCEPT [0:0] -A INPUT -i eth1 -j SPECIALPORTS [0:0] -A INPUT -i eth1 -m state --state ESTABLISHED -j ACCEPT [0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED -j TCPACCEPT [0:0] -A INPUT -i eth1 -p udp -m udp --dport 1024:65535 -m state --state RELATED -j ACCEPT [0:0] -A INPUT -j LDROP [0:0] -A FORWARD -m state --state INVALID -j LINVALID [6:320] -A FORWARD -p tcp -j CHECKBADFLAG [3:155] -A FORWARD -o eth1 -j SMB [3:155] -A FORWARD -s 192.168.XXX.0/255.255.255.0 -i eth0 -o eth1 -p tcp -m tcp --sport 1024:65535 -j ACCEPT [0:0] -A FORWARD -s 192.168.XXX.0/255.255.255.0 -i eth0 -o eth1 -p udp -m udp --sport 1024:65535 -j ACCEPT [0:0] -A FORWARD -s 192.168.XXX.0/255.255.255.0 -i eth0 -o eth1 -p icmp -j ACCEPT [3:165] -A FORWARD -i eth1 -j SMB [3:165] -A FORWARD -i eth1 -m state --state ESTABLISHED -j ACCEPT [0:0] -A FORWARD -i eth1 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED -j TCPACCEPT [0:0] -A FORWARD -i eth1 -p udp -m udp --dport 1024:65535 -m state --state RELATED -j ACCEPT [0:0] -A FORWARD -i eth1 -p icmp -m state --state RELATED -j ACCEPT [0:0] -A FORWARD -j LDROP [2:238] -A OUTPUT -o lo -j ACCEPT [14:1620] -A OUTPUT -d 192.168.XXX.0/255.255.255.0 -o eth0 -j ACCEPT [0:0] -A OUTPUT -o eth1 -p icmp -j ICMPOUTBOUND [0:0] -A OUTPUT -o eth1 -j SMB [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 113 -j REJECT --reject-with tcp-reset [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 53 -j ACCEPT [0:0] -A OUTPUT -o eth1 -p udp -m udp --sport 53 -j ACCEPT [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT [0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT [0:0] -A OUTPUT -s 212.XXX.XXX.YYY -o eth1 -p tcp -m tcp --sport 1024:65535 -j ACCEPT [0:0] -A OUTPUT -s 212.XXX.XXX.YYY -o eth1 -p udp -m udp --sport 1024:65535 -j ACCEPT [0:0] -A OUTPUT -j LDROP [0:0] -A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LBADFLAG [0:0] -A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LBADFLAG [0:0] -A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LBADFLAG [0:0] -A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LBADFLAG [0:0] -A CHECKBADFLAG -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LBADFLAG [0:0] -A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LBADFLAG [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 8 -m limit --limit 5/sec --limit-burst 10 -j ACCEPT [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 8 -j LPINGFLOOD [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 5 -j LDROP [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 13 -j LDROP [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 14 -j LDROP [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 17 -j LDROP [0:0] -A ICMPINBOUND -p icmp -m icmp --icmp-type 18 -j LDROP [0:0] -A ICMPINBOUND -p icmp -j ACCEPT [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 5 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 11/0 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 11/1 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 12 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 13 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 14 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 17 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -m icmp --icmp-type 18 -j LDROP [0:0] -A ICMPOUTBOUND -p icmp -j ACCEPT [0:0] -A LBADFLAG -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=BADFLAG:1 a=DROP " [0:0] -A LBADFLAG -j DROP [0:0] -A LDROP -p tcp -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=TCP:1 a=DROP " [0:0] -A LDROP -p udp -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=UDP:2 a=DROP " [0:0] -A LDROP -p icmp -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=ICMP:3 a=DROP " [0:0] -A LDROP -f -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=FRAGMENT:4 a=DROP " [0:0] -A LDROP -j DROP [0:0] -A LINVALID -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=INVALID:1 a=DROP " [0:0] -A LINVALID -j DROP [0:0] -A LPINGFLOOD -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=PINGFLOOD:1 a=DROP " [0:0] -A LPINGFLOOD -j DROP [0:0] -A LREJECT -p tcp -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=TCP:1 a=REJECT " [0:0] -A LREJECT -p udp -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=UDP:2 a=REJECT " [0:0] -A LREJECT -p icmp -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=ICMP:3 a=REJECT " [0:0] -A LREJECT -f -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=FRAGMENT:4 a=REJECT " [0:0] -A LREJECT -p tcp -j REJECT --reject-with tcp-reset [0:0] -A LREJECT -p udp -j REJECT --reject-with icmp-port-unreachable [0:0] -A LREJECT -j REJECT --reject-with icmp-port-unreachable [0:0] -A LSPECIALPORT -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=SPECIALPORT:1 a=DROP " [0:0] -A LSPECIALPORT -j DROP [0:0] -A LSYNFLOOD -m limit --limit 2/sec --limit-burst 10 -j LOG --log-prefix "fp=SYNFLOOD:1 a=DROP " [0:0] -A LSYNFLOOD -j DROP [0:0] -A SMB -p tcp -m tcp --dport 137 -j DROP [0:0] -A SMB -p tcp -m tcp --dport 138 -j DROP [0:0] -A SMB -p tcp -m tcp --dport 139 -j DROP [0:0] -A SMB -p tcp -m tcp --dport 445 -j DROP [0:0] -A SMB -p udp -m udp --dport 137 -j DROP [0:0] -A SMB -p udp -m udp --dport 138 -j DROP [0:0] -A SMB -p udp -m udp --dport 139 -j DROP [0:0] -A SMB -p udp -m udp --dport 445 -j DROP [0:0] -A SMB -p tcp -m tcp --sport 137 -j DROP [0:0] -A SMB -p tcp -m tcp --sport 138 -j DROP [0:0] -A SMB -p tcp -m tcp --sport 139 -j DROP [0:0] -A SMB -p tcp -m tcp --sport 445 -j DROP [0:0] -A SMB -p udp -m udp --sport 137 -j DROP [0:0] -A SMB -p udp -m udp --sport 138 -j DROP [0:0] -A SMB -p udp -m udp --sport 139 -j DROP [0:0] -A SMB -p udp -m udp --sport 445 -j DROP [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 6670 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 1243 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p udp -m udp --dport 1243 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 27374 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p udp -m udp --dport 27374 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 6711:6713 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 12345:12346 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 20034 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p udp -m udp --dport 31337:31338 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p tcp -m tcp --dport 6000:6063 -j LSPECIALPORT [0:0] -A SPECIALPORTS -p udp -m udp --dport 28431 -j LSPECIALPORT [0:0] -A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 5/sec --limit-burst 10 -j ACCEPT [0:0] -A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LSYNFLOOD [0:0] -A TCPACCEPT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT COMMIT # Completed on Fri Feb 8 19:06:19 2002 ----- Original Message ----- From: "Boyan Krosnov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 07, 2002 10:37 PM Subject: RE: lug-bg: rp-ppoe > i moje bi malko NAT ;-) > > BR, > Boyan > > > -----Original Message----- > > From: Georgi Iliev [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, March 07, 2002 4:50 PM > > To: [EMAIL PROTECTED] > > Subject: Re: lug-bg: rp-ppoe > > > > > > Moje by si zbravil : > > echo 1 /proc/sys/net/ipv4/ip_forward > > > > > > > > > Pusnah rp-pppoe i veche moga da se vruzvam ot Lan-a kum > > nego, > > > no neshto ne moga da izlezna prez naetata linija (xDSL). > > > Yavno neshto gresha s opciite: > > > -I > > > -L > > > -R > > > za -I polzvam eth0 koeto e lan-a za vutreshnata mrezha > > > za -L polzvam IP-to na eth0 > > > za -R polzvam edno IP koeto sum pusnal prez masquerading-a > > na Linux-a > > > No ne stava > > > Javno neshto ne sum razbral > > > > > > Njkoj mozhe li da pomogne? > > > > > > Yavor Atanasov > > > > > > > > > > ============================================================== > > ============= > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) > > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. > > - Stara Zagora > > > > > =========================================================================== > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora > =========================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
