am si eu o intrebare: chainu de forward cand e testat??? ca daca e un ruter nu
e mai simplu sa pui pe forward o singura regula si nu 2 pe in si out???
C
Camelia Nastase wrote:
> > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE
> > $UNPRIVPORTS -d $ANYWHERE 22 -j ACCEPT
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE 22
> > -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
> > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE $SSH_PORTS
> > -d $ANYWHERE 22 -j ACCEPT
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22
> > -d $ANYWHERE $SSH_PORTS -j ACCEPT
> > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE 22 -j ACCEPT
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -d $ANYWHERE 22 -j ACCEPT
> >
> > Unde:
> > ANYWHERE="any/0"
> > PRIVPORTS="0:1023"
> > UNPRIVPORTS="1024:65535"
> > SSH_PORTS="1022:1023"
> >
> > Puteti sa-mi ziceti si mie unde-i baiu' ca mie mi se par corecte
> > regulile pt server.
> > Thx!
> >
>
> si daca incearca un om care sta in spatele unui router care face MASQ de
> pe un port != 1022 && != 1023 ce faci? btw, eu am prostul obicei de a da
> ca optiune la ssh un "-v", si am vazut ca mai baga la "Allocated local
> port" si 1018, si 1019.
>
> plus ca daca ai reguli bune pe input, nu cred ca e neaparat necesar sa mai
> pui reguli si pe output. si daca vrei sa te prinzi care-i gluma si unde se
> agata ssh'u, baga un -l in coada la toate regulile de mai sus si stai cu
> /var/log/messages in fata, ca nu-ti strica.
>
> Camelia
>
> ---
> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> unsubscribe from this list.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
