Cred ca e suficient sa iti dau un exemplu de masq cum e facut la mine
#!/bin/sh
IPT=/usr/local/sbin/iptables
DEST=XXX.YYY.ZZZ.WWW
# IN LOC DE XXX... PUI ADRESA SAU GRUP DE ADRESE PE CARE VREI
#SA IASA USERI CU MASQ POTI SA II DAI SI UN BLOC DE ADRESE PUNIND
#senbul "-" intre adresa de inceput si cea de sfirsit
GUNOI=192.168.0.105
SERVER=192.168.0.1
NET=192.168.0.0/255.255.255.0
SNET=xxx.xxx.xxx.xxx/29
#snet este un bloc de ip-uri rutabile alocat mie
BOG=192.168.0.2
echo "Flush NAT table"
$IPT -t nat -F
$IPT -t filter -F
$IPT -t mangle -F
echo "Seting MASQ for USERS"
# no external access for snmp
$IPT -A INPUT -s $BOG -d $SERVER -p udp --destination-port 161 -j
ACCEPT
$IPT -A INPUT -s ! $SNET -d $SNET -p udp --destination-port 161 -j DROP
# the garbage users for smb & nmd
$IPT -A INPUT -s $GUNOI -d $SERVER -p tcp -j DROP
$IPT -A INPUT -s $GUNOI -d $SERVER -p udp -j DROP
# NO EXTERNAL ACCESS FOR FINGER
$IPT -A INPUT -s $BOG -d $SERVER -p tcp --destination-port 79 -j
ACCEPT
$IPT -A INPUT -s ! $DAHASNET -d $DAHASNET -p tcp --destination-port
79 -j DROP
# ACCEPT MASQ FOR USERS
$IPT -t nat -A POSTROUTING -s 192.168.0.2 -d 0/0 -j SNAT --to $DEST
# am folosit adresele de ip in loc de numele chiar daca numele este
trecut in /etc/hosts
# flolosind numele asignat ip-ului sta ff mult
$IPT -t nat -A POSTROUTING -s 192.168.0.102 -d 0/0 -p
tcp --destination-port 6000:7000 -j /
SNAT --to $DEST
#atuia nu ii perimit decit pentru MIRC acces la exterior
/etc/rc.d/rc.firewall lines 1-54/54 (END)
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
