On Mon, 4 Feb 2002, Cristian wrote: > Am urmatoarele linii. Cum le-as putea face cu iptables? > #!/bin/sh > # > # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using >IPCHAINS > # ipchains to iptables free converter vers diz.01 decat sa tot scriu iptables, ipchains prefer o variabila ipfw=/usr/sbin/iptables
> /sbin/ipchains -F input > /sbin/ipchains -F output > /sbin/ipchains -F forward > $ipfw -F $ipfw -F -t nat (din cauza ca faci nat mai jos) > /sbin/ipchains -P input ACCEPT > /sbin/ipchains -P output ACCEPT > /sbin/ipchains -P forward DENY > $ipfw -P INPUT ACCEPT $ipfw -P FORWARD DROP $ipfw -P OUTPUT ACCEPT > /sbin/ipchains -A forward -s 192.168.1.20/32 -j MASQ #catedra > /sbin/ipchains -A forward -s 192.168.1.100/32 -j MASQ #post 101 > /sbin/ipchains -A forward -s 192.168.1.200/32 -j MASQ #post 100 > /sbin/ipchains -A forward -s 192.168.1.201/32 -j MASQ #post 101 > /sbin/ipchains -A forward -s 192.168.1.202/32 -j MASQ #post 102 > $ipfw -A POSTROUTING -t nat -s 192.168.1.20/32 -j SNAT --to-source <ip-interfata externa> si repeti linia de mai sus pentru fiecare host nu uita de echo 1 >/proc/sys/net/ipv4/ip_forward > Am folosit redhat 6.2, si acum am trecut la 7.1, dar inca nu m-am acomodat > prea bine cu iptables. Inca mai invat. As dori sa fac cu iptables ceea ce > am facut cu ipchains. Ma poate ajuta cineva? Va multumesc mult. > zi-mi daca mere :) PS: daca ai dialup ar fi preferabil -j MASQ in loc de -j SNAT dar lasa asa daca ai ip fix ---------------------------- Mihai RUSU "... and what if this is as good as it gets ?" --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
