Radu, cred ca mia culpa da de unde dracu am citit eu cu ipchains ca stiu sigur ca asa am citit what so ever sorry
Wednesday, October 15, 2003, 2:05:25 AM, you wrote: R> Frate Knight, R> Ar fi bine sa stai sa te uiti cu atentie la threaduri. Sarmanul om R> intrebase pentru iptables. Asa, de chestie doar, uita-te in urma sa vezi ca R> dai putin aiurea cu raspunsurile. Chestia cu deschisul ochilor... este R> foarte adevarata. Incepe chiar din primul mail.... R> Din ratiuni de documentare... il listez mai jos... sper sa nu te superi R> pe mine, dar mi se pare ca scrie iptables. Stiu asta pentru ca am terminat R> clasa I premiant... :)) R> Sa fi cuminte, R> Radu. R> --------------------------------------------------------------------------- R> Salut, R> Am un script de firewall, facut cu iptables, pe un gateway care are R> ca politica pe chain-ul forward "DROP" si permite userilor din R> reteua locala sa se conecteze, in internet, doar la porturile 80, 25, R> 110. R> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi decat pe R> web si pe mail. R> Problema apare cand ICQ sau YM foloseste orice port pentru a se R> conecta in exterior si se leaga la o multitudine de adrese. Astfel R> din reteua locala se poate face chat in voie. R> Imi poate spune cineva cum se rezolva beleua asta ? R> -- R> Multumesc anticipat, R> Liviu mailto:[EMAIL PROTECTED] R> --- R> Detalii despre listele noastre de mail: http://www.lug.ro/ R> ------------------------------------------------------------------------ R> ----- Original Message ----- R> From: "Knight" <[EMAIL PROTECTED]> R> To: "Radu" <[EMAIL PROTECTED]> R> Sent: Tuesday, October 14, 2003 7:55 AM R> Subject: [rlug] Re: ICQ & YM and firewall >> Radu, >> >> tu ai citit macar ce am scris? >> omu care a postat threadul a cerut help pentru ipchains >> asa ca nu sari la mine >> chestie de alfabet pe dracu, chestie de urmarit un thread si de >> deschis ochii larg :)) >> >> Wednesday, October 15, 2003, 1:48:55 AM, you wrote: >> >> R> Mosule, IPTABLES. Nu ipchains. >> R> Chestie de alfabet. >> R> ----- Original Message ----- >> R> From: "Knight" <[EMAIL PROTECTED]> >> R> To: "Dekxter X." <[EMAIL PROTECTED]> >> R> Sent: Tuesday, October 14, 2003 7:01 AM >> R> Subject: [rlug] Re: ICQ & YM and firewall >> >> >> >> Dekxter, >> >> >> >> da dar omu a specificat ca vrea ipchains >> >> :((((((( >> >> cu -y cred ca era in ipchains :)) in loc de --syn >> >> >> >> Monday, October 13, 2003, 6:32:40 PM, you wrote: >> >> >> >> DX> va trebui sa modifici FORWARD cu: >> >> >> >> DX> iptables --policy FORWARD DROP >> >> >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 25 --jump R> ACCEPT >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 80 --jump R> ACCEPT >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 110 --jump R> ACCEPT >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 143 --jump R> ACCEPT >> >> DX> # aceste 4 reguli sunt pentru acces la orice adresa pentru >> >> DX> # mail prin POP3, IMAP, send shi www >> >> >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 --syn --jump DROP >> >> DX> iptables -A FORWARD -s 192.168.0.0/24 --syn --jump DROP >> >> DX> # aceste 2 reguli resping orice tentativa de initiere a unei R> conectari >> >> DX> # in reteaua locala sau de la reteaua locala spre internet >> >> >> >> DX> iptables -A FORWARD -d 192.168.0.0/24 -p tcp --jump ACCEPT >> >> DX> # acesta regula accepta orice alt tip de conexiune tcp >> >> >> >> >> >> >> >> DX> # man iptables >> >> >> >> DX> [!] --syn >> >> DX> Only match TCP packets with the SYN bit set and the ACK and R> RST >> >> DX> bits cleared. Such packets are used to request TCP connection >> >> DX> initiation; for example, blocking such packets coming in an R> interface >> >> DX> will prevent incoming TCP connections, but outgoing TCP connections >> R> will >> >> DX> be unaffected. >> >> DX> It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag >> >> DX> precedes the "--syn", the sense of the option is inverted. >> >> >> >> DX> ps: daca greshesc va rog sa ma corectatzi ... >> >> >> >> DX> Liviu wrote: >> >> >> >> >> Salut, >> >> >> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi R> decat >> R> pe >> >> >> web si pe mail. >> >> >> >> >> >> >> >> -- >> >> Best regards, >> >> Knight >> >> >> >> This message was brought to you by the numbers 0 and 1. >> >> >> >> >> >> --- >> >> Detalii despre listele noastre de mail: http://www.lug.ro/ >> >> >> >> >> >> >> R> --- >> R> Detalii despre listele noastre de mail: http://www.lug.ro/ >> >> >> >> -- >> Best regards, >> Knight >> >> This message was brought to you by the numbers 0 and 1. >> >> >> --- >> Detalii despre listele noastre de mail: http://www.lug.ro/ >> >> R> --- R> Detalii despre listele noastre de mail: http://www.lug.ro/ -- Best regards, Knight This message was brought to you by the numbers 0 and 1. --- Detalii despre listele noastre de mail: http://www.lug.ro/
