nu trebuia scris si -i eth1 sau ceva de genu' asta? On Mon, 14 Jun 2004 14:16:29 +0300, lonely wolf <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote: > >> Am urmatorul script prin care dau acces la internet doar anumitor statii >> din reteaua locala. >> #!/bin/bash >> >> iptables -F >> iptables -t nat -F >> >> #Inchid unele porturi pentru a proteja windowsul de unii virusi >> iptables -I FORWARD -p tcp --dport 137:139 -j DROP >> iptables -I FORWARD -p udp --dport 137:139 -j DROP >> iptables -I FORWARD -p tcp --dport 415 -j DROP >> >> #SNAT >> >> iptables -t nat -I POSTROUTING -s 172.27.37.2 -d 172.27.37.1 -j SNAT >> --to 82.77.126.77 >> iptables -t nat -I POSTROUTING -s 172.27.37.3 -d 172.27.37.1 -j SNAT >> --to 82.77.126.77 >> iptables -t nat -I POSTROUTING -s 172.27.37.4 -d 172.27.37.1 -j SNAT >> --to 82.77.126.77 >> iptables -t nat -I POSTROUTING -s 172.27.37.5 -d 172.27.37.1 -j SNAT >> --to 82.77.126.77 >> >> Doresc ca tot traficul sa fie realizat prin squid. Am configurat >> squid-ul, >> am introdus in script urm linie: >> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port >> 8080 >> > regula asta nu se executa daca adaugi (-A) dupa regulile de SNAT. > foloseste tot -I > -- Using Opera's revolutionary e-mail client: http://www.opera.com/m2/ --- Detalii despre listele noastre de mail: http://www.lug.ro/
