On 08/02/06, Larry Nguyen <[EMAIL PROTECTED]> wrote:
> Ba'c no'i mo+? port 0 hie^?u ba'c mo+? ba(`ng le^.nh hay ba'c du`ng GUI.
> Mo+? port tre^n firewall nghi~a la` chi? mo+? INPUT tre^n firewall. Ne^'u
> ma'y trong LAN muo^'n mo+? thi` ba'c pha?i du`ng FORWARD.
>
> Vi` 0 du`ng Vo Lam truyen ky ne^n chi? ddoa'n va^.y Ba'c xem la.i.
>
> -Larry
>
Mi`nh du`ng le^.nh, thu+.c ra la` script. DDu'ng la` mi`nh chi? mo+?
INPUT ba(`ng le^.nh:
iptables -A INPUT -p TCP -s 0/0 --destination-port 1025:65535 -j ACCEPT
iptables -A INPUT -p UDP -s 0/0 --destination-port 1025:65535 -j ACCEPT
Pha^`n FORWARD nhu+ sau, nhu+ng cu~ng kho^ng hie^.u nghie^.m:
# Accept TCP packets we want to forward from internal sources
iptables -A FORWARD -p tcp -i $LOCAL_IFACE -j OUTPUT
# Accept UDP packets we want to forward from internal sources
iptables -A FORWARD -p udp -i $LOCAL_IFACE -j OUTPUT
# If not blocked, accept any other packets from the internal interface
iptables -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
# Deal with responses from the internet
iptables -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
# Log packets that still don't match
iptables -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
N��HY隊X���'���u���[��������
ަ�k��!����W�~�鮆�zk���C� [EMAIL PROTECTED],�����a{���
��,��H��4�m�����Z���jY��w��ǥrg
