Salut, am o mare problema si va cer ajutorul vostru.
Am 2 calculatoare unul server (apache,ftp,hlds) si unul calc normal pe windows .. iar intre ele este switch.
Eu vreau sa dau net de la server la calculator .. la server avand mandriva 2006 ... am dat din KDE share la internet..s-a configurat firewall-ul automat.
Am pus la amandoua placile de retea de la server ip-urile cum trebuie si la calculator la fel . Dupa ce am dat share la internet..s-a configurat firewall-ul si cei dupa internet numai aveau ping de la server asta fiind de la firewall iar la calculator merg toate site-urile intern si extern fara proxy , messengerul doar cu proxy .. port 3128. Alte programe care le trebuie access la extern si nu au optiunea cu proxy nu imi merg. Intr-un joc ex: counter strike imi merg toate serverele cu peering iar cateodata unele dintre ele nu le vad pentru o vreme... Eu am peering cu Allnet Evolva Roedu Fibernet.. restu nu le pot vedea. Ca sa poata avea ping cei dupa net de la server am scos firewall atunci numai are calculatorul ping de la gateway-ul serverului dar merg site-urile , messengerul doar cu portu 3128 si nici un server de counter.
Un prieten mi-a configurat cu putty prin ssh .. firewall-ul si a dat net ... acum cei dupa net avand ping si calculator-ul al fel de la gateway-ul serverului .. dar merg doar site-urile cu peering , serverele de cs cu peering ... iar proxy numai mere.
Fw:
#!/bin/sh
IPTABLES=/sbin/iptables
EXTIF="eth0"
EXTIP="85.204.169.20"
SMTP="25"
POP3="110"
INTIF="eth1"
INTIP="192.168.0.1"
VIRUSI="135,137,138,139,445,6667,6661,8167,12001"
DC="411,412,888,1411,1412,4111,4112,6969,8600"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "32752" > /proc/sys/net/ipv4/ip_conntrack_max
#echo "1" >/proc/sys/net/ipv4/ip_default_ttl
echo ""
echo "clearing any existing rules and setting default policy.."
echo ""
#$IPTABLES -P INPUT ACCEPT
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
#$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
#DNS Server traffic
iptables -A INPUT -p tcp --destination-port 53 -j ACCEPT
iptables -A INPUT -p udp --source-port 53 -j ACCEPT
# Drop la pachetele invalide
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
# Accepta packetele ICMP prin firewall la rata de 1 la 2 secunde
#iptables -A INPUT -p icmp -m limit --limit 30/m -j ACCEPT
#iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT # echo reply
#iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT # dest unreachable
#iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT # echo req
iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT # traceroute
iptables -A INPUT -p icmp --icmp-type 30 -j ACCEPT # traceroute
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
###
### Block VIRUSI
###
iptables -A INPUT -s 0/0 -d $EXTIP -p tcp -m multiport
--destination-ports $VIRUSI -j DROP
iptables -A FORWARD -s 192.168.0.1/24 -d $INTIP -p tcp -m multiport
--source-ports $VIRUSI -j DROP
iptables -A INPUT -s 0/0 -d $EXTIP -p tcp -m multiport --sports $VIRUSI
-j DROP
iptables -A FORWARD -s 192.168.0.1/24 -d $INTIP -p tcp -m multiport
--dports $VIRUSI -j DROP
#Other Commands virusses
#iptables -I PREROUTING -t mangle -p tcp -m multiport
--destination-ports $VIRUSI -j DROP
#iptables -I PREROUTING -t mangle -p udp -m multiport
--destination-ports $VIRUSI -j DROP
#iptables -I PREROUTING -t mangle -p tcp -m multiport --source-ports
$VIRUSI -j DROP
#iptables -I PREROUTING -t mangle -p udp -m multiport --source-ports
$VIRUSI -j DROP
#WEBSERVER accept INPUT pe eth0
iptables -A INPUT -i eth0 -p tcp -m multiport --dport 80,3128,8000,8080
-j ACCEPT
###Accept server CS HLDS
iptables -A INPUT -i eth0 -p tcp -m multiport --sport 27015,28015 -j
ACCEPT
iptables -A INPUT -i eth0 -p udp -m multiport --sport 27015,28015 -j
ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dport 27015,28015 -j
ACCEPT
iptables -A INPUT -i eth0 -p udp -m multiport --dport 27015,28015 -j
ACCEPT
echo " Block/Accept Viruses/Webserver/Counter-Strike Server"
echo ""
#echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
modprobe ip_nat_ftp
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.0.0/24 -j
MASQUERADE
#EXTERN:::::::::::: SSH
iptables -A INPUT -s 86.55.231.128/26 -d $EXTIP -p tcp --dport 22 -j
ACCEPT
iptables -A INPUT -s 86.55.202.224/27 -d $EXTIP -p tcp --dport 22 -j
ACCEPT
iptables -A INPUT -s 192.168.0.1/24 -d $EXTIP -p tcp --dport 22 -j
ACCEPT
##FTP
iptables -A INPUT -s 0/0 -d $EXTIP -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -s 0/0 -d $EXTIP -p tcp --dport 21 -j ACCEPT
#ICMP
iptables -A INPUT -s 0/0 -p icmp -j ACCEPT
#iptables -A INPUT -s 0/0 -d $EXTIP -p icmp -j DROP
echo " Accept/Block some protocols/ports"
echo ""
care stiti va rog sa ma ajutati ..
De ce ai nevoie de proxy? Nu dai internetul direct din iptables? Ca daca il dai direct din iptables, vezi aici.
[url=http://toxic-chat.sourceforge.net/]ToXic Chat[/url]. Come on people, let's talk sick! | [url=http://sourceforge.net/export/rss2_projnews.php?group_id=129863]Stiri RSS[/url]
[url=http://www.caramida-verde.as.ro/]Cărămida Verde[/url]: intelige