Re: Q: forwardinimo vieta [mirkt @ 2014-05-26 10:37:39]

Tema: Re: Q: forwardinimo vieta
Autorius: mirkt
Data: 2014-05-26 10:37:39
na taip, „Fedora“ 10 jau penkti metai End of Life...

2014.05.26 08:55, Didzkis rašė:
> o ką linux serveriukas dar veikia gyvenime be interneto šarinimo ?
>
>
>
>
>
> On 2014.05.25 12:03, mirkt wrote:
>> O gal nori pamėginti:
>> http://www.fwbuilder.org/
>> ?
>>
>> 2014.05.23 17:07, news.omnitel.net rašė:
>>> Situacija tokia, kad jau virs 4 metu naudojuos kolegos
>>> suinstalintu linux (fedora10) serveriu. Kolega isvyko, o as su
>>> p.googlo pagalba gyvenu toliau... Na zodziu moku nelabai  daug,
>>> nors pagal issilavinima esu tinklistas ...varis,swicai,windowsu
>>> administravimas domeno aplinkoj. Visa ta rasau, kad daug
>>> nespardytumet. O prasyciau patarimo. Lan'e atsirado IP kamera,
>>> kuria reikia matyti is isores. Nors paciame google yra gatavu
>>> eiluciu forwardinimui (iptables), taciau man visai neaisku i
>>> kuria konkreciai vieta reikia irasyti. Nes kiek zinau
>>> grandineles vieta svarbi.
>>> Imetu cia mano linukso firewala (isorinis adresas 1.2.3.4 -
>>> pakeistas)
>>> ***
>>> #!/bin/bash
>>> #SETTINGS
>>> IPT=`whereis iptables | awk '{ print $2 }'`
>>> IFC=`whereis ifconfig | awk '{ print $2 }'`
>>> KILL=`whereis killall | awk '{ print $2 }'`
>>> UPNP=`whereis upnpd | awk '{ print $2 }'`
>>> ROUT=`whereis route | awk '{ print $2 }'`
>>> $KILL -9 upnpd
>>> INTIF=eth0
>>> EXTIF=eth1
>>> INTIP=192.168.1.1
>>> EXTIP=1.2.3.4
>>> EXTGW=1.2.3.1
>>> LNET=192.168.1.0/24
>>>
>>> EXTMAC=00:33:33:EE:B7:37
>>>
>>> #RESTART EXTERNAL NET CARD WITH SELECTED MAC AND IP ADDRESS...
>>> #$IFC $EXTIF down hw ether $EXTMAC
>>> #$IFC $EXTIF $EXTIP netmask 255.255.255.0 hw ether $EXTMAC up
>>>
>>> #SET GATEWAY
>>> #$ROUT del default
>>> #$ROUT add default gw $EXTGW
>>>
>>> #RESET
>>> $IPT -F
>>> $IPT -F -t nat
>>> $IPT -F -t mangle
>>>
>>> # dropinu adresus nes secure loge matosi kaip jie bando lauztis
>>> 2012-08-05
>>> $IPT -A INPUT -s 78.131.152.184 -j  REJECT ; $IPT -A OUTPUT -d
>>> 78.131.152.184 -j REJECT
>>> $IPT -A INPUT -s 60.28.27.14 -j     REJECT ; $IPT -A OUTPUT -d
>>> 60.28.27.14 -j    REJECT
>>> $IPT -A INPUT -s 173.167.131.117 -j REJECT ; $IPT -A OUTPUT -d
>>> 173.167.131.117 -j REJECT
>>>
>>> #FIREWALL
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 20:21 -j ACCEPT #FTP
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 22 -j ACCEPT #SSH
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 25 -j ACCEPT #SMTP
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 53 -j ACCEPT #DNS
>>> $IPT -A INPUT -i $EXTIF -p udp --dport 53 -j ACCEPT #DNS
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 80 -j ACCEPT #WWW
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 110 -j ACCEPT #POP3
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 113 -j ACCEPT #IDENT
>>> $IPT -A INPUT           -p tcp --dport 123 -j ACCEPT #NTP tcp
>>> $IPT -A INPUT           -p udp --dport 123 -j ACCEPT #NTP udp
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 143 -j ACCEPT #IMAP
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 443 -j ACCEPT #HTTPS
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 993 -j ACCEPT #IMAPS
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 995 -j ACCEPT #POP3S
>>> $IPT -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROP #DROP ALL
>>> OTHER
>>> $IPT -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP #DROP ALL
>>> OTHER
>>> #$IPT -A INPUT -i $EXTIF -p raw --dport 0:1023 -j DROP #DROP ALL
>>> OTHER
>>>
>>>
>>> #MASQUERADE (ALLOW INTERNET FOR LOCAL NETWORK COMPUTERS)
>>> $IPT -t nat -A POSTROUTING -s $LNET -o $EXTIF -j MASQUERADE
>>> $IPT -t nat -A POSTROUTING -s $WNET -o $EXTIF -j MASQUERADE
>>> echo "Firewall settings loaded sucessfuly"
>>>
>>> #MODULES
>>> modprobe ip_nat_ftp
>>> modprobe ip_nat_irc
>>> modprobe ip_conntrack_ftp
>>> modprobe ip_conntrack_irc
>>> echo "Modules loaded sucessfuly"
>>>
>>> #UPNPD
>>> $UPNP $EXTIF $INTIF
>>>
>>> ***
>>>
>>> Is anksto dekingas uz pastebejimus ir pasiulymus
>>>
>>