Tema: Re: Klausimas del Squid
Autorius: Nerijus
Data: 2008-07-08 19:58:29
Ziuriu dvi nuomones cia :)
Bet ar kartais neturetu Squid'as ir siaip matyti visa trafica kai 
squid.conf padarai "http_port 3128 transparent"?

iptables -F
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.100.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $WAN_IP -m state 
--state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $WAN_IP
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 3306 -j DNAT 
--to-destination 192.168.100.250
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 5500 -j DNAT 
--to-destination 192.168.100.95:5500
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 5600 -j DNAT 
--to-destination 192.168.100.93:5500
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 5700 -j DNAT 
--to-destination 192.168.100.51:5500
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 5701 -j DNAT 
--to-destination 192.168.100.51:5500
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 30022 -j DNAT 
--to-destination 192.168.100.50:22
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 30040 -j DNAT 
--to-destination 192.168.100.250:3389
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 30041 -j DNAT 
--to-destination 192.168.100.30:30041

iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 8181 -j DNAT 
--to-destination 192.168.100.50
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 6881 -j DNAT 
--to-destination 192.168.100.50
iptables -t nat -A PREROUTING --dst $WAN_IP -p tcp --dport 4444 -j DNAT 
--to-destination 192.168.100.50

iptables -A INPUT -i eth0 -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 1701 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5600 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5901 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 5901 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 5900 -j ACCEPT

#FTP Passive mode
iptables -A INPUT -i eth0 -p tcp --dport 49152:65534 -j ACCEPT
-Klausimas del SquidNerijus2008-07-05 19:40
Re: Klausimas del Squideasy2008-07-07 22:04
Re: Klausimas del Squidbash2008-07-08 00:46
Re: Klausimas del Squideasy2008-07-08 09:28
Re: Klausimas del SquidNerijus2008-07-08 19:58
Re: Klausimas del Squidbash2008-07-08 20:27
Re: Klausimas del SquidFlycat2008-07-09 09:18
Re: Klausimas del Squidbash2008-07-09 14:09
Re: Klausimas del SquidDomas Mituzas2008-07-09 22:37
Re: Klausimas del SquidNerijus2008-07-09 20:08
Re: Klausimas del Squideasy2008-07-10 18:50
Re: Klausimas del SquidN2008-07-10 22:01
Re: Klausimas del Squidbash2008-07-05 21:40
+Apklausa: Kokia unix-like OS naudojate ar esate naudoje anksciau?bash2008-07-04 23:23
+Klausimas del squid delay poolsinsane2008-07-04 18:09
+massive nslookupsciuka ciaka2008-07-03 12:52
+"Uzuojauta Hostex"budulinekas2008-07-03 10:15
+Negroja garso sistema 5.1 UbuntuDriven2008-07-02 22:57
+Wake-On-LAN ir kompiuterio išjungimasAlgis2008-07-02 21:43
+Linux Firefox+FlashNerijus2008-07-02 18:51
+Disko klonavimas (Debian)Paulius2008-07-02 11:06
+Uzuojauta HostexNASA2008-06-30 16:41
postfix klausimasRobertas2008-06-30 14:10
OpenBSD soft. RAID1Deceased2008-06-30 12:02
+reikia kazko :) kad "pastebetu" neteisinga trafikaLevas2008-06-27 21:07
+sendmail scriptSleepy2008-06-27 17:47
+SAMBA DOMAIN LOGIN.BATMakauskas Vidas2008-06-27 08:34
DNSBL listasRobertas2008-06-26 11:33
+openoffice.org 2.x ir formules@Fogaz2008-06-25 22:41
+padekit parasyti scriptukaGintis2008-06-24 22:43
+suse.lt atsilaisvino :)Nerijus T2008-06-20 17:49
+sednerijus2008-06-20 06:15
+robokopai tie korėjiečiaiTZ2008-06-19 14:20
+SUSE 11.0Dex2008-06-19 10:51
+geriusias anti-spam solusionasKestas2008-06-18 12:50
+mod rewrite apachemz2008-06-18 11:39
+Postfix+dnsblRobertas2008-06-18 11:25
+BenchmarkWolf@W2008-06-18 10:26
+tradiciškai apie newsreaderius...lingus2008-06-17 14:15
+proftpd upload perspėjimasVytenis P.2008-06-17 11:08
+del PATHGintis2008-06-17 10:45
+klausimas del ROUTE ant freebsdsergeii2008-06-17 08:26
syslog arba CSV i cisco marsciuka ciaka2008-06-15 14:54
+debian net mcGintis2008-06-15 12:34
+Ubuntu 7.04 firewallNerijus2008-06-14 15:54
+Reikia patarimoAndrius2008-06-14 15:35
+RAID10 sparta pagal apjungto diskrx2008-06-14 00:17
+Q: network'o paisymasDex2008-06-13 16:48
+5 raid pernešimasMarius K.2008-06-13 15:37
+pridedamas skriptas i index.php failo pabaiga?Eimantas2008-06-13 10:37
+Ext3 ar ReiserFS ?klausiu2008-06-12 22:21
tinklo srauto matavimas ir statistikosniuZ2008-06-11 22:02
+dansguardianSleepy2008-06-11 19:15
+wav ar auAndrius2008-06-10 13:36
+Q: CentOS LAN tinklasssh2008-06-09 15:32
+usb flash primauntinimas4992008-06-07 17:30