Hi, shorewall config rule :
In /etc/shorewall/rules append a line containing
DNAT net loc:192.168.1.2 tcp 7000 -
which routes external internet traffic (net) to the local network (loc)
to addres 192.168.1.2 for tcp traffic only, for port 7000 only.
Op vr 01-08-2003, om 11:46 schreef Murphy:
> Hey'
>
> I'd like to write a firewall howto since firewalling is a major factor in
> the supply problem. I use an old 486-100 running OpenBSD as my router so
> I can supply PF rules but of course iptables rules would be useful to a
> few more people . So I'd like to collect well commented rules for various
> firewalls - netfilter, ipf, NAT, stand-alone (no NAT), maybe a couple of
> browser configured DLink types...
>
> Obfuscate your IP numbers if necessary.
>
> For example, here are my PF rules:
>
> # This firewall is on a 486 running OpenBSD
> # That sits between my ADSL connection
> # and my LAN
>
> ## Macros
> ########
> # External interface
> if_ext = "ep0"
> # gtkg "Listen port"
> port_gnet = "9746"
> # Sometimes I run another instance for testing.
> port_gnet2 = "8436"
> # The range of ip's on my lan.
> ip_lan = "192.168.0.0/29"
> # This is the machine on my lan that runs gtkg
> ip_workstation = "192.168.0.2"
>
> # Redirect (Port Forwarding)
> ######################
> # gnutella
> rdr on $if_ext inet proto tcp from any to $if_ext port $port_gnet -> \
> $ip_workstation port $port_gnet
> rdr on $if_ext inet proto tcp from any to $if_ext port $port_gnet2 -> \
> $ip_workstation port $port_gnet2
>
> # NAT (Network Address Translation)
> #############################
> nat on $if_ext inet from $ip_lan to any -> $if_ext
>
> # Filters
> #########
> # Block by default and log blocked packets.
> block in log on $if_ext all
>
> # Silently block Shareaza's non-standard UDP G2 packets.
> block in quick on $if_ext proto udp from any to any port { $port_gnet
> $port_gnet2 }
>
> # Allow incoming gnutella connections.
> pass in on $if_ext inet proto tcp from any to $ip_workstation port {
> $port_gnet $port_gnet2 } \
> flags S/SAFR keep state
>
> # Allow all outgoing connections and keep state
> pass out on $if_ext proto tcp all modulate state
>
> # end
>
> --
> Murphy (eqom14)
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Gtk-gnutella-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
--
Jeroen Asselman <[EMAIL PROTECTED]>
signature.asc
Description: Dit berichtdeel is digitaal ondertekend
