Marian Popov wrote:
> On Wed, 27 Mar 2002, Teodor Georgiev wrote:
>
>
>>
>>iskash da ti otchita TRANZITNIA trafik.
>>
>>slozhi go na forward verigata.
>>
>>da rechem che i az imam : PC1, PC2, PC3 -----> {gateway} -->
>>(((internet)))
>>
>>iskash da otchitash INTERNET Trafika na vseko PC, a ne tozi ot PC-to do
>>gateway'a,
>>shtoto ako na gateway'a ima i mail server, togava shte im se otchita i tova
>>na PC-tata.
>>
>>togava slagash forward chain na gateway i merish vsichko:
>>
>>ot : PC1|PC2|PC3
>>kum : ! lokalnia subnet
>>
>
>
>
> Eto rule koito slojih
>
> ipchains -A forward -i eth1 -s CLIENT -d ! GATEWAY -j ACCEPT
> ipchains -A forward -i eth1 -s ! GATEWAY -d CLIENT -j ACCEPT
>
> Pri tova polojenie poluchavam samo
>
> 0
> 0
>
> I nishto poveche demek ne otchita nikakyv traffic.
CLIENT="192.168.0.15"
LOCALNET="192.168.0.1/24"
ipchains -A forward -i eth0 -s $CLIENT -d ! $LOCALNET -j ACCEPT
^^^^^^^^^^^^
ipchains -A forward -i eth0 -s ! $LOCALNET -d $CLIENT -j ACCEPT
vav forward ruleto ne se otchita trafika kam samiat server, zatova
nai-veroiatno wizhdash 0 ;)
http://support.imagestream.com/iptables_Firewall.html
Stava duma za IPTABLES no principa e sashtiat.
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
