Boštjan Jerko wrote: > On Jan 8, 2008, at 10:54 PM, Rok Potočnik wrote: >> ja... al -A al pa se raje -I, ce mas pol kak restriktivn rule k >> onemogoci da pride sploh kak paket do njega v tem chainu... lahk >> posljes >> izpisesk iptables-save (magar privat) pa da vidmo kaj se da narest. >> Drgac pa potrebujes sledece pogoje... >> - ip_forward na 1 >> - rule z DNAT-om >> - ce mas v filter tabeli v forward chainu kje kak DROP, mors se to >> omogocit >> >> naceloma bi moralo delati sledece: >> >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \ >> --to-destination 192.168.0.10 >> >> iptables -I FORWARD -p tcp --dport 1025 -j ACCEPT >> > > Ostala pravila so: > > iptables -A INPUT -j DROP -p tcp --destination-port domain > iptables -A INPUT -j DROP -p tcp --destination-port smtp > iptables -A INPUT -j DROP -p tcp --destination-port 139 > iptables -A INPUT -j DROP -p tcp --destination-port 250 > > Ampak jaz potrebujem redirect s porta 1025 na port 22. >
ja, potlej pac zamenjas port z 22, oz tist rule v PREROUTING chainu popravis iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \ --to-destination 192.168.0.10:22 iptables -I FORWARD -p tcp --dport 22 -j ACCEPT -- LP, Rok _______________________________________________ lugos-list mailing list lugos-list@lugos.si http://liste2.lugos.si/cgi-bin/mailman/listinfo/lugos-list