Hello all ! I am creating one script for can use iptables. I intend to separate the internal network of the Internet, installed Conectiva Linux 7.0 and brought up to date kernel for version 2.4.X. In this server I tambem I go to have squid, in the server I have two boards of network eth0 in contact with internet eth1 = 192.168.1.1/24 Mine I doubt: - How I make so that network 192.168.1.0/24 has access to one ip/port in inet? FORMER: to liberate packages of output for host.dominio.com.br gate 4044
- How I redirect packages with destination gate 80 for the 3128 of squid? - As soon all the packages that will not be allowed (somebody trying to use icq for example) This are the start of mine script: #!/bin/bash #Fire.sh #Developer Bye Anselmo - [EMAIL PROTECTED] #MAR/2002 ############################################################ # #Constantes # #Enable route echo "1" > /proc/sys/net/ipv4/ip_forward #Load modules /sbin/depmod -a /sbin/modprobe ip_conntrack /sbin/modprobe ip_tables /sbin/modprobe iptable_filter /sbin/modprobe iptable_mangle /sbin/modprobe iptable_nat /sbin/modprobe ipt_LOG /sbin/modprobe ipt_REJECT /sbin/modprobe ipt_MASQUERADE #/sbin/modprobe ip_conntrack_ftp #/sbin/modprobe ip_nat_ftp # IPTABLES="/usr/sbin/iptables" $IPTABLES -F $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F -t mangle $IPTABLES -t mangle -X $IPTABLES -X # #Ping of death $IPTABLES -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT # #Syn-flood $IPTABLES -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT # ## Deny and log scanning patterns ########################## # FIN Scan $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL FIN -j LOG --log-level crit --log-prefix " NMAP FIN SCANING: " $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL FIN -j DROP # Xmas Tree Scan $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-level crit --log-prefix " NMAP Xmas Tree SCAN:" $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL FIN,URG,PSH -j DROP # Fin/Syn Scan $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-level crit --log-prefix " NMAP FIN/SYN SCAN: " $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP # Ack Scan $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL ACK -j LOG --log-level crit --log-prefix " NMAP ACK SCANNING: " $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL ACK -j DROP # Null Scan $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL NONE -j LOG --log-level crit --log-prefix " NMAP NULL SCANNING: " $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ALL NONE -j DROP #NMAP $IPTABLES -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST -m limit --limit 1/s -j ACCEPT ############################################################ # #Pacotes danificados/suspeitos $IPTABLES -A FORWARD -m unclean -j DROP # # Set Default Policies $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP # #Allow localhost $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT _______________________________________________________________________________________________ Yahoo! Empregos O trabalho dos seus sonhos pode estar aqui. Cadastre-se hoje mesmo no Yahoo! Empregos e tenha acesso a milhares de vagas abertas! http://br.empregos.yahoo.com/
