* [mdk-re] Routing between two networks and Internet
@ 2001-01-21 14:36 Albert R. Valiev
0 siblings, 0 replies; only message in thread
From: Albert R. Valiev @ 2001-01-21 14:36 UTC (permalink / raw)
To: mandrake-russian
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 7142 bytes --]
÷ÓÅÍ ÐÒÉ×ÅÔ.
÷ ÏÂÝÅÍ ÓÕÔØ ÐÒÏÂÌÅÍÙ:
ÅÓÔØ ÔÒÉ ÉÎÔÅÒÆÅÊÓÁ : eth0, eth, ppp0.
ÎÁ ÉÎÔÅÒÆÅÊÓÅ eth0 ÎÅÓËÏÌØËÏ ÁÄÒÅÓÏ×: 10.10.10.1, 213.165.222.1, 213.165.222.2, 213.165.222.3, 195.239.134.209, 195.239.134.210.
eth1: 10.1.2.1
ppp0: 195.239.134.202
gateway to intenet: 195.23.134.201
netmasks of addresses: 213.165.222.xxx/255.255.255.224
195.239.134.xxx/255.255.255.2240
ÏÊ, Ô.Å. ÚÄÅÓØ ÎÅ 2240 Á 240 ((ÐÉÛÕ ÐÒÏÓÔÙÍ mail-ÏÍ, ÐÒÉÞÅÍ × ÐÅÒ×ÙÊ ÒÁÚ :))).
10.10.10.xxx/255.255.255.0
10.1.2.xxx/255.255.255.0
× ÓÅÔËÅ 10.1.2.0 ÎÁÈÏÄÑÔÓÑ ÏÆÉÓÎÙÅ ËÏÍÐÕÔÅÒÙ.
× ÓÅÔËÅ 10.10.10.0 ×ÉÓÑÔ Ä×Á ÄÉÁÌÁÐ ÓÅÒ×ÅÒÁ É ÇÌÁ×ÎÙÊ ÓÅÒ×ÅÒ (ÍÏÑ ÍÁÛÉÎÁ - ÍÁÒÛÒÕÔÉÚÁÔÏÒ). ÎÁ ÄÉÁÌÁÐ ÍÁÛÉÎÁÈ ÁÄÒÅÓÁ ÔÉÐÁ 10.10.10.xxx, ÎÏ ËÌÉÅÎÔÁÍ ×ÙÄÁÅÔÓÑ ÁÄÒÅÓ ÔÉÐÁ 213.165.222.xxx
ÎÁ ÇÌÁ×ÎÏÍ ÓÅÒ×ÅÒÅ ÏÄÎÁ ÓÅÔÅ×ÁÑ ËÁÒÔÁ É ÎÁ ÎÅÊ ÁÄÒÅÓÁ ÉÚ ×ÓÅÈ ÓÅÔÏË, ËÒÏÍÅ ÏÆÆÉÓÎÏÊ (Ô.Å. 213.165.222.ÈÈÈ, 10.10.10.10.ÈÈÈ, 195.239.135.ÈÈÈ).
ÎÁ ÍÁÒÛÔÒÕÔÉÚÁÔÏÒÅ ÐÏ ÉÄÅÅ ÄÏÌÖÅÎ ÓÔÏÑÔØ ÍÁÐÐÉÎÇ Ó ÏÐÒÅÄÅÌÅÎÎÙÈ ÁÄÒÅÓÏ×.ÐÏÒÔÏ× ÎÁ ÇÌÁ×ÎÙÊ ÓÅÒ×ÅÒ. ÎÏ ÐÏÓÌÅ ÍÏÅÊ ÐÅÒ×ÏÊ ÐÏÐÙÔËÉ ×ÓÅ ÜÔÏ ÎÁÓÔÒÏÉÔØ ÄÅÌÏ × ÔÏÍ, ÞÔÏ ÒÁÎØÛÅ × ËÁÞÅÓ×Å ÍÁÒÛÒÕÔÉÚÁÔÏÒÁ ÓÔÏÑÌÁ ×ÉÎÄÁ, ÎÏ ÔÅÐÅÒØ ÅÅ ×ÏÏÂÝÅ ÎÅÔ...) ÐÏÌÕÞÉÌÏÓØ ÔÁË, ÞÔÏ ÉÚ ÏÆÆÉÓÎÏÊ ÓÅÔËÉ ×ÓÅ ÈÏÄÑÔ ÎÏÒÍÁÌØÎÏ, ËÌÉÅÎÔÙ ÔÏÖÅ (ÏÎÉ ÉÄÕÔ ÞÅÒÅÚ ÐÒÏËÓÉ ÎÁ ÍÁÒÛÒÕÔÉÚÁÔÏÒÅ), ÎÏ ÄÏ ÇÌÁ×ÎÏÇÏ ÓÅÒ×ÅÒÁ ×ÏÏÂÝÅ ÎÅ ÄÏÂÒÁÔØÓÑ - Ó ÎÅÇÏ ×ÓÅ ÍÁÛÉÎÙ × ÓÅÇÕÀÔÓÑ ÔÏÞÎÅÅ ÐÏÞÔÉ ×ÓÅ - ÁÄÒÅÓÁ 195.239.134.xxx ÎÅ ÉÄÕÔ...).
Á ÎÁÄÏ, ÞÔÏÂÙ ×ÓÅ ÜÔÏ ÂÙÓÔÒÏ ÚÁÒÁÂÏÔÁÌÏ... ÐÏÍÏÇÉÔÅ ÍÎÅ ÐÏÖÁÌÕÊÓÔÁ :-)))
ËÉÄÁÀ Ñ ÓÀÄÁ ÔÏ, ÞÔÏ Ñ ÐÏÐÙÔÁÌÓÑ ÓÏÔ×ÏÒÉÔØ ÎÁ ÏÓÎÏ×Å ÐÒÏÞÉÔÁÎÎÏÇÏ IP-MSQUERADING-HOWTO, NET3-4-HOWTO, IPchains-HOWTO... ÓËÁÖÉÔÅ, ÇÄÅ ÔÕÔ ËÒÉ×Ï×ÁÔÏÓÔÉ?
# Mandrake-Security : if you remove this comment, remove the next line too.
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_masq_debug
echo 1 > /proc/sys/net/ipv4/ip_forward
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 213.165.222.1 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 25 -R 10.10.10.12 25 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 110 -R 10.10.10.12 110 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 143 -R 10.10.10.12 143 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 21 -R 10.10.10.11 21 -p 1
ipmasqadm portfw -a -P tcp -L 195.239.134.209 80 -R 10.10.10.11 80 -p 1
ipmasqadm portfw -a -P tcp -L 195.239.134.210 80 -R 10.10.10.12 80 -p 1
ipchains -M -S 7200 10 60
ipchains -F input
ipchains -F output
ipchains -F forward
ipchains -A input -i eth0 -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth0 -s 10.10.10.0/24 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth0 -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth1 -s 10.1.2.0/24 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp0 -s 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp1 -s 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp0 -s 10.10.10.0/24 -j REJECT
ipchains -A input -i ppp0 -s 10.1.2.0/24 -j REJECT
ipchains -A input -i ppp1 -s 10.10.10.0/24 -j REJECT
ipchains -A input -i ppp1 -s 10.1.2.0/24 -j REJECT
ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
ipchains -A output -i eth1 -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -s 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 10.10.10.0/24 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 10.1.2.0/24 -d 213.165.222.0/255.255.255.224 -j ACCEPT
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
#ip rule add from 213.165.222.0/255.255.255.224 to 213.165.222.31/255.255.255.224 table main pref 100
#ip rule add from 10.10.10.0/24 to 0/0 table 101 pref 104
#ip rule add from 10.1.2.0/24 to 0/0 table 102 pref 104
#ip rule add from 213.165.222.0/255.255.255.224 table 103 pref 104
#ip rule add from 195.239.134.0/255.255.255.240 table 104 pref 104
#ip route add table 101 via 195.239.134.201
#ip route add table 102 via 195.239.134.201
#ip route add table 103 via 195.239.134.201
#ip route add table 104 via 195.239.134.201
ipchains -A forward -s 10.10.10.0/24 -d 0.0.0.0/0 -j MASQ
ipchains -A forward -s 10.1.2.0/24 -d 0.0.0.0/0 -j MASQ
ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j MASQ
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j MASQ
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-01-21 14:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-01-21 14:36 [mdk-re] Routing between two networks and Internet Albert R. Valiev
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git