From: "Albert R. Valiev" <admin@linux.m-radio.ru> To: mandrake-russian@linuxteam.iplabs.ru Cc: root@linux.m-radio.ru Subject: [mdk-re] Mandrake 7.2 routing question Date: Sun Jan 21 16:35:01 2001 Message-ID: <200101211635.QAA03668@linux.m-radio.ru> (raw) [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain, Size: 6607 bytes --] ñ ÕÖÅ ÐÉÓÁÌ ÓÅÇÏÄÎÑ ÐÉÓØÍÏ, ÎÏ ÐÏÈÏÖÅ, ÞÔÏ ÏÎÏ ÎÅ ÐÒÏÛÌÏ... × ÏÂÝÅÍ ÔÁËÁÑ ÓÉÔÕÁÃÉÑ: ÍÁÛÉÎÁ (LNX MNDRK 7.2 -kernel 2.2.17) , ÎÁ ÎÅÊ ÔÒÉ ÉÎÔÅÒÆÅÊÓÁ (ppp0, eth0, eth1). ppp0 - ËÁÎÁÌ × ÉÎÅÔ. eth1 - ÏÆÉÓÎÁÑ ÓÅÔËÁ, eth0 - ÓÅÔØ Ó ÓÅÒ×ÅÒÁÍÉ. ÓÁÍÁ ÍÁÛÉÎÁ, ËÁË ÕÖÅ ×ÓÅ ÐÏÎÑÌÉ, ÍÁÒÛÒÕÔÉÚÁÔÏÒ. ÐÒÏÂÌÅÍÕ Ó ÒÁÕÔÉÎÇÏÍ Ñ ÒÅÛÉÌ, ÏÓÔÁÌÁÓØ ÏÄÎÁ ÐÒÏÂÌÅÍÁ - Á ÉÍÅÎÎÏ: ÓÅÒ×ÅÒÁ ×Ï ×ÔÏÒÏÊ ÓÅÔËÅ ÎÅ ÉÍÅÀÔ ÒÅÁÌØÎÙÈ ÁÄÒÅÓÏ×, ÔÏÌØËÏ fake (10.10.10.xxx). ÍÁÒÛÒÕÔÉÚÁÔÏÒ ÖÅ ÉÍÅÅÔ ÎÅÓËÏÌØËÏ ÒÅÁÌØÎÙÈ ÁÄÒÅÓÏ× É ÐÏ ÉÄÅÅ ÄÏÌÖÅÎ ÐÅÒÅÂÒÁÓÙ×ÁÔØ ÐÒÉÈÏÄÑÝÉÅ ÎÁ ÏÐÒÅÄÅÌÅÎÎÙÊ ÁÄÒÅÓ:ÐÏÒÔ ÐÁËÅÔÙ × ÓÅÔËÕ ÒÁÍÉ. × ÐÒÉÎÃÉÐÅ ÏÓÎÏ×ÎÏ ÓÅÒ×ÅÒ ÉÍÅÅÔ ÎÅËÏÌØËÏ ÒÅÁÌØÎÙÈ ÁÄÒÅÓÏ×, ÎÏ ÜÔÏ É ÎÅ×ÁÖÎÏ - ÍÎÅ ÂÙ ÏÓÔÁÌÏÓØ ÎÁÓÔÒÏÉÔØ ÔÏÌØËÏ ÒÅÄÉÒÅËÔ... ×ÏÔ ÍÏÊ rc.firewall, ÐÏÓÍÏÔÒÉÔÅ, ÅÓÌÉ ÞÔÏ-ÔÏ, ÐÏ ×ÁÛÅÍÕ, ËÒÉ×Ï, ÐÏÓÏ×ÅÔÕÊÔÅ, ÞÔÏ ÔÕÔ ÍÏÖÎÏ ÓÄÅÌÁÔØ. ÄÁ, ÑÄÒÏ ÓËÏÍÐÉÌÉÒÏ×ÁÎÏ Ó ÐÏÄÄÅÒÖËÏÊ IP-masq, ip-portfw, ip-firewalling, etc. (ÓÏ ×ÓÅÍÉ ÏÐÃÉÑÍÉ, ÞÔÏ ÂÙÌÉ × ip-msquared^[[D^[[ howto . ÐÏÔÏÍÕ ËÁË Ñ ÓÄÅÌÁÌ ×ÓÅ ×ÒÏÄÅ ÂÙ ÔÁË, ËÁË ÎÕÖÎÏ, ÔÏÞÎÅÅ ÔÁË, ËÁË ÂÙÌÏ ÏÐÉÓÁÎÏ × howto, ÎÏ ÎÉÞÅÇÏ ÎÅ ×ÙÛÌÏ... ÌÁÄÎÏ ÐÒÏËÓÉ ÔÒÁÎÓÐÁÒÅÎÔÎÙÊ ÚÁÒÁÂÏÔÁÌ :))). /etc/rc.d/rc.firewall script: ---------------------------Cut HERE------------------------------------------ # Mandrake-Security : if you remove this comment, remove the next line too. echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/ip_masq_debug echo 1 > /proc/sys/net/ipv4/ip_forward ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L 213.165.222.1 25 -R 10.10.10.11 25 -p 1 ipmasqadm portfw -a -P tcp -L 213.165.222.3 25 -R 10.10.10.12 25 -p 1 ipmasqadm portfw -a -P tcp -L 213.165.222.1 110 -R 10.10.10.11 110 -p 1 ipmasqadm portfw -a -P tcp -L 213.165.222.3 110 -R 10.10.10.12 110 -p 1 ipmasqadm portfw -a -P tcp -L 213.165.222.1 143 -R 10.10.10.11 143 -p 1 ipmasqadm portfw -a -P tcp -L 213.165.222.3 143 -R 10.10.10.12 143 -p 1 ipmasqadm portfw -a -P tcp -L 10.1.2.1 25 -R 10.10.10.11 25 -p 1 ipmasqadm portfw -a -P tcp -L 10.1.2.1 110 -R 10.10.10.11 110 -p 1 ipmasqadm portfw -a -P tcp -L 10.1.2.1 143 -R 10.10.10.11 143 -p 1 ipmasqadm portfw -a -P tcp -L 10.10.10.10 25 -R 10.10.10.11 25 -p 1 ipmasqadm portfw -a -P tcp -L 10.10.10.10 110 -R 10.10.10.11 110 -p 1 ipmasqadm portfw -a -P tcp -L 10.10.10.10 143 -R 10.10.10.11 143 -p 1 ipmasqadm portfw -a -P tcp -L 213.165.222.1 21 -R 10.10.10.11 21 -p 1 ipmasqadm portfw -a -P tcp -L 195.239.134.209 80 -R 10.10.10.11 80 -p 1 ipmasqadm portfw -a -P tcp -L 195.239.134.210 80 -R 10.10.10.12 80 -p 1 ipchains -M -S 7200 10 60 ipchains -F input ipchains -F output ipchains -F forward ipchains -A input -i eth0 -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i eth0 -s 10.10.10.0/24 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i eth0 -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i eth1 -s 10.1.2.0/24 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i ppp0 -s 0.0.0.0/0 -j ACCEPT ipchains -A input -i ppp1 -s 0.0.0.0/0 -j ACCEPT ipchains -A input -i ppp0 -s 10.10.10.0/24 -j REJECT ipchains -A input -i ppp0 -s 10.1.2.0/24 -j REJECT ipchains -A input -i ppp1 -s 10.10.10.0/24 -j REJECT ipchains -A input -i ppp1 -s 10.1.2.0/24 -j REJECT ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128 #ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 21 -j REDIRECT 3128 ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128 #ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 21 -j REDIRECT 3128 ipchains -A output -i eth1 -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A output -i eth1 -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A output -i eth1 -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A output -i eth1 -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A output -i eth1 -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A output -i eth1 -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A output -i eth1 -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A output -i eth1 -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A output -s 0.0.0.0/0 -j ACCEPT ipchains -A forward -s 10.10.10.0/24 -d 10.1.2.0/24 -j ACCEPT ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 10.1.2.0/24 -j ACCEPT ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 10.1.2.0/24 -j ACCEPT ipchains -A forward -s 10.1.2.0/24 -d 213.165.222.0/255.255.255.224 -j ACCEPT ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT ipchains -A forward -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT ipchains -A forward -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A forward -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A forward -s 0.0.0.0/0 -d 195.239.134.0/28 -j ACCEPT ipchains -A forward -s 0.0.0.0/0 -d 213.165.222.0/27 -j ACCEPT ipchains -A forward -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A forward -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A forward -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A forward -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT ipchains -A forward -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A forward -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT ipchains -A forward -s 10.10.10.0/24 -d 0.0.0.0/0 -j MASQ ipchains -A forward -s 10.1.2.0/24 -d 0.0.0.0/0 -j MASQ ---------------------------Cut HERE------------------------------------------ ÄÁ, ÐÏ ÈÏÄÕ ÄÅÌÁ, ÔÁË ÓËÁÚÁÔØ, ÅÝÅ ×ÏÐÒÏÓÉË - transparent proxy - ÏÎ ÔÏÌØËÏ ÄÌÑ http, É ×ÓÅ? Á ×ÏÚÍÏÖÎÏ ÌÉ ftp ÔÁËÖÅ ÐÕÓÔÉÔØ? ó ÎÁÉÌÕÞÛÉÍÉ ÐÏÖÅÌÁÎÉÑÍÉ, áÌØÂÅÒÔ ÷ÁÌÉÅ×
reply other threads:[~2001-01-21 16:35 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=200101211635.QAA03668@linux.m-radio.ru \ --to=admin@linux.m-radio.ru \ --cc=mandrake-russian@linuxteam.iplabs.ru \ --cc=root@linux.m-radio.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git