[mdk-re] Mandrake 7.2 routing question

ALT Linux Community general discussions
 help / color / mirror / Atom feed

* [mdk-re] Mandrake  7.2  routing  question
@ 2001-01-21 16:35 Albert R. Valiev
  0 siblings, 0 replies; only message in thread
From: Albert R. Valiev @ 2001-01-21 16:35 UTC (permalink / raw)
  To: mandrake-russian; +Cc: root

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 6607 bytes --]

ñ  ÕÖÅ  ÐÉÓÁÌ  ÓÅÇÏÄÎÑ  ÐÉÓØÍÏ,  ÎÏ  ÐÏÈÏÖÅ,  ÞÔÏ  ÏÎÏ  ÎÅ  ÐÒÏÛÌÏ...  
×  ÏÂÝÅÍ  ÔÁËÁÑ  ÓÉÔÕÁÃÉÑ:  ÍÁÛÉÎÁ  (LNX  MNDRK  7.2  -kernel  2.2.17) ,
ÎÁ  ÎÅÊ  ÔÒÉ  ÉÎÔÅÒÆÅÊÓÁ  (ppp0,  eth0,  eth1).
ppp0  -  ËÁÎÁÌ  ×  ÉÎÅÔ.  eth1  - ÏÆÉÓÎÁÑ  ÓÅÔËÁ,  eth0  -  ÓÅÔØ  Ó  ÓÅÒ×ÅÒÁÍÉ.
ÓÁÍÁ  ÍÁÛÉÎÁ,  ËÁË  ÕÖÅ  ×ÓÅ  ÐÏÎÑÌÉ,  ÍÁÒÛÒÕÔÉÚÁÔÏÒ.
ÐÒÏÂÌÅÍÕ  Ó  ÒÁÕÔÉÎÇÏÍ  Ñ  ÒÅÛÉÌ,  ÏÓÔÁÌÁÓØ ÏÄÎÁ  ÐÒÏÂÌÅÍÁ  -  Á  ÉÍÅÎÎÏ:
ÓÅÒ×ÅÒÁ  ×Ï  ×ÔÏÒÏÊ  ÓÅÔËÅ ÎÅ  ÉÍÅÀÔ ÒÅÁÌØÎÙÈ  ÁÄÒÅÓÏ×, ÔÏÌØËÏ  fake  (10.10.10.xxx). ÍÁÒÛÒÕÔÉÚÁÔÏÒ  ÖÅ  ÉÍÅÅÔ ÎÅÓËÏÌØËÏ  ÒÅÁÌØÎÙÈ  ÁÄÒÅÓÏ×  É  ÐÏ  ÉÄÅÅ  ÄÏÌÖÅÎ  ÐÅÒÅÂÒÁÓÙ×ÁÔØ  ÐÒÉÈÏÄÑÝÉÅ  ÎÁ  ÏÐÒÅÄÅÌÅÎÎÙÊ  ÁÄÒÅÓ:ÐÏÒÔ  ÐÁËÅÔÙ  × ÓÅÔËÕ  ÒÁÍÉ.  ×  ÐÒÉÎÃÉÐÅ  ÏÓÎÏ×ÎÏ  ÓÅÒ×ÅÒ  ÉÍÅÅÔ  ÎÅËÏÌØËÏ  ÒÅÁÌØÎÙÈ  ÁÄÒÅÓÏ×,  ÎÏ  ÜÔÏ É  ÎÅ×ÁÖÎÏ  -  ÍÎÅ  ÂÙ  ÏÓÔÁÌÏÓØ  ÎÁÓÔÒÏÉÔØ  ÔÏÌØËÏ  ÒÅÄÉÒÅËÔ...  ×ÏÔ  ÍÏÊ  rc.firewall,  ÐÏÓÍÏÔÒÉÔÅ,  ÅÓÌÉ  ÞÔÏ-ÔÏ,  ÐÏ  ×ÁÛÅÍÕ,  ËÒÉ×Ï,  ÐÏÓÏ×ÅÔÕÊÔÅ,  ÞÔÏ  ÔÕÔ  ÍÏÖÎÏ  ÓÄÅÌÁÔØ.  ÄÁ,  ÑÄÒÏ  ÓËÏÍÐÉÌÉÒÏ×ÁÎÏ  Ó  ÐÏÄÄÅÒÖËÏÊ  IP-masq,  ip-portfw,  ip-firewalling,  etc.  (ÓÏ  ×ÓÅÍÉ  ÏÐÃÉÑÍÉ,  ÞÔÏ  ÂÙÌÉ  ×  ip-msquared^[[D^[[  howto .  ÐÏÔÏÍÕ  ËÁË  Ñ  ÓÄÅÌÁÌ  ×ÓÅ  ×ÒÏÄÅ  ÂÙ  ÔÁË,  ËÁË  ÎÕÖÎÏ, ÔÏÞÎÅÅ  ÔÁË,  ËÁË  ÂÙÌÏ  ÏÐÉÓÁÎÏ  ×  howto,  ÎÏ  ÎÉÞÅÇÏ  ÎÅ  ×ÙÛÌÏ...  ÌÁÄÎÏ  ÐÒÏËÓÉ  ÔÒÁÎÓÐÁÒÅÎÔÎÙÊ  ÚÁÒÁÂÏÔÁÌ  :))).

/etc/rc.d/rc.firewall  script:
---------------------------Cut  HERE------------------------------------------
# Mandrake-Security : if you remove this comment, remove the next line too.
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_masq_debug
echo 1 > /proc/sys/net/ipv4/ip_forward
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 213.165.222.1 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 25 -R 10.10.10.12 25 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 110 -R 10.10.10.12 110 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.3 143 -R 10.10.10.12 143 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 10.1.2.1 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 25 -R 10.10.10.11 25 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 110 -R 10.10.10.11 110 -p 1
ipmasqadm portfw -a -P tcp -L 10.10.10.10 143 -R 10.10.10.11 143 -p 1
ipmasqadm portfw -a -P tcp -L 213.165.222.1 21 -R 10.10.10.11 21 -p 1
ipmasqadm portfw -a -P tcp -L 195.239.134.209 80 -R 10.10.10.11 80 -p 1
ipmasqadm portfw -a -P tcp -L 195.239.134.210 80 -R 10.10.10.12 80 -p 1

ipchains -M -S  7200 10 60

ipchains -F input
ipchains -F output
ipchains -F forward

ipchains -A input -i eth0 -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth0 -s 10.10.10.0/24 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth0 -s 213.165.222.0/255.255.255.224 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i eth1 -s 10.1.2.0/24 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp0 -s 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp1 -s 0.0.0.0/0 -j ACCEPT
ipchains -A input -i ppp0 -s 10.10.10.0/24 -j REJECT
ipchains -A input -i ppp0 -s 10.1.2.0/24 -j REJECT
ipchains -A input -i ppp1 -s 10.10.10.0/24 -j REJECT
ipchains -A input -i ppp1 -s 10.1.2.0/24 -j REJECT
ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
#ipchains -A input -i eth0 -p tcp -d 0.0.0.0/0 21 -j REDIRECT 3128
ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
#ipchains -A input -i eth1 -p tcp -d 0.0.0.0/0 21 -j REDIRECT 3128


ipchains -A output -i eth1 -s 213.165.222.3/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -s 213.165.222.1/255.255.255.255 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A output -i eth1 -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -i eth1 -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A output -s 0.0.0.0/0 -j ACCEPT

ipchains -A forward -s 10.10.10.0/24 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 213.165.222.0/255.255.255.224  -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 10.1.2.0/24 -j ACCEPT
ipchains -A forward -s 10.1.2.0/24 -d 213.165.222.0/255.255.255.224 -j ACCEPT
ipchains -A forward -s 195.239.134.0/255.255.255.240 -d 0.0.0.0/0 -j ACCEPT
ipchains -A forward -s 213.165.222.0/255.255.255.224  -d 0.0.0.0/0 -j ACCEPT

ipchains -A forward -s 213.165.222.3/255.255.255.255 -d  10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 213.165.222.1/255.255.255.255 -d  10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 0.0.0.0/0 -d 195.239.134.0/28 -j ACCEPT
ipchains -A forward -s 0.0.0.0/0 -d 213.165.222.0/27 -j ACCEPT
ipchains -A forward -p tcp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p udp -s 213.165.222.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 25 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.11/255.255.255.255 110 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -p tcp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -p udp -s 10.10.10.5/255.255.255.255 53 -d 10.1.2.0/255.255.255.0 -j ACCEPT
ipchains -A forward -s 10.10.10.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT
ipchains -A forward -s 213.165.222.5/255.255.255.255 -d 10.1.2.21/255.255.255.255 -j ACCEPT

ipchains -A forward -s 10.10.10.0/24 -d 0.0.0.0/0 -j MASQ
ipchains -A forward -s 10.1.2.0/24 -d 0.0.0.0/0 -j MASQ
---------------------------Cut  HERE------------------------------------------
ÄÁ,  ÐÏ  ÈÏÄÕ  ÄÅÌÁ,  ÔÁË  ÓËÁÚÁÔØ,  ÅÝÅ  ×ÏÐÒÏÓÉË  -  transparent proxy  -  ÏÎ  ÔÏÌØËÏ  ÄÌÑ  http,  É  ×ÓÅ?  Á  ×ÏÚÍÏÖÎÏ  ÌÉ  ftp  ÔÁËÖÅ  ÐÕÓÔÉÔØ?

ó  ÎÁÉÌÕÞÛÉÍÉ  ÐÏÖÅÌÁÎÉÑÍÉ,  áÌØÂÅÒÔ  ÷ÁÌÉÅ×



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2001-01-21 16:35 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-01-21 16:35 [mdk-re] Mandrake 7.2 routing question Albert R. Valiev

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git